Sign In

Privacy Policy

Last updated on March 20, 2026

Privacy policy

This Privacy Policy explains how Cyberma s.r.o., operating the Marketing Mindset platform, collects, uses, stores, and shares personal data when you use our website, create an account, purchase a plan, access courses or lessons, use AI-powered features, or otherwise interact with our services.

We aim to explain our practices in clear language. If you have questions or want to exercise your privacy rights, you can contact us using the details at the end of this policy.

1. Data Controller

The data controller for the processing described in this Privacy Policy is:

Cyberma s.r.o.
Belehradska 858/23
120 00 Prague
Czech Republic
Email: info@marketing-mindset.net

2. When This Policy Applies

This policy applies to personal data processed in connection with the Marketing Mindset platform, including public pages, authenticated accounts, paid subscriptions, courses, lessons, community features, support interactions, payments, analytics, and AI-powered tools.

3. Personal Data We Collect

Depending on how you use the service, we may collect and process the following categories of personal data:

  • Identity and contact data: name, email address, username, billing name, and contact details you provide.
  • Account data: account credentials, account settings, subscription status, plan information, and account history.
  • Profile and personalization data: profile details, onboarding answers, persona information, venture or business profile information, preferences, goals, and other information you submit to tailor your experience.
  • Usage data: lesson progress, course activity, feature usage, clicks, session activity, timestamps, and navigation within the platform.
  • User-generated content: form inputs, notes, answers, assignments, prompts, comments, uploads, and other content you create or submit in the service.
  • AI interaction data: prompts, instructions, contextual profile data used with AI features, AI request metadata, and related interaction history.
  • AI-generated outputs: recommendations, summaries, analyses, profile suggestions, generated text, and other outputs produced by AI features.
  • Technical data: IP address, approximate location derived from IP, browser type, device information, operating system, language, referrer, cookies, and log data.
  • Payment and transaction data: subscription status, invoices, billing country, VAT-related information, payment status, and limited payment metadata received from Stripe or another payment provider. We do not store full payment card details.
  • Support and communication data: messages you send to us, support requests, survey responses, and communications related to your account or purchases.
  • Security and fraud-prevention data: login activity, audit logs, abuse-prevention signals, and records needed to protect the platform and investigate misuse.

4. How We Collect Personal Data

We collect personal data:

  • directly from you when you register, purchase a subscription, complete onboarding, use lessons or tools, contact us, or submit content;
  • automatically when you use the platform, through cookies, logs, analytics tools, and similar technologies;
  • from payment providers such as Stripe in connection with billing and subscription events;
  • from service providers that help us host, secure, analyze, or support the service.

5. Why We Process Personal Data and Our Legal Bases

Under GDPR, we must have a legal basis for each processing activity. We use the following legal bases:

  • To create and manage your account, authenticate you, deliver courses, lessons, subscriptions, and core features: performance of a contract.
  • To provide AI-powered features you choose to use, including generating recommendations, analyses, and personalized outputs: performance of a contract, and where relevant our legitimate interests in operating and improving those features.
  • To personalize your experience, including AI profiling, tailored recommendations, learning pathways, and venture or user-profile based suggestions: our legitimate interests in making the service more relevant and useful to users.
  • To process payments, manage subscriptions, create invoices, comply with tax and accounting requirements, and maintain transaction records: performance of a contract and compliance with legal obligations.
  • To provide customer support, communicate about your account, and respond to requests: performance of a contract and our legitimate interests in operating the service.
  • To secure the platform, prevent fraud or abuse, investigate incidents, and maintain logs: our legitimate interests and, where applicable, compliance with legal obligations.
  • To analyze usage, troubleshoot issues, improve performance, and develop new features: our legitimate interests, and where required by law, your consent for non-essential cookies or tracking.
  • To send marketing emails or use non-essential analytics or advertising cookies where applicable: your consent, where consent is required by law.
  • To establish, exercise, or defend legal claims: our legitimate interests.

6. AI Features, Profiling, and Automated Processing

Our platform includes AI-powered features. These features may use personal data and other inputs to generate outputs, recommendations, summaries, analyses, or profiles tailored to your use of the service.

In particular:

  • we may use your profile data, onboarding answers, venture or persona information, usage history, lesson activity, and previous AI interactions to personalize the service;
  • we may store AI prompts, contextual inputs, and generated outputs so that features work correctly, conversations can be continued, results can be displayed again, and the service can be supported and improved;
  • some AI-related processing may happen automatically or asynchronously, including background jobs, queued processing, logging, moderation, and service improvements;
  • profiling is used to personalize content, recommendations, workflows, and generated outputs;
  • AI-generated outputs may be inaccurate, incomplete, biased, outdated, or unsuitable for your situation and should be reviewed by you before you rely on them;
  • our AI-related processing is intended to support personalization and product functionality and is not intended to make decisions that produce legal or similarly significant effects about you without appropriate human oversight.

7. Payments and Stripe

If you purchase a subscription or other paid service, payments are processed by Stripe or another designated payment provider. We do not store your full payment card number or card security code.

We may receive and store limited payment-related information such as billing name, billing address, country, VAT-related information, payment status, subscription status, invoice identifiers, and limited card metadata such as card brand or the last four digits where provided by the payment processor.

Stripe acts as an independent controller for certain payment processing activities under its own privacy policy.

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate the platform, keep users signed in, remember preferences, measure usage, improve performance, and support security.

  • Strictly necessary cookies: used for login sessions, authentication, security, fraud prevention, load balancing, and core functionality.
  • Preference cookies: used to remember settings and improve usability.
  • Analytics or performance cookies: used to understand how the service is used and improve it. Where required by law, we use these only with your consent.
  • Error monitoring or diagnostic tools: may be used to detect bugs, crashes, and technical issues. Where these rely on non-essential client-side storage or tracking, we will use an appropriate legal basis, including consent where required.

You can manage cookies through your browser settings and, where available, through our cookie controls. If a separate cookie notice or cookie banner is provided, that notice should be read together with this Privacy Policy.

9. Sharing Personal Data and Third Parties

We do not sell your personal data. We share personal data only when necessary to operate the service, comply with law, protect our rights, or with your direction.

We may share data with the following categories of recipients:

  • Payment providers: such as Stripe, for billing, subscriptions, renewals, invoicing, and payment fraud prevention.
  • Hosting and cloud infrastructure providers: to host the platform, databases, files, backups, and related systems.
  • AI service providers: to process prompts, contextual inputs, and generate AI outputs.
  • Analytics providers: to measure usage and improve the service, where used.
  • Error monitoring and security providers: to detect bugs, crashes, abuse, fraud, or security incidents.
  • Email, communication, and support providers: to send transactional communications and support messages.
  • Professional advisers and authorities: such as lawyers, accountants, auditors, tax authorities, regulators, courts, or law enforcement where legally required or reasonably necessary.

Some providers act as processors on our behalf. Others, such as payment providers, may act as independent controllers for their own regulated services.

10. International Data Transfers

Some of our service providers may process personal data outside the European Economic Area, including in countries that may not provide the same level of data protection as your home country.

When we transfer personal data internationally, we use appropriate safeguards as required by GDPR. Depending on the provider and destination, these safeguards may include the European Commission's Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Account data: usually for as long as your account remains active and for a reasonable period afterward to support reactivation, resolve disputes, maintain backups, and protect the service.
  • Course, lesson, profile, personalization, and usage data: generally while your account is active and, in some cases, afterward where needed to maintain continuity, read-only access, personalization history, support, or legitimate business records.
  • User-generated content, AI interaction history, and AI-generated outputs: generally while associated with your account and for a reasonable period afterward unless deletion is required by law or we no longer need the data for the stated purposes.
  • Billing, invoice, tax, and VAT records: for the period required by applicable law, which may be up to 10 years.
  • Security, audit, and fraud-prevention logs: for as long as reasonably necessary to detect, investigate, and prevent misuse, protect the platform, and meet legal obligations.

If your subscription ends or your account becomes read-only, we may still retain account-related data, learning history, notes, AI interactions, and generated outputs in line with this retention policy unless you validly exercise a right to deletion and we do not need the data for legal or overriding legitimate reasons.

12. Security Measures

We use appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

These measures may include encryption in transit, access controls, authentication controls, logging, backups, environment segregation, and restrictions on personnel access based on business need. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

13. Your GDPR Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete personal data;
  • Erase your personal data in certain circumstances;
  • Restrict processing in certain circumstances;
  • Object to processing based on our legitimate interests;
  • Data portability for data processed by automated means on the basis of contract or consent;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with your local supervisory authority.

To exercise your rights, contact us at info@marketing-mindset.net. We may ask for reasonable proof of identity before acting on a request. We will respond within the time required by applicable law.

If you are in the EU, you also have the right to lodge a complaint with the supervisory authority in your country of habitual residence, place of work, or the place of the alleged infringement. Our main establishment is in the Czech Republic.

14. Children's Data

The service is primarily intended for adults. We do not knowingly collect personal data from children where such processing would require parental consent unless such consent has been properly obtained. If you believe that a child has provided personal data unlawfully, please contact us so we can review and take appropriate action.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the service, legal requirements, or our data practices. When we make material changes, we will post the updated version on this page and may also notify users by email or through the platform where appropriate.

16. Contact Information

If you have questions about this Privacy Policy, our data practices, or your privacy rights, please contact:

Cyberma s.r.o.
Belehradska 858/23
120 00 Prague
Czech Republic
Email: info@marketing-mindset.net

PRIVACY POLICY & TERMS AND CONDITIONS

MARKETING MINDSET © COPYRIGHT 2026. ALL RIGHTS RESERVED