Privacy Policy

Effective Date: January 15, 2026 | Last Updated: January 14, 2026

1. Introduction

This Privacy Policy describes how Pareidolia LLC ("Company," "we," "us," or "our") collects, uses, and shares information in connection with MindMeld (the "Service"). MindMeld is an engineering standards injection platform for AI-assisted development.

2. Our Core Privacy Principle

MindMeld is designed as a standards injection service. We deliver coding standards and patterns to your local development environment. All AI-assisted coding occurs locally through your chosen AI tool (Claude Code, Cursor, Codex, Windsurf, etc.). We do not access, transmit, store, or process your source code.

3. Information We Collect

3.1 Information You Provide

• Account information: Name, email address, company name (optional), billing information for paid tiers
• Profile information: Team name, user preferences, notification settings
• Communications: Support requests, feedback, correspondence with us

3.2 Information Collected Automatically

• Usage data: Which standards you access, session frequency, feature usage
• Device information: Browser type, operating system, device identifiers
• Log data: IP address, access times, pages viewed, error logs

3.3 Contribution Program Data (If You Opt In)

If you participate in the Contribution Program (Team or Professional tier with contributing pricing), we collect:

• Pattern metadata: Names and descriptions of patterns you've created
• Invariant rules: Abstract rules you've defined
• Hardening signals: When patterns transition from Provisional to Solidified to Reinforced
• Selection data (Professional tier): Which standards you enable or disable

We never collect your actual source code, implementation details, or proprietary algorithms through the Contribution Program.

4. Information We Do NOT Collect

5. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send billing-related communications
• Respond to support requests and communications
• Send product updates, security alerts, and administrative messages
• Analyze usage patterns to improve the Service
• Build and curate the community standards library (for Contribution Program participants)
• Comply with legal obligations

6. Anonymization of Contributions

Before any contributed pattern is included in the community standards library, we apply the following anonymization process:

• Company identifiers removed: All references to company names, product names, and proprietary terms are stripped
• Personal information removed: Author names, email addresses, and usernames are stripped
• Aggregation: Similar patterns from multiple contributors are combined into generalized standards
• Review: Patterns are reviewed before publication to ensure no identifying information remains

7. How We Share Information

7.1 Community Standards (Contribution Program)

Anonymized patterns from Contribution Program participants are shared publicly through the community standards library under CC BY-SA 4.0 license. These patterns cannot be traced back to individual contributors.

7.2 Service Providers

We share information with third-party service providers who perform services on our behalf, including hosting, analytics, payment processing, and customer support. These providers are contractually required to protect your information.

7.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

7.4 Business Transfers

If the Company is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

8. Enterprise Tier Isolation

Enterprise tier subscribers receive complete data isolation.

• Enterprise data is stored in logically separated infrastructure
• Enterprise patterns and standards are never included in the community pool
• Enterprise usage data is not aggregated with other tiers for analytics
• Custom data processing agreements (DPAs) are available upon request

9. Data Retention

• Account data: Retained while your account is active, plus 30 days after termination
• Usage logs: Retained for 90 days for operational purposes, then deleted or anonymized
• Billing records: Retained for 7 years as required for tax and legal compliance
• Contribution Program data: Anonymized contributions remain in the community standards library indefinitely

10. Your Rights

10.1 Access and Portability

You may request a copy of the personal information we hold about you. We will provide this in a commonly used, machine-readable format within 30 days.

10.2 Correction

You may request that we correct inaccurate personal information. You can update most account information directly through your account settings.

10.3 Deletion

You may request deletion of your personal information. Upon receiving a valid deletion request, we will delete your personal information within 30 days, except for information required for legal compliance or anonymized data that cannot be traced to you.

10.4 Opt-Out of Contribution Program

You may opt out of the Contribution Program at any time by changing to non-contributing tier pricing. We will cease collecting new contributions within 7 days.

10.5 Marketing Opt-Out

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected
• Right to Delete: You may request deletion of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• We do not sell personal information: We do not sell, rent, or trade your personal information to third parties for monetary consideration

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on: (a) contract performance; (b) legitimate interests; (c) legal obligations; or (d) your consent
• Right to Restrict Processing: You may request that we restrict processing of your personal data
• Right to Object: You may object to processing based on legitimate interests
• Right to Lodge a Complaint: You may lodge a complaint with your local data protection authority
• International Transfers: Data transferred outside the EEA is protected by Standard Contractual Clauses

13. Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication requirements
• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response procedures

14. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for the Service to function (authentication, session management)
• Analytics cookies: Help us understand how the Service is used
• Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

15. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before the changes take effect.

17. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, please contact:

Pareidolia LLC
Email: privacy@mindmeld.dev
Website: https://mindmeld.dev

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@mindmeld.dev