Know Minder Privacy Policy

Last Updated: June 30, 2025

This document is a translation of the original French Privacy Policy. In case of any discrepancy, the original French version shall prevail.

Preamble

Welcome to Know Minder. Your trust is our priority, and that begins with protecting your privacy. This privacy policy aims to explain clearly and transparently what information we collect, why we collect it, and how we use and protect it.

We are committed to collecting only the data strictly necessary to provide you with an exceptional service and to never sell your personal information.

---

1. Who are we? (Data Controller)

The company that publishes the Know Minder services and is responsible for processing your data is:

• Company: FRITSCH LOIC (sole proprietorship)
• Address: 29 RUE DE GUEBWILLER, 68500 MERXHEIM, France
• SIRET: 90299703000017
• Privacy Contact Email: contact@knowminder.com

No Data Protection Officer (DPO) has been appointed. For any questions regarding this policy or your data, our team remains your primary contact at the email address above.

2. What personal data do we collect and why?

We collect different types of data to operate and improve our services.

a. Data you provide directly to us

• Identification Data: When you create an account, we collect your first name, last name, email address, and an encrypted password. If you sign up via Google, we retrieve your name and email address from your Google account.

  • Purpose: To create and secure your account, communicate with you, and identify you.
  • Legal Basis: Performance of a contract.

• User Content: This is the core of Know Minder. We process all content you actively decide to save. This includes:

  • Content from LinkedIn or X (Twitter) posts captured via our extension.
  • Full web pages.
  • Personal notes you write.
  • Files you upload (PDF, docx, etc.).
  • Emails you forward to us.
  • Purpose: To provide you with the Know Minder service, which means storing, analyzing, and allowing you to converse with your knowledge.
  • Legal Basis: Performance of a contract.

b. Data we collect automatically

• Technical and Usage Data: When you use our site or extension, we collect information such as your IP address, browser type, and anonymized usage data (which features are most used, etc.).
  • Purpose: To ensure the security of our systems, resolve technical issues, and understand how to improve our service.
  • Legal Basis: Legitimate interest.

c. Payment Data

• When you subscribe to a paid plan, your payment data is processed directly by our provider, Stripe. We never store your credit card details on our servers. We only keep a reference of the transaction and the information necessary for billing.
  • Purpose: To manage your subscription and issue invoices.
  • Legal Basis: Performance of a contract and legal obligation.

3. How we use your data (Detailed Purposes)

• To provide the service (Performance of a contract): Your content is processed to help you get the most out of it. This process includes:

  1. Secure storage of your content.
  2. AI processing to analyze visual and textual content, generate summaries, keywords (tags), and transform the content into "embeddings" (a numerical representation).
  3. RAG Chatbot: These embeddings allow us to power an intelligent chatbot that answers your questions based solely on the information you have saved.

  Note on Profiling and Automated Decision-Making: The AI processing of your content is an essential and automated part of the contractual service. It does not lead to any decision that produces legal effects or similarly significantly affects you. In accordance with Article 22 of the GDPR, you retain full control over your content and may object to this processing, which is equivalent to a request to close your account as the service cannot function without this processing.

• To ensure security and improvement (Legitimate interest): We analyze technical data to detect suspicious activities, prevent abuse, and optimize the performance of our infrastructure.

• For billing (Legal obligation): We use your account and payment information to generate legally compliant invoices.
• To communicate with you (Consent and Contract): We send you essential transactional emails for the service (payment confirmation, etc.). We may also send you product news, from which you can unsubscribe at any time.

4. Who do we share your data with? (Recipients and Sub-processors)

We do not sell any of your data. We use trusted sub-processors, rigorously selected for their level of security and compliance.

Provider	Role	Country
Contabo GmbH	Infrastructure Hosting	Germany (EU)
Cloudflare, Inc.	File Storage and Security	USA
Stripe, Inc.	Payment Processing	USA
PostHog, Inc.	Product Usage Analytics	EU
Google LLC	Sign-in Service (optional)	USA
OpenAI, Google, Anthropic, Mistral AI, Voyage AI, Cohere	AI Services (via OpenRouter or directly via their API)	USA / France

5. Is your data transferred outside the European Union?

Yes. Some of our sub-processors (especially for AI services, analytics, and payment) are based in the United States. We ensure that these transfers are governed by strong legal safeguards compliant with GDPR, such as the European Commission's Standard Contractual Clauses (SCCs) and/or adherence to the Data Privacy Framework (DPF).

6. How long do we keep your data?

• Account Data and User Content: We keep them as long as your subscription is active. Upon termination, your data is retained for 30 days before being permanently deleted from our systems.
• Billing Data: Invoices and transaction data are kept for 10 years, in accordance with our legal obligations.

7. How do we protect your data?

The security of your data is an absolute priority. We implement robust technical and organizational measures:

• Encryption: Your data is encrypted in transit (with TLS/SSL) and at rest on our servers (with AES-256).
• Limited Access: Only a very restricted number of our team members can access the systems, and never user content, except in cases of technical support explicitly requested by you.
• Data Breach Procedure: In the event of a personal data breach, we commit to notifying the CNIL (the French Data Protection Authority) within 72 hours of becoming aware of it. If this breach poses a high risk to your rights and freedoms, we will inform you as soon as possible.

8. What are your rights and how to exercise them?

In accordance with the GDPR, you have several rights over your data:

• Right of access: The right to know if we are processing your data and to receive a copy.
• Right to rectification: The right to correct any inaccurate information about you.
• Right to erasure ("right to be forgotten"): The right to request the deletion of your data.
• Right to restriction of processing: The right to temporarily suspend the use of your data.
• Right to data portability: The right to receive your data in a structured format and transfer it to another service.
• Right to object: The right to object to certain processing, particularly for marketing purposes.

You can exercise most of these rights directly from your dashboard. For any other request or to exercise a right you cannot fulfill yourself, contact us at contact@knowminder.com.

If you believe your rights are not being respected, you also have the right to lodge a complaint with the competent supervisory authority.

• Supervisory Authority in France (CNIL)
  • Mailing Address: 3 place de Fontenoy, TSA 80715, 75334 Paris CEDEX 07, France
  • Website: https://www.cnil.fr

9. Cookie Management

When you browse our site, cookies may be placed on your device.

• Strictly Necessary Cookies: These cookies are essential for the functioning of our site. They secure your connection, manage your user session, and ensure the payment process via Stripe works. They do not require your consent.
• Audience Measurement Cookies: We use PostHog to anonymously analyze the usage of our services. This data helps us understand which features are popular and how to improve your experience. Your consent is required for these cookies.

You can manage your cookie preferences at any time via the consent banner or your browser settings. Refusing certain cookies may impair your experience on the site.

10. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect data from minors. If we discover that we have, we will take the necessary steps to delete that information.

11. Changes to this Policy

We may update this privacy policy to reflect changes in our services or legislation. In the event of a substantial change, we will notify you by email or via a visible notification on our site.

12. Applicable Law and Jurisdiction

This privacy policy is governed by French law and Regulation (EU) 2016/679 of April 27, 2016 (GDPR). In the event of a dispute and in the absence of an amicable agreement, jurisdiction is given to the competent courts within the district of our company's headquarters.