Last updated: October 30, 2025
Mindaura (“we,” “us,” “our”): a service of Talent Draw LLC
Service: All features, functionalities, programs, and content available through Mindaura
Platform: Our website and related services accessible via any device
User: Any individual accessing or using our services (“you” or “your”)
Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data
Data Controller: Mindaura (Talent Draw LLC), determining purposes and means of processing personal data
Data Processor: Third parties that process personal data on our behalf
Cookie: Small text file stored on your device containing data about your platform usage
Authentication: Process of verifying user identity
Encryption: Process of encoding information to prevent unauthorized access
Token: Unique identifier used for secure authentication
SSL/TLS: Security protocols for encrypted data transmission
This privacy policy explains how Mindaura collects, uses, and protects your personal data and describes your privacy rights and how to exercise them.
This policy applies to:
All users of Mindaura globally
All data collection methods
All service features and functionalities
All platform versions and updates
We may update this policy at any time.
We will notify you of material changes via email.
Continued use after changes constitutes acceptance.
A. Essential Data
Email address (required for authentication)
Name (collected during payment processing)
Last sign-in timestamp
Unique account identifiers
IP addresses
B. Optional Data
Phone number (if provided through payment processors)
User preferences and settings
Communication preferences
A. Test Results
Final IQ scores
Completion timestamps
Performance metrics
Note: Individual test answers are processed in real time and are not stored.
B. Interaction Data
Features accessed, time spent, navigation patterns
Device information (see §3.4)
3.3.1 Payment Data We Receive
We only receive and store limited, tokenized payment information from PCI-compliant processors:
Tokenized payment method identifiers
Last four and first six digits of payment cards
Card expiration dates
A. Device Information
OS and version; browser type/version; screen resolution; device type/model; language preferences
B. Connection Data
IP address; network information; connection type; approximate geolocation derived from IP; time zone
C. Performance Data
Load times; error messages; system metrics; latency; application response times
A. Service Provision
Account creation/management; authentication/security; feature access/customization; support; optimization
B. Payment Processing
Subscription management; authorization; fraud prevention; transaction records; billing support
C. Communication
Service updates/notifications; security alerts; product information; support responses; legal notices
A. Service Improvement
Usage pattern analysis; feature optimization; performance monitoring; UX enhancement; bug resolution
B. Analytics and Research
Aggregate statistics; trend analysis; platform optimization; feature development; benchmarking
Contractual necessity (service provision, account, payments, support)
Legal obligations (tax, financial records, compliance)
Legitimate interests (improvement, fraud/security, technical ops, business development)
Consent (marketing, optional features, third-party integrations, certain analytics/experiments)
Personal data is stored in secure European data centers.
Data may be transmitted globally using encrypted channels.
We implement appropriate safeguards for international transfers (e.g., SCCs), with ongoing compliance monitoring.
5.2.1 Infrastructure Security
A. Authentication & Access: MFA capability; passwordless email sign-in; single-use codes; session management; RBAC; least privilege; access logging/monitoring; periodic reviews and automated revocation
B. Data Protection: SOC 2 Type 2 controls; AES-256 at rest; TLS in transit; regular audits
C. System Security: DDoS protection (e.g., Cloudflare); intrusion detection; patching; infrastructure monitoring
5.2.2 Payment Security
PCI DSS compliant processors; tokenization; no full card numbers accessible to us; encrypted transmission; incident response; regular compliance reviews
5.2.3 Backup & Recovery
Automated encrypted backups; disaster recovery and BCP; restoration procedures; geographic redundancy
5.2.4 Organizational Security
Incident response protocols; access control policies; security incident reporting; change management
5.2.5 Monitoring & Maintenance
Real-time monitoring and logging; performance tracking; periodic security reviews; continuous compliance; updates/patching; vulnerability assessments
5.3.1 Definition: Unauthorized access, loss, destruction, or disclosure of personal data; any incident compromising confidentiality, integrity, or availability.
5.3.2 Internal Response: Activate incident plan; assess scope; contain; document; risk-evaluate.
5.3.3 User Notification: Notify affected users within 72 hours of breach confirmation via email.
5.3.4 Content: Incident description; data types; potential impact; steps taken; user actions; contact info and resources.
5.3.5 Regulatory Compliance: Notify authorities where required; cooperate; provide documentation; implement remedial measures.
5.3.6 Post-Breach: Investigate; add controls; update procedures; provide updates; enhance security.
6.1.1 Analytics Services
Google Tag Manager; Google Analytics; Mixpanel; Google BigQuery; Sentry (errors/perf); Cloudflare (perf/security)
6.1.2 Session Recording Details (Sentry)
Automatic masking of user inputs and exclusion of data entry fields
Designed to avoid collection of PII; however, incidental capture may occur in rare edge cases (e.g., if a field isn’t technically maskable). We apply safeguards and minimization, and prohibit use for profiling.
Used strictly for bug investigation and performance optimization.
6.1.3 Data Collected by Analytics
Usage patterns; feature interactions; performance metrics; error info; anonymized flows; aggregate stats
6.2.1 Partners
Facebook, Google, Snapchat, TikTok, Taboola, Outbrain, AppLovin, Pinterest
6.2.2 Data Sharing Practices
Anonymous identifiers; hashed email addresses (where permitted and subject to your consent/opt-out rights); usage and device data; interaction metrics
6.2.3 Partner Usage
Ad performance measurement; targeting optimization; audience segments; campaign analytics
6.3.1 Tracking Limitations
Browser cookie controls; ad-blockers; device settings; platform-specific controls
6.3.2 Opt-Out Options
DAA/NAI opt-out tools; platform ad settings; partner-specific opt-outs; our in-product cookie preferences center (where available)
6.3.3 Impact
Limiting tracking may affect personalization or certain features; core functionality remains available.
We provide mechanisms to opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising where applicable. Use the site footer link “Do Not Sell or Share My Personal Information” or contact us (see §12).
Access; correction; deletion (see §8.2); objection; portability; withdraw consent.
EU/UK (GDPR): Inform, access, rectify, erase, restrict, portability, object, automated decision-making rights.
California (CCPA/CPRA): Know, access, correct, delete, opt-out of sale/share, limit sensitive data use (where applicable), non-discrimination, portability.
Australia: Notice, access, correction, purpose specification, use limitation, disclosure transparency.
Canada (PIPEDA): Access, accuracy, consent withdrawal, transparency, protection expectations.
7.3.1 Submission
Email support@mindaura.co or use the Help Center (see §12). California users may also use the “Do Not Sell/Share” link.
7.3.2 Verification
Email verification; account auth; for sensitive requests/agents, government ID and proof of authority.
7.3.3 Timelines
Acknowledgment within 72 hours (California: 10 days for CCPA); standard response 30 days; up to 45 days with notice; appeals decided within 30 days.
7.3.4 Delivery
Machine-readable (CSV/JSON), complete data inventory, encrypted transfer.
7.3.5 Appeals
Appeal within 30 days; include reasons and any added information; decision within 30 days.
Account data: while account is active
Payment records: as required by law
Analytics data: for service improvement
Communication records: 2 years
Security logs: 13 months
Inactive accounts: deleted after 365 days of inactivity (see Terms)
Account deletion: standard 30-day process; backup removal within 90 days; verification and completeness checks performed.
We use Standard Contractual Clauses and technical/organizational safeguards for transfers outside the EEA/UK, with regular assessments.
9.2.1 Escalation Process
First-level: escalations-support@mindaura.co (include reference number). Response within 5 business days.
Second-level: same address for senior review; final decision within 15 business days.
Informal resolution: 30-day good-faith negotiation period after escalation.
9.2.2 Formal Proceedings
This Privacy Policy is governed by the laws of the State of Nevada, USA. Disputes are resolved via binding arbitration administered by the AAA as set out in Section 14 of our Terms & Conditions. You consent to the personal jurisdiction of courts in Clark County, Nevada for matters exempt from arbitration. Claims must be brought within six (6) months of the incident, unless a longer period is required by applicable law.
Minimum age 18. We do not knowingly collect data from minors. We will terminate accounts and delete data if we learn a user is underage.
We may modify this policy at any time.
Material: Significant changes to processing purposes, data sharing, or user rights.
Non-Material: Clarifications, formatting, contact updates, security enhancements, analytics/partners updates, regional compliance updates, and other changes that don’t substantially affect rights.
Material Changes: Email notice 5 days before implementation; effective on notice date.
Non-Material Changes: May be implemented immediately; updated policy posted on website.
Review the current policy; discontinue use if you disagree; continued use indicates acceptance.
Talent Draw LLC
2550 E Desert Inn Rd #260
Las Vegas, NV 89121, United States
Phone: 702-913-3871
Email: support@mindaura.co
Help Center: https://mindaura.co/help
All inquiries will be handled according to the response timelines detailed in §7.3.3.
