We are Patroon Legal Design B.V., trading as Mino. We respect your privacy and private life, but sometimes we need your Personal Data. We consider Personal Data to be any information relating to an identified or identifiable person, in conformity with the General Data Protection Regulation (the GDPR).
This policy explains which Personal Data we use and why (the Privacy Policy). Furthermore, you will read how we process, store and protect your Personal Data. Finally, we outline what rights you have when we process your Personal Data.
This Privacy Policy applies to our website https://mino.law (the Website), our AI-powered legal tools including Thea and other specialist agents (the Agents), and any other services or products we provide (collectively, the Services). We process your Personal Data in accordance with the GDPR and all other relevant legislation and regulations in the field of protection of Personal Data, including the Dutch Telecommunications Act (Telecommunicatiewet) regarding the use of cookies (the Relevant Legislation).
1. Processing of Personal Data
In order to provide you with our Website and Services, we process your Personal Data.
How do we receive your Personal Data?
We receive Personal Data directly from you when you:
- Create an account
- Subscribe to our Services
- Upload documents to our Agents
- Contact us or subscribe to our newsletter
- Use our Website or Services
Who is the controller of your Personal Data?
We are the controller of your Personal Data within the meaning of the Relevant Legislation. At the end of this Policy, you can find our contact details and the contact details of our Data Protection Officer.
What Personal Data do we process, for which purposes, and on which legal basis?
We need some of your Personal Data in order for you to use our Website and Services.
We are allowed to process your Personal Data because we comply with the Relevant Legislation. We lawfully process your Personal Data because we:
- Have legal bases for processing your Personal Data
- Inform you about the processing
- Only process data for specific purposes, and no more than is necessary for that
We shall only use your Personal Data for the following purposes or for compatible purposes. By doing so, we will not use your Personal Data in an unexpected manner.
2. Data Processing Overview
| Category | Data | Purposes | Legal Basis |
|---|---|---|---|
| Account Data | Name, email address, password (encrypted), company name | To create and manage your account; to authenticate you; to provide our Services | Necessity to perform the contract |
| Contact Data | Name, email address, phone number, company name, address | To contact you; to correspond with you; to provide customer support | Necessity to perform the contract; legitimate interest |
| Payment Data | Billing address, payment method details, transaction history | To process payments; to send invoices; to comply with tax obligations | Necessity to perform the contract; legal obligation |
| Content Data | Documents you upload, timelines generated, data extracted by Agents, chat history with Agents | To provide our Services; to enable our Agents to analyze your documents and generate outputs | Necessity to perform the contract |
| Usage Data | Log data, device information, IP address, browser type, pages visited | To improve our Services; to ensure security; to analyze usage patterns | Legitimate interest |
| Communication Data | Email address, communication preferences | To send our newsletter; to inform you about updates to our Services | Consent (newsletter); necessity to perform the contract (service updates) |
3. AI Processing
Our Agents (including Thea and other specialist agents) use artificial intelligence to analyze your documents and generate outputs such as timelines, visualizations, and insights.
How AI processing works
When you upload documents to our Agents:
- Your documents are processed in Microsoft Azure's EU data centers (Amsterdam/Dublin)
- We use OpenAI models (GPT-4, text embeddings) deployed through Azure OpenAI Service — this is enterprise infrastructure, separate from consumer ChatGPT
- Extracted data (dates, parties, events, relationships) is stored in our database with row-level security
Your data is never used for AI training
Important: Your documents, generated outputs, and any data processed by our Agents are never used to train AI models. This is contractually guaranteed by our Azure OpenAI Service deployment. Your data remains yours.
Data isolation
Each user's data is isolated through row-level security. This means every database operation verifies that you are authorized to access that specific data. Other users cannot access your documents or outputs.
4. Are you obliged to share your Personal Data with us?
In some cases, the processing of your Personal Data is necessary. Without your Personal Data, we cannot provide our Services to you. For example:
- We need your email address to create your account
- We need your payment information to process your subscription
- Our Agents need your documents to generate timelines and other outputs
5. How do we secure your Personal Data?
We make every effort to protect your Personal Data from loss, destruction, use, alteration or dissemination by unauthorized persons. We ensure that those who have nothing to do with your Personal Data cannot access it.
We do this through the following measures:
- Encryption in transit: TLS 1.3 encryption for all data transmitted between your device and our servers
- Encryption at rest: AES-256 encryption for all stored data, including documents and database records
- Row-level security: Every database query requires authentication and authorization checks
- Secure authentication: Session-based authentication with optional two-factor authentication
- EU data residency: All data is processed and stored within the European Economic Area
- Access controls: Our team can only access your data with your explicit permission for support purposes
- Regular security reviews: We continuously monitor and improve our security measures
For more details, see our Security page.
6. How long do we store your Personal Data?
We shall not store your Personal Data longer than the period in which we need them for the aforementioned purposes.
| Category | Retention Period |
|---|---|
| Account Data | For the duration of your account, plus 30 days after account deletion to allow recovery |
| Content Data | For the duration of your account, plus 30 days after account deletion; deleted permanently thereafter |
| Payment Data | 7 years after the transaction, to comply with Dutch tax obligations |
| Usage Data | 26 months from collection |
| Communication Data | Until you unsubscribe or request deletion |
After account deletion, we permanently delete your documents, generated outputs, and all associated content data. We retain only what is legally required (payment records) or necessary for security purposes (anonymized logs).
7. With whom do we share your Personal Data?
Processors
We may share your Personal Data with data "processors" within the meaning of the Relevant Legislation. We conclude a data processing agreement with these parties, which entails that they shall process your Personal Data carefully and that they shall only receive the Personal Data they need to provide their service. These parties shall only use your Personal Data in accordance with our instructions and not for their own purposes.
We share your Personal Data with the following processors:
| Processor | Purpose | Location |
|---|---|---|
| Microsoft Azure | AI processing (Azure OpenAI Service), file storage (Blob Storage), application hosting | EU (Amsterdam/Dublin) |
| Supabase | Database hosting, user authentication | EU |
| Mollie | Payment processing | Netherlands |
| Resend | Transactional emails, newsletter delivery | EU/US (with appropriate safeguards) |
| Vercel | Website hosting, serverless functions | EU (Frankfurt) |
| Railway | Application hosting for Agents | EU (Netherlands) |
Legal obligations
If we have a legal obligation to share your Personal Data, we will do so. This is the case, for example, if a public authority legally requires us to share your Personal Data.
8. Cookies
A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.
We use cookies to:
- Improve the user experience on our Website
- Ensure that the Website works properly
- Enable secure authentication
- Track and solve errors on our Website
You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Website. However, please note that without cookies, our Website may not function as well as it should, and you may not be able to log in to your account.
9. Other provisions
Transfer
We process your Personal Data only within the European Economic Area (EEA).
Where we use processors located outside the EEA (such as certain services from Resend), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
We shall never transfer your Personal Data to other countries or to other parties than those mentioned above without your permission.
Websites of third parties
Our Website may contain links to other websites. We are not responsible for the content or the privacy protection on these websites. Therefore, we advise you to always read the privacy policy of those websites.
10. Your rights
You have the following rights under the GDPR:
| Right | Description |
|---|---|
| Right of access | You can request access to your Personal Data and receive a copy |
| Right to rectification | You can request us to correct inaccurate Personal Data |
| Right to erasure | You can request us to delete your Personal Data |
| Right to restriction | You can request us to limit the processing of your Personal Data |
| Right to data portability | You can request a copy of your Personal Data in a structured, commonly used format; we can provide this copy to third parties at your request |
| Right to object | You can object to the processing of your Personal Data based on legitimate interests |
| Right to withdraw consent | You can withdraw your consent at any time; from the moment of withdrawal, we will stop processing based on that consent |
| Right to file a complaint | You can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we process your data unlawfully |
To exercise any of these rights, contact us using the details below.
11. Modifications to the Privacy Policy
We may modify this Privacy Policy. If we substantially modify the Privacy Policy, we shall place a notification on our Website together with the new Privacy Policy. We shall notify registered users by email in case of a substantial modification.
12. Contact
In the event that you wish to exercise your rights, or in the event of other questions or remarks regarding our Privacy Policy, you can contact us via the following details.
Patroon Legal Design B.V. (trading as Mino)
Nicolaas Witsenkade 38
1017 ZT Amsterdam
The Netherlands
KvK: 70686122
Email: privacy@mino.law
General inquiries: hello@mino.law
Data Protection Officer:
Sjors Dobbelaar
Email: sjors@mino.law