Responsible person

Responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection regulations: Carsten Klaffke Bismarckstraße 100 41061 Mönchengladbach

Personal data

Registration data in the form of an email address and a password are used. These dates are transmitted to the authentication service Google Firebase Authentication and managed there. More information on Google's privacy policy can be found under Google privacy policy.

Transmission of data to external services

When researching information within mindlib, external services are occasionally used. Entering "New / Research / Web search" perform a search in the Google Knowledge Graph. This is used to create a list of suggestions. The data transmitted to Google is limited to the search term entered by the user such as the language selected in the user profile. A connection to the user cannot be established. The "suggestions" list is created via a semantic search for parent/child terms to a selected information. This data is requested from Wikidata. Therefore, the title of the selected information and the language settings will be transmitted to Wikidata anonymously. When entering a URL in the "Link" field on the page "/main", the URL is accessed to read the Open Graph data. With this access, no connection to the user can be established.

AI Services and Chat

mindlib integrates three self-hosted, self-implemented AI services and a chat function powered by the Microsoft Azure OpenAI Service. You can activate/deactivate the functionality and communication in the account settings under "mindlib ai". The details are as follows:

Self-hosted AI Services:

mindlib utilizes three AI services hosted on a server located in Germany to generate keywords, search terms and summaries based on titles and descriptions. These services are triggered after a user saves an information and return the results for local storage in the user's database. No data is stored on the server, and no data leaves the server during the process. The data is solely used to enhance the search and discovery features within the app. The code is publicly available at: Github/llm-tools

mindlib AI Chat:

The chat functionality in mindlib communicates with the Microsoft Azure OpenAI GPT-4o-mini large language model (LLM). In this process, data relevant to the user's request is pre-selected in mindlib and sent along with the request. The user data is not trained into the model, only exists in the context of the request, and is not accessible to other users or their requests. Additionally, the following conditions apply to this integration (see Data, privacy, and security for Azure OpenAI Service):

- Your prompts (inputs), completions (outputs), embeddings, and training data are NOT available to other customers.
- Your data is NOT available to OpenAI or used to improve OpenAI models.
- Your data is NOT used to improve any Microsoft or 3rd party products or services.
- Your data is NOT used for automatically improving Azure OpenAI models for your use (the models are stateless unless you explicitly fine-tune models with your training data).
- Fine-tuned Azure OpenAI models are available exclusively for your use.
- The Azure OpenAI Service is fully controlled by Microsoft and is hosted in Microsoft’s Azure environment. It does NOT interact with any services operated by OpenAI (e.g., ChatGPT or the OpenAI API).

To prevent misuse and the generation of harmful content, the Azure OpenAI Service employs both content filtering and abuse monitoring. Content filtering occurs in real-time, without storing inputs or generated results, and is not used to improve the models. Abuse monitoring detects potential violations and securely stores data for up to 30 days. Stored data is regionally separated, and authorized reviewers can only access this data in cases of suspected abuse, under strict security protocols.

Storing data

The data created when using the app is stored in a local database on the user's device via the IndexedDB interface. In addition, for the purpose of distributed availability and data backup, the data is synchronized with a secured server hosted in Germany. In doing so, it maintains a separate database divided from other users' data.

Data communication

All communication of the app with the server and with the external services is HTTPS encrypted.

Deletion of data

When you log out, the locally stored data will be deleted. When you delete your account, the local data, the database for the user on the server and the authentication account at Google Firebase Authentication will be deleted.