Security & Data Protection

Last updated: 25 June 2026

Mindacks (the brand name of Mindaks Global Pvt. Ltd.) takes the security of your personal data seriously. This page describes the technical and organisational measures we apply to protect the information entrusted to us by our users, clients, and partners.

We do not claim perfection, but we are committed to responsible, transparent, and continuously improving data security practices.

1. Secure Data Transmission

All data transmitted between your browser and mindacks.com is encrypted using HTTPS (TLS). This means that information you submit through our contact forms, assessment tools, or any other part of the website is protected in transit against interception.

We do not support unencrypted HTTP connections. All HTTP requests are automatically redirected to HTTPS.

2. Secure Infrastructure

mindacks.com is hosted on Vercel, a trusted enterprise-grade cloud infrastructure provider with robust security practices, including:

  • Automated DDoS protection.
  • Edge network with global distribution for reliability and performance.
  • Infrastructure-level security monitoring.
  • Regular automated vulnerability scanning.

Our transactional email is delivered via Resend, a secure email infrastructure provider with industry-standard security practices.

3. Access Controls

Access to personal data and internal systems at Mindacks is controlled on a strict need-to-know basis:

  • Only authorised personnel have access to customer data.
  • Administrative access to systems is protected by strong authentication.
  • Third-party vendors are granted only the minimum level of access required to deliver their service.
  • Access rights are reviewed and revoked promptly when no longer required.

4. Data Minimisation

We collect only the personal data that is necessary for the stated purpose. We do not collect excessive data "just in case." Where possible, we work with anonymised or aggregated data for analytics and research.

For full details of what data we collect and why, see our Privacy Policy.

5. Third-Party Providers

We carefully select third-party service providers based on their security practices and reputation. Before using a third-party tool, we review:

  • Their privacy and data handling policies.
  • Their security certifications and practices.
  • Whether they have appropriate data processing agreements in place.

Current key providers include:

  • Vercel — Website hosting and infrastructure.
  • Resend — Transactional email delivery.
  • Google Analytics — Website analytics (with anonymised IPs and consent-gated).
  • Cal.com — Appointment scheduling.
  • Substack — Newsletter management.

We do not share your data with third-party providers for their own marketing purposes.

6. Data Retention and Deletion

We retain personal data only for as long as necessary for the purpose for which it was collected, as described in our Privacy Policy. After the applicable retention period, data is securely deleted or irreversibly anonymised.

7. Security Monitoring and Review

We review our security practices on a regular basis, including:

  • Periodic review of third-party provider security practices.
  • Review of access controls and permissions.
  • Assessment of new security risks as our technology stack evolves.
  • Internal awareness and training on security best practices.

8. Security Incident Response

In the event of a security incident that affects your personal data, we are committed to:

  • Investigating and containing the incident promptly.
  • Notifying affected individuals as required by applicable law and in a timely manner.
  • Notifying the relevant regulatory authority where legally required.
  • Taking corrective action to prevent recurrence.

9. Reporting a Security Concern

If you discover a security vulnerability in our website or have a concern about the security of your personal data, please contact us immediately:

  • Email: info@mindacks.com
  • Subject line: Security Concern — mindacks.com
  • Response time: We will acknowledge security-related concerns within 48 hours.

We ask that you practice responsible disclosure — please do not publicly disclose a vulnerability before giving us reasonable time to investigate and address it.

10. Limitations

While we implement security best practices, no system is completely immune to security risks. We cannot guarantee that our website or communications will be entirely free from security breaches. We encourage you to take your own precautions, including using strong passwords, keeping your browser updated, and being cautious about unsolicited communications.

Related: Privacy Policy · AI Ethics · Trust Center