Privacy policy

MindSafe is operated by Blumint Pty Ltd, a company registered in Australia, with its principal place of business in Melbourne, Victoria. References to "MindSafe", "we", "us", and "our" in this policy refer to Blumint Pty Ltd.

MindSafe provides a privacy-first employee pulse survey platform. Our customers are organisations that use MindSafe to gather workplace wellbeing signals from their employees. In most processing activities, the customer is the controller and MindSafe is the processor.

This policy covers personal data we process through the MindSafe platform at mindsafe.app and its subdomains, our marketing website, and any communications we send to administrators, managers, or employees of customer organisations. It does not cover third-party websites we link to.

We process the following categories of personal data:

• Employee identity data: name, work email address, team assignment, employment status, and the identifier issued by the customer's HRIS where provided.
• Pulse response data: self-reported ratings on workplace wellbeing dimensions (workload, clarity, cadence, connection, energy), free-text reflections where the employee chooses to add them, and the timestamp of the response.
• Account and authentication data: for HR administrators and managers, email address, hashed password, multi-factor enrolment state, and session metadata.
• Operational metadata: pulse delivery and open events, error logs scrubbed of personal content, and aggregated usage telemetry needed to operate the service.
• Support communications: messages you send us through the contact form or by replying to our emails, and our responses.

We do not process keystroke data, screen content, camera or microphone input, productivity telemetry from third-party tools, or any other surveillance-derived signal as part of the wellbeing measurement.

We use personal data only for the following purposes:

• To deliver the daily pulse to employees and render their personal dashboard.
• To produce aggregate team views for managers and HR, gated by a minimum cohort size of five distinct respondents.
• To authenticate administrators and managers and to maintain workspace integrity.
• To provide customer support and to respond to enquiries you send us.
• To detect and prevent fraud, abuse, or unauthorised access, and to meet our legal obligations.
• To improve the service, using only aggregated, de-identified usage signals where possible.

We do not sell personal data. We do not use employee pulse data to train external machine learning models. We do not share employee-level data with third parties for advertising or profiling.

Where MindSafe acts as a processor for a customer organisation, the lawful basis for processing employee personal data is set by the customer in its capacity as controller, typically under the legitimate interests basis (Article 6(1)(f) of the UK and EU GDPR) for workplace wellbeing measurement, supported by a Legitimate Interests Assessment that the customer maintains.

Where MindSafe acts as a controller, for example when administering accounts of HR users or responding to support enquiries, the lawful basis is the performance of a contract (Article 6(1)(b)), our legitimate interests in operating the service (Article 6(1)(f)), or compliance with a legal obligation (Article 6(1)(c)).

MindSafe relies on a small set of vetted infrastructure sub-processors to deliver the service. Each is bound by a written data processing agreement consistent with Article 28 of the UK and EU GDPR, and operates under recognised security frameworks such as SOC 2 Type II, ISO 27001, or equivalent. Our current sub-processors are:

We will provide reasonable prior notice of any new sub-processor and will give customers the opportunity to object on reasonable grounds. The current list above is authoritative.

Customer data is hosted primarily in the European Union. Where personal data is transferred to a country outside the European Economic Area or the United Kingdom that has not been recognised as providing adequate protection, transfers are made under the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by appropriate technical measures including TLS 1.3 in transit and AES-256 at rest.

Personal data is retained only for as long as it is needed for the purposes set out in this policy. The category-by-category retention schedule is published separately at the data retention page. When the retention window ends, personal data is either deleted or fully anonymised so that re-identification is no longer possible.

We apply technical and organisational measures appropriate to the risk of the processing, including row-level authorisation enforced at the database, TLS 1.3 in transit, AES-256 at rest, isolated serverless runtimes, anycast edge with DDoS mitigation, tokenised expiring links for personal dashboards, append-only audit logging, and the principle of least privilege for production access. The full control set is documented in the trust model.

Where MindSafe acts as a processor, requests to exercise rights under the UK or EU GDPR (access, rectification, erasure, restriction, portability, objection) should be directed in the first instance to the customer organisation that controls your employment data. We will assist that controller without undue delay.

Employees may also exercise the right to erasure directly from their personal MindSafe dashboard at any time. Where MindSafe acts as a controller, you can exercise your rights by contacting us through the contact form.

You also have the right to lodge a complaint with a supervisory authority, including the Information Commissioner's Office in the United Kingdom and your national data protection authority in the European Union.

MindSafe uses strictly necessary cookies to maintain authenticated sessions and to protect against cross-site request forgery. We do not use advertising cookies and we do not load third-party trackers on the marketing website. Pulse access for employees does not require cookies; access is granted by signed, expiring tokens issued in the daily pulse email.

MindSafe is intended for use by employees of customer organisations and is not directed to children under 16. We do not knowingly process personal data of children in connection with the service.

We may update this policy to reflect changes in our service, our sub-processor list, or applicable law. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated to workspace administrators in advance.

For privacy enquiries, data subject requests directed to MindSafe in our capacity as controller, or any other questions about this policy, please use the contact form.