Privacy Policy

Last updated: August 31, 2025

This Privacy Notice for Epiminds AB (“Epiminds,” “we,” “us,” or “our”) describes how and why we access, collect, store, use, and/or share (“process”) your personal information when you use our services (the “Services”), including when you:

Visit https://epiminds.com or any website of ours that links to this Privacy Notice

Engage with us in other related ways (sales, marketing, support, or events)

Questions or concerns? Reading this notice will help you understand your rights and choices. We are the controller responsible for decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use the Services. For any questions, contact support@epiminds.com .

SUMMARY OF KEY POINTS

What personal information do we process? The information we process depends on how you interact with us and the Services. See Section 1.

Sensitive personal information. We do not process sensitive personal information. See Section 1.

Information from third parties. We do not collect information from third parties. See Section 1.

How do we use your information? To provide, improve, secure, and administer the Services, communicate with you, prevent fraud, and comply with law. See Section 2.

AI usage (no training). We provide AI-powered features via trusted providers. We and our AI Service Providers do not use your inputs, outputs, or personal information to train or improve foundation models. See Section 6.

Sharing. We share information with vendors and service providers under contracts that protect your data. See Section 4.

Security. We use organizational and technical measures to protect your data, but no system is 100% secure. See Section 9.

Your rights. Depending on where you live, you may have rights to access, correct, delete, or object to certain processing. See Section 11.

How to exercise rights. Email support@epiminds.com . We will respond in accordance with applicable law. See Section 11.

TABLE OF CONTENTS

What information do we collect?

How do we process your information?

What legal bases do we rely on to process your information?

When and with whom do we share your personal information?

Do we use cookies and other tracking technologies?

Do we offer artificial intelligence–based products? (No training on your data)

How do we handle your social logins?

How long do we keep your information?

How do we keep your information safe?

Do we collect information from minors?

What are your privacy rights?

Controls for Do-Not-Track features

Do United States residents have specific privacy rights?

Do we make updates to this notice?

How can you contact us about this notice?

How can you review, update, or delete the data we collect from you?

WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us. In short: We collect personal information that you provide.We collect personal information you voluntarily provide when you register, request information, participate in activities, make a purchase, or contact us. This may include:

Names

Email addresses

Contact or authentication data

Billing addresses

Debit/credit card numbers

Sensitive information. We do not process sensitive personal information.

Payment data. If you make purchases, we collect data necessary to process payments (e.g., payment instrument number and security code). All payment data is handled and stored by Stripe. See Stripe’s privacy notice: https://stripe.com/privacy .

Social media login data. If you choose to register via a social account (e.g., Facebook, X), we receive profile information as described in Section 7.

All personal information you provide must be accurate, complete, and up to date.

Information automatically collected

In short: Some information is collected automatically when you use the Services.

We automatically collect device and usage data (e.g., IP address, browser/device characteristics, OS, language preferences, referring URLs, country, time stamps, pages viewed, and error reports). We use cookies and similar technologies—see Section 5.

Examples:

Log and usage data: Service, diagnostic, performance, and activity logs.

Device data: Device identifiers, configuration, network, and OS details.

Google API

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements: https://developers.google.com/terms/api-services-user-data-policy

HOW DO WE PROCESS YOUR INFORMATION?

In short: To provide, improve, and administer the Services; communicate with you; protect against fraud and abuse; and comply with law. We may also process information for other purposes with your explicit consent.

Examples include:

Account creation, authentication, and management

Delivering the Services and features you request

User support and inquiries

Administrative messages about products, services, terms, and policies

Order fulfillment and payments

Requesting feedback about the Services

Marketing communications (respecting your preferences; you can opt out)

Security and fraud prevention

Usage analytics and trend identification

Vital interests (e.g., preventing harm)

WHAT LEGAL BASES DO WE RELY ON?

In short: We process personal information only when we have a valid legal basis.

EU/UK (GDPR):

Consent (you can withdraw at any time)

Performance of a contract

Legitimate interests (balanced against your rights)

Legal obligations

Vital interests

Canada:

Express or implied consent, as applicable

Limited scenarios where processing without consent is permitted by law (e.g., fraud detection, legal compliance, publicly available information, or approved research subject to strict safeguards)

WHEN AND WITH WHOM DO WE SHARE PERSONAL INFORMATION?

We share data with third parties that perform services for us and require access to do that work, under contracts that limit their use and require protection of your information. Categories include:

AI platforms

Cloud computing and hosting

Data analytics

Data storage providers

Payment processors

User account/identity services

We may also share information:

Business transfers: In connection with a merger, acquisition, financing, or sale of assets

Affiliates: Under this Privacy Notice

Business partners: For specific offerings or promotions

DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In short: Yes. We use cookies and similar technologies (e.g., pixels, web beacons) to operate, secure, and improve the Services, remember preferences, and perform analytics. We may permit certain third parties to use these technologies for analytics and advertising. Where required by law, you can opt out or adjust preferences through your browser/device settings or by contacting us (see Section 11). See also our Cookie Notice (if available on our site) for details.

DO WE OFFER ARTIFICIAL INTELLIGENCE–BASED PRODUCTS? (NO TRAINING ON YOUR DATA)

In short: We offer features powered by AI/ML technologies. We and our AI Service Providers do not use your inputs, outputs, or personal information to train or improve foundation models.

Use of AI Technologies

We provide AI features via third-party AI Service Providers (including Anthropic, Google Cloud AI, OpenAI, and Perplexity). Your inputs/outputs may be processed by these providers to deliver the requested functionality, detect abuse, ensure security, and comply with law.

No-Training Commitment

We configure providers with no-training settings and maintain agreements that prohibit using your inputs, outputs, or personal information to train or improve their foundation models.

Providers may process limited technical logs (e.g., for abuse detection, service reliability, or legal compliance), but not for training or improving foundation models.

Our AI Products

AI applications and automation

AI research assistance

Text analysis and related tools

All AI processing is subject to this Privacy Notice and our provider agreements.

HOW DO WE HANDLE YOUR SOCIAL LOGINS?

If you register or log in using a social media account, we receive profile information from the provider (e.g., name, email, profile image, and other information you make public). We use that information as described in this notice. We do not control third-party providers’ handling of your data; review their privacy notices and set your preferences in their apps.

HOW LONG DO WE KEEP YOUR INFORMATION?

In short: We keep personal information only as long as necessary for the purposes described, or as required by law (e.g., tax and accounting). When we have no ongoing legitimate need to process your personal information, we will delete or anonymize it. If deletion is not immediately possible (e.g., backups), we will securely store and isolate it until deletion is possible.

HOW DO WE KEEP YOUR INFORMATION SAFE?

We use appropriate organizational and technical safeguards to protect personal information. However, no electronic transmission or storage is 100% secure. You use the Services at your own risk; please access them via secure environments when possible.

DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect data from or market to children under 18 (or the age defined by your jurisdiction). If we learn we have collected such data, we will deactivate the account and delete the data. If you believe a child provided data to us, contact support@epiminds.com .

WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your location (e.g., EEA, UK, Switzerland, Canada, and certain US states), you may have rights to:

Access and obtain a copy of your personal information

Request rectification or deletion

Restrict or object to processing

Data portability (where applicable)

Not be subject to automated decision-making producing legal or similar effects; where such decisions occur, we’ll explain the factors involved and offer a simple way to request human review

Withdrawing consent: If processing is based on consent, you can withdraw it at any time. This will not affect processing that has already occurred or processing based on other legal grounds.

Marketing opt-out: You can unsubscribe from marketing emails by using the link in our emails or by emailing support@epiminds.com . We may still send non-marketing, service-related communications.

How to exercise your rights: Email support@epiminds.com . We will respond in accordance with applicable law.

CONTROLS FOR DO-NOT-TRACK (DNT) FEATURES

Most browsers and some mobile OS/apps include a DNT setting. No uniform standard currently exists for recognizing DNT signals, so we do not respond to them. If a standard emerges and we must follow it, we will update this notice.

DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In short: Residents of certain US states (including CA, CO, CT, DE, FL, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA) may have rights to access, correct, delete, or obtain a copy of personal information, and to opt out of certain processing (e.g., targeted advertising, sale, or profiling with legal/similar effects). These rights may be subject to limitations.

Categories of Personal Information We Collected in the Last 12 Months Category Examples Collected A. Identifiers Name, alias, postal address, phone, unique identifier, IP, email, account name YES B. Customer Records (CA) Name, contact info, education, employment, financial info YES C. Protected classes Gender, age, race/ethnicity, etc. NO D. Commercial info Transactions, purchase history, financial details NO E. Biometric Fingerprints, voiceprints NO F. Internet activity Browsing/search history, interactions NO G. Geolocation Device location NO H. Audio/visual Images, audio, video/call recordings YES I. Employment Job title, work history, qualifications NO J. Education Student records NO K. Inferences Profiles based on other data NO L. Sensitive As defined by law NO

We may also collect other information during support interactions, surveys/contests, or service delivery.

Retention:

Categories A, B, H — retained as long as the user has an account or as required by law.

Sources: See Section 1. Uses: See Section 2.

We collect and disclose personal information via:

Targeting/marketing cookies

Social media cookies

Pixels/tags

Disclosures: In the last 12 months we have not sold or shared personal information for monetary or other valuable consideration. We disclosed Categories A, B, and H to service providers for business purposes (see Section 4).

Your US state rights may include:

Know/access whether we process your data and obtain a copy

Correct inaccuracies

Delete personal information

Obtain a copy of information you previously shared

Non-discrimination for exercising rights

Opt out of targeted advertising (and “sharing” under CA law), sale of personal data, or profiling with legal/similar effects

In certain states, additional rights (e.g., to receive categories/specific third parties to whom we disclosed data; to limit use of sensitive data; to opt out of collection via voice/facial recognition)

How to exercise: Email support@epiminds.com . If permitted, you may designate an authorized agent; we may require proof of authorization and identity verification.

Verification: We will take reasonable steps to verify your request (and, for agents, proof of authority).

Appeals: If we decline your request, you may appeal by emailing support@epiminds.com . If denied, you may contact your state attorney general.

California “Shine the Light”: California residents may request, once per year and free of charge, information about categories of personal information (if any) disclosed to third parties for their direct marketing in the previous year. Submit requests to support@epiminds.com .

DO WE MAKE UPDATES TO THIS NOTICE?

Yes. We may update this notice from time to time. The “Last updated” date reflects the latest version. For material changes, we may post a prominent notice or contact you directly.

HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

Email: support@epiminds.com

Post: Epiminds AB Franstorpsvägen 27 Stockholm, Stockholm 17266 Sweden

HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?

Depending on applicable law, you may request access to the personal information we collect about you, details about how we processed it, correction of inaccuracies, deletion, portability (where applicable), or withdrawal of consent. To submit a request, email support@epiminds.com . We will respond in accordance with applicable law.

Epiminds AB