mineris
Explore

Legal

Privacy Policy

How mineris collects, uses, and protects your data when you use our biomedical evidence platform.

Last updated:

1. Who we are

mineris is operated by Mineris Labs sp. z o.o. w organizacji — a Polish limited liability company in formation under Art. 11 of the Polish Commercial Companies Code ("mineris", "we", "us"). We are the data controller for the personal data described in this policy. Our registered office address and KRS number will be published here once court registration completes.

Questions about this policy or your data: admin@mineris.org.

2. Scope

This policy applies to:

  • The public website at mineris.org.
  • The application at mineris.org/ide (the "Platform").
  • Any direct correspondence with us.

It does not apply to third-party websites or services we link to.

3. What we collect

Account data

When you sign in with Google, Microsoft, or another supported identity provider via AWS Cognito, we receive:

  • Your email address.
  • Your name (when provided by the identity provider).
  • A unique provider subject identifier (sub) used to keep your account record stable across sign-ins.

Content you create

  • Search queries, screening decisions, and notes you record inside a workspace.
  • Documents you upload to a workspace.
  • Configuration of templates, forms, and synthesis outputs.

This content is private to your workspace unless you explicitly share it.

Technical data

  • IP address (recorded in access logs for security and abuse prevention).
  • Browser user-agent, timestamps, and the API endpoints you call.
  • Frontend performance metrics and errors (via Grafana Faro).
  • Backend traces and logs (via Grafana Cloud).

We do not use third-party advertising trackers.

4. Why we process this data — legal basis (GDPR)

Purpose Legal basis (Art. 6 GDPR)
Provide the Platform (auth, storage, retrieval) Performance of a contract (Art. 6(1)(b))
Service reliability, security, abuse prevention Legitimate interests (Art. 6(1)(f))
Comply with legal obligations (tax, accounting) Legal obligation (Art. 6(1)(c))
Optional product communications Consent (Art. 6(1)(a)) — opt-in only

We do not sell personal data and we do not use your workspace content to train AI models.

5. Where your data lives

Mineris runs on Amazon Web Services in the EU (Stockholm — eu-north-1) region. Our observability stack (Grafana Cloud) processes telemetry within the EU.

When you use LLM features that route to external providers (OpenAI, Google Gemini, Anthropic), the queries and context you send for that feature leave the EU and are processed under those providers' terms. You can disable LLM features in your workspace settings.

6. Sub-processors

Provider Purpose Region
Amazon Web Services Hosting, authentication (Cognito), storage EU (Stockholm)
Google LLC Sign-in with Google (OAuth) Global
Microsoft Corporation Sign-in with Microsoft (OAuth) Global
Grafana Labs Logging, metrics, traces, frontend RUM EU
OpenAI / Google (Gemini) / Anthropic Optional LLM features (only when you trigger them) US

We keep a current list and provide reasonable notice of material changes via this page.

7. Retention

  • Account data: kept while your account exists, deleted within 30 days of account closure.
  • Workspace content: retained until you delete it or close your account; backups retain it for up to 30 days afterward.
  • Access logs and telemetry: retained for up to 90 days.
  • Billing records: retained for as long as required by applicable tax law (typically 5–10 years).

8. Your rights

Under the GDPR (and equivalent laws in the UK, Switzerland, and other jurisdictions) you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten"), subject to legal retention requirements.
  • Restrict or object to processing based on legitimate interests.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent at any time where processing is consent-based.
  • Lodge a complaint with your local supervisory authority — e.g. in Poland, the President of the Personal Data Protection Office (UODO) at uodo.gov.pl.

To exercise any of these rights, email admin@mineris.org. We respond within 30 days.

9. Security

  • All traffic is encrypted in transit (TLS 1.2+).
  • Stored data is encrypted at rest on encrypted EBS volumes.
  • Third-party LLM credentials you supply are encrypted at rest using a Fernet-based SecretBox before being written to our database.
  • Authentication is delegated to AWS Cognito; we never see your identity provider password.

No system is perfectly secure. If you suspect a security incident, contact admin@mineris.org.

10. Cookies

See our Cookie Policy for details on what cookies and similar technologies we use.

11. Children

The Platform is not intended for users under 16. We do not knowingly collect data from children.

12. Changes

We may update this policy. The "Last updated" date at the top reflects the most recent change. Material changes will be notified via email or an in-app notice.