Privacy Policy

Last updated: March 4, 2026.

Welcome to YesMind.ai (“Platform,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, process, store, and protect personal information when you access or use our website and services. Our Platform provides centralized access to multiple artificial intelligence models and services, including (but not limited to) MidJourney, Sora, ChatGPT, Runway, Flux, Imagen, Ideogram, Luma, Deepseek, Clarity Grok, and other third-party AI systems. Because we operate as an orchestration layer between users and multiple AI providers, transparency about data flows and responsibilities is fundamental to how we operate. This document is intended to clearly explain what happens to your data, what remains under your control, and where third-party processing may occur. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

1. Our Role in the AI Ecosystem

Our Platform acts as a gateway. We do not build all the AI models available through our system; instead, we enable users to access and interact with selected third-party AI services from a single interface. This means that in certain situations, we act as the primary data controller (for example, when managing your account). In other situations, we function as an intermediary or technical processor that routes your input to the AI model you select. The distinction matters. When your prompt is transmitted to a third-party AI provider, that provider may process the data under its own privacy framework. We aim to limit transmission strictly to what is technically necessary to deliver the requested output.

2. Information We Collect

We collect information that is necessary to operate the Platform, improve user experience, and comply with legal obligations. The categories of data include:

Account Information

When you register, we collect your name, email address, hashed password, and optionally a profile image or organization name.

Usage Data

We record aggregated information about how you interact with the Platform — pages visited, models selected, session duration, device type, browser version, and approximate geographic location derived from IP address.

Prompts and Outputs

We temporarily process the text, images, audio, or video you submit in order to route them to the requested AI model. We store this content only when you explicitly save it within your account library.

Billing Information

Payments are processed by PCI-DSS compliant providers. We do not store full payment card numbers on our servers.

3. How We Use Personal Information

We use collected information to:

Provide, maintain, and improve the Platform and its features.
Authenticate users and protect against unauthorized access.
Process subscriptions, invoices, and refunds.
Communicate service updates, security alerts, and policy changes.
Detect and prevent fraud, abuse, and violations of our Terms of Service.
Comply with applicable laws, regulations, and lawful requests from authorities.

We do not sell personal information to third parties, and we do not use your private prompts or outputs to train our own foundation models.

4. Legal Basis for Processing

Under the GDPR and similar frameworks, we process personal data under one or more of the following legal bases: performance of a contract (to deliver the services you request), legitimate interests (to secure and improve our Platform), consent (where required, such as for non-essential cookies or marketing communications), and legal obligation (to comply with tax, accounting, and regulatory duties).

5. Interaction With Third-Party AI Providers

When you submit a prompt to a specific model, the content of that prompt is transmitted to the corresponding third-party provider. Each provider maintains its own privacy policy, data retention schedule, and model-training practices. We encourage you to review those policies directly. We transmit only the data strictly required to fulfill the request and, wherever technically possible, we route traffic through zero-retention API endpoints so that providers do not store your inputs for extended periods.

6. Data Retention

We retain account information for as long as your account remains active. Usage logs are kept for up to 12 months for security and diagnostic purposes. Saved prompts and outputs remain in your personal library until you delete them or close your account. Billing records are retained for the period required by applicable tax and accounting laws (typically 5–10 years).

7. Security Measures

We implement industry-standard technical and organizational safeguards, including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, continuous monitoring, and regular third-party security audits. While no system can be guaranteed fully secure, we are committed to protecting your information with appropriate diligence.

8. International Data Transfers

Our infrastructure and AI provider partners operate globally. Your information may be transferred to, processed in, or stored in countries outside your region of residence. When such transfers occur, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms recognized under applicable law.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, as well as to object to certain processing activities and to withdraw consent at any time. To exercise these rights, contact us at privacy@yesmind.ai. We will respond within the timeframes required by law.

10. AI-Specific Data Considerations

Generative AI introduces unique privacy considerations. Outputs may occasionally reflect patterns from training data, may be inaccurate, or may generate content that resembles real individuals. Do not submit sensitive personal data, confidential business information, or regulated data (e.g., health, financial, or legal records) unless you have authority to do so and have reviewed the relevant provider's terms.

11. Children's Privacy

Our Platform is intended for users who are at least 18 years old, or the age of majority in their jurisdiction. We do not knowingly collect personal data from minors. If we become aware that personal data has been collected from a minor without appropriate consent, we will take reasonable steps to delete it.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain secure sessions, remember preferences, analyze traffic, and improve performance. Essential cookies are required for core functionality, including authentication and account management. Optional analytics or preference-based cookies may be used where legally permitted. Users may manage cookie preferences through browser settings or a consent management interface where available.

13. Account Termination and Data Deletion

You may request account deletion at any time. Upon verified request, we will deactivate your account and remove personal data from active systems within a reasonable period, subject to legal or regulatory retention requirements. If deletion affects stored prompt history, previously generated outputs may no longer be accessible.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our services, integrations, legal obligations, or operational practices. Material updates will be communicated through website notices or direct user notification. Continued use of the Platform following an update constitutes acceptance of the revised Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our Data Protection team at privacy@yesmind.ai. We are committed to responding promptly and transparently.