Controller and scope

This Privacy Policy describes how Minberi Compass ("Minberi Compass", "we", "us", or "our") collects, uses, stores, and discloses information when you use the service.

For the purposes of this policy, Minberi Compass operates the service from Kosovo. Questions or requests relating to this Privacy Policy may be sent to [email protected].

Information we collect

We may collect information you provide directly, information generated through use of the service, and limited technical data needed to operate, secure, and improve the product.

The exact categories depend on which features you use and whether future account or payment functionality has been enabled.

• Evaluation inputs, answers, and generated results
• Refinement submissions and result history
• Support or contact messages you send to us
• Future account data such as name, email address, login credentials, and workspace settings
• Future billing and transaction metadata processed through third-party payment providers
• Technical data such as IP address, device or browser data, timestamps, request metadata, and security or abuse-prevention signals
• Analytics events about page views, flow progression, result generation, and export actions

Current MVP handling of result data

The current service stores evaluation sessions and generated results so direct result links, refinement flows, and export features can function. Anonymous saved result links are currently retained for up to 30 days from generation unless deleted earlier through system cleanup.

Analytics events are intentionally minimized and are not meant to contain raw scenario text by default. Users should avoid entering unnecessary personal, confidential, regulated, or commercially sensitive information into free-text evaluation fields.

How we use information

We use information to operate the service, generate and store results, maintain security, understand product usage, respond to user communications, and support future account or payment features.

If paid features are introduced, we may also use information to create accounts, manage entitlements, process billing, prevent fraud, and maintain transaction records.

• Provide evaluators, results, refine flows, and export features
• Store and retrieve saved results and associated metadata
• Monitor performance, security, abuse, and reliability
• Measure product usage and improve user experience
• Comply with legal obligations and enforce our terms
• Support future authentication, workspace, and payment functionality

Legal bases

Where applicable law requires a legal basis, we rely on one or more of the following: performance of a contract or steps taken at your request, legitimate interests in operating and securing the service, compliance with legal obligations, and consent where consent is required.

If future account or marketing features are introduced, additional consent or preference controls may be provided where required.

Sharing and processors

We do not sell personal data. We may share information with service providers and infrastructure partners that help us operate the product, provided they are subject to appropriate contractual or technical controls.

If accounts or paid features are introduced, this may include hosting providers, analytics tools, authentication providers, customer support tools, fraud-prevention services, and payment processors.

• Infrastructure and hosting providers
• Analytics and monitoring providers
• Authentication or account-management providers
• Payment processors for future paid services
• Professional advisers, regulators, courts, or authorities where disclosure is required by law or reasonably necessary to protect rights and security

International transfers

Some service providers may process or store information outside Kosovo. Where cross-border transfers occur, we will use reasonable contractual, technical, or organizational measures appropriate to the circumstances and to the legal framework then applicable to the service.

By using the service, you acknowledge that processing may involve more than one jurisdiction where this is necessary to operate the platform.

Retention

We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including service operation, security, legal compliance, dispute handling, and recordkeeping.

Retention periods may vary by data category, feature set, and account status. Anonymous result links currently have a shorter retention window than future account-based workspace records are expected to have.

• Anonymous saved result links: currently up to 30 days from generation
• Operational logs, analytics, and security records: retained according to service and security needs
• Future account, billing, and transaction records: retained for account administration, legal compliance, fraud prevention, dispute handling, and financial recordkeeping as needed

Security

We use reasonable technical and organizational measures to protect information against unauthorized access, disclosure, loss, misuse, or alteration. No system, however, can be guaranteed to be perfectly secure.

Users should avoid submitting highly sensitive information unless and until the service clearly indicates that it is designed to receive and protect that category of information.

Your rights

Subject to applicable law, you may have rights relating to the personal data we hold about you, including rights of access, correction, deletion, restriction, objection, portability, and complaint to a supervisory authority.

Users in Kosovo may contact the Information and Privacy Agency of Kosovo if they believe their data protection rights have been infringed. We encourage users to contact us first at [email protected] so we can try to resolve the issue directly.

Children

The service is not intended for children under the age at which they can validly use online services without required authorization under applicable law. We do not knowingly design the service for children or intentionally collect personal data from children without a lawful basis.

Changes to this policy

We may update this Privacy Policy from time to time to reflect product changes, new features, legal requirements, or operational changes.

When we make material changes, we will update the "Last updated" date and may provide additional notice where appropriate.

Contact

Privacy questions, access requests, and complaints may be sent to [email protected].