Back to Home

Privacy Policy

Last updated: February 2026

1. Introduction

Mindcore OÜ ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal data in connection with our website, services, and products.

We are a cybersecurity company headquartered in Tallinn, Estonia, specializing in Critical Infrastructure Protection, Exposure Management, Incident Readiness, and AI-powered Governance, Risk, and Compliance solutions.

This Privacy Policy applies to all information we collect through our website (mindcore.es), services, and interactions with customers, partners, and website visitors.

2. Data Controller

Mindcore OÜ

Harju maakond, Tallinn
Kesklinna linnaosa
Veskiposti tn 2-1002, 10138
Estonia

Email: info@mindcore.es
Phone: +900 888 707 123

For data protection inquiries, please contact us at the details above.

3. Types of Data Collected

3.1 Information You Provide

  • Contact Information: Name, email address, phone number, company name, job title
  • Service Inquiry Data: Information provided when requesting assessments, proposals, or consultations
  • Communication Data: Messages, emails, and correspondence you send us
  • Account Information: If you create an account for our services or platform
  • Blog and Content Interactions: Comments, subscriptions, and engagement data

3.2 Information Collected Automatically

  • Website Usage Data: Pages visited, time spent, referral source, browser type, and operating system
  • IP Address and Device Information: Your IP address, device identifiers, and device characteristics
  • Cookies and Tracking Technology: Information collected through cookies, pixel tags, and similar technologies (see Section 6)
  • Logs and Analytics: Server logs and analytics data to monitor site performance and security

3.3 Assessment and Service Data

When you engage Mindcore for assessments, intrusion testing, or other security services, we may collect and process:

  • Technical data about your systems, networks, and infrastructure
  • Assessment findings, attack simulations, and security reports
  • Incident response logs and forensic data
  • Compliance audit results and documentation

Note: Assessment data is processed under separate Data Processing Agreements (DPA) and our customers' privacy notices.

4. Legal Basis for Processing

Under GDPR, we process your data on the following legal bases:

  • Consent: When you explicitly consent (e.g., subscribing to our blog, accepting marketing communications)
  • Contractual Necessity: To execute our services and fulfill customer agreements
  • Legitimate Interest: To improve our website, enhance security, prevent fraud, and conduct business analytics
  • Legal Obligation: To comply with applicable laws, regulations, and regulatory requests
  • Vital Interest: To protect security and prevent harm

5. How We Use Your Data

We use collected information for the following purposes:

  • Providing and improving our services and website
  • Responding to inquiries, service requests, and customer support
  • Conducting security assessments and delivering service deliverables
  • Sending service-related notifications and updates
  • Marketing and promotional communications (with your consent)
  • Analyzing website usage and performance
  • Preventing fraud, abuse, and security threats
  • Complying with legal and regulatory obligations
  • Improving user experience and personalizing content
  • Facilitating customer engagement and feedback

6. Cookies and Tracking Technologies

6.1 Types of Cookies

  • Essential Cookies: Required for website functionality, security, and platform features. These are always active and do not require consent.
  • Analytics Cookies: Help us understand how visitors use our site to improve user experience. Requires consent.
  • Marketing Cookies: Used to track campaign effectiveness and deliver targeted content. Requires consent.
  • Third-Party Cookies: Placed by external services for analytics, advertising, and functionality. Requires consent.

6.2 Managing Cookie Preferences

You can manage your cookie preferences through the cookie consent banner on our website. Most browsers also allow you to refuse cookies or alert you when a cookie is being set. However, disabling essential cookies may affect website functionality.

7. Data Sharing and Disclosure

7.1 Third-Party Service Providers

We may share your personal data with trusted third parties who process data on our behalf. Currently, this includes:

  • CrowdStrike – As a trusted partner, we share team contact information, technical data, network configurations, and other technical information necessary for platform integration, implementation, and ongoing support of CrowdStrike solutions.

In the future, we may engage additional service providers such as cloud hosting providers, email service providers, analytics platforms, payment processors, and CRM platforms. We will update this privacy policy accordingly before entering into any new data sharing arrangements that involve personal data processing.

7.2 Business Partners and Data Agreements

Data sharing with CrowdStrike and other technology partners is conducted under Data Processing Agreements (DPA) that ensure adequate protection of your personal data. These agreements define the scope, purpose, and security measures applicable to shared data.

7.3 Legal Compliance

We may disclose your data when required by law, court order, government request, or to protect our legal rights and the safety of our users.

7.4 No Sale of Data

We do not sell your personal data to third parties. We only share data as described in this Privacy Policy.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy:

  • Website Analytics: Generally retained for 13 months
  • Service Inquiries and Communications: Retained for 3 years or as required by law
  • Customer Service Records: Retained for 5 years for dispute resolution and compliance
  • Assessment Reports and Deliverables: Retained according to contractual obligations and applicable regulations
  • Marketing Contact Lists: Retained until you unsubscribe

When data is no longer needed, we securely delete or anonymize it.

9. Your Privacy Rights

Under GDPR and other applicable data protection laws, you have the following rights:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal and contractual obligations.

9.4 Right to Restrict Processing

You can request that we limit how we use your data.

9.5 Right to Data Portability

You can request a copy of your data in a portable format for transfer to another controller.

9.6 Right to Object

You can object to marketing communications and certain processing activities. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link.

9.7 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority (in Estonia, the Estonian Data Protection Inspectorate).

To exercise any of these rights, please contact us at info@mindcore.es with your request and a copy of your identity document. We will respond within 30 days.

10. Data Security

We implement industry-standard technical, administrative, and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, and destruction:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and Intrusion testing
  • Employee training on data protection practices
  • Incident response and breach notification procedures
  • Compliance with ISO 27001 and other security standards

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Mindcore is based in Estonia (EU). If you access our website or services from outside the EU/EEA, your data may be transferred to the EU for processing. We ensure that such transfers comply with GDPR through appropriate safeguards, including Standard Contractual Clauses and adequacy decisions.

12. Third-Party Links

Our website may contain links to third-party websites. This Privacy Policy does not apply to external sites. We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing personal data.

13. Children's Privacy

Our services are not intended for individuals under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided data, we will delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last updated" date and, where required, by sending you a notification. Your continued use of the website or services constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Mindcore OÜ
Email: info@mindcore.es
Phone: +900 888 707 123
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Veskiposti tn 2-1002, 10138, Estonia

We will respond to your inquiry within 30 days.

16. Regulatory References

This Privacy Policy is designed to comply with:

  • EU General Data Protection Regulation (GDPR)
  • ePrivacy Directive (2002/58/EC and 2009/136/EC)
  • Estonian Personal Data Protection Act (isikuandmete kaitse seadus)
  • Other applicable data protection and privacy laws

Have questions about how we protect your data?

Contact Our Privacy Team