Skip to content
Mind Momentum

Privacy Policy

Last updated: April 2, 2026

1. Data Controller

MB "Mind Momentum", registration code 306656270, VAT code LT100016573916, registered at H. Manto g. 76, LT-92222 Klaipėda, Lithuania (“Mind Momentum,” “we,” “us,” “our”) is the data controller for personal data collected through our website (mindmomentum.lt) and the data controller or joint controller for personal data processed through our automation products and services (collectively, the “Services”).

Where we process personal data on behalf of our clients through automation products, the specific roles (controller, joint controller, or processor) are defined in the applicable service agreement or data processing agreement.

2. Information We Collect

Information you provide directly

  • Contact form: Name, email address, and message content when you reach out through our website.
  • Account and billing: Name, email, company details, and payment information when you subscribe to a paid product. Payment details are collected and processed directly by Stripe — we do not store your full card number.
  • Third-party credentials: If a product requires access to a third-party platform, you may provide login credentials, session tokens, or API keys. These are stored encrypted at rest and transmitted encrypted in transit, and used solely to operate the Service on your behalf.
  • Message templates and preferences: Content you create or configure within our products, such as message templates, automation rules, and notification preferences.

Information collected automatically

  • Website usage: IP address, browser type, device information, pages visited, and referral source when you visit our website.
  • Product usage: Operational logs such as messages sent, actions performed, and error events — used to provide, monitor, and improve the Service.

Data sourced from third-party platforms

Some products collect publicly available information from third-party platforms (such as property listings, business contact details, or publicly visible profile data) and deliver it to our clients as part of the Service. This data may include personal data of third parties. We process this data on the legal basis of legitimate interest (Article 6(1)(f) GDPR) — facilitating business-to-business communication in a professional context. Data subjects whose information is collected this way have the right to object to this processing (see Section 8).

3. How We Use Your Information

  • Provide, operate, and maintain the Services
  • Process payments and manage subscriptions
  • Respond to your inquiries and provide support
  • Perform automated actions on third-party platforms as authorized by you
  • Send operational notifications (via email, Telegram, or other channels you configure)
  • Monitor service health and troubleshoot issues
  • Improve our products and develop new features
  • Comply with legal obligations
  • Protect against fraud and abuse

4. Legal Basis for Processing

We process personal data under the General Data Protection Regulation (EU) 2016/679 and the Lithuanian Law on Legal Protection of Personal Data (No. I-1374) on the following bases:

  • Performance of a contract (Article 6(1)(b) GDPR): Processing necessary to provide the Services you subscribed to, including account management, credential storage, product operation, and payment processing.
  • Legitimate interest (Article 6(1)(f) GDPR): Service improvement, security monitoring, fraud prevention, and collection of publicly available business data for lead generation purposes. We have conducted balancing tests to ensure our interests do not override the rights of data subjects.
  • Consent (Article 6(1)(a) GDPR): Marketing communications and non-essential cookies, where applicable. You may withdraw consent at any time.
  • Legal obligation (Article 6(1)(c) GDPR): Tax records, accounting, and compliance with applicable Lithuanian and EU laws.

5. Third-Party Services and Data Transfers

We use trusted third-party services to operate our website and products. Some of these providers are based outside the European Economic Area (EEA):

  • Stripe (USA — EU-US Data Privacy Framework certified): Payment processing and subscription management. Stripe collects and processes your payment information under their own privacy policy.
  • Cloudflare (USA — EU-US Data Privacy Framework certified): Website hosting, CDN, and Turnstile spam protection. Turnstile may collect technical device information to verify you are human.
  • Amazon Web Services (USA — EU-US Data Privacy Framework certified): Email delivery via SES for contact form submissions and operational notifications.
  • Google Cloud Platform (USA — EU-US Data Privacy Framework certified): Cloud infrastructure for running automation products.
  • Telegram (UAE/international): Delivery of notifications and service alerts where you have configured a Telegram integration. Messages are transmitted via Telegram's infrastructure.

For transfers to the United States, we rely on the EU-US Data Privacy Framework adequacy decision where the recipient is certified. For other international transfers, we use Standard Contractual Clauses approved by the European Commission. We may add additional service providers as our products evolve and will update this policy accordingly.

6. Data Retention

  • Contact form submissions: Retained for up to 12 months to respond to your inquiry and for follow-up, then deleted.
  • Account and billing data: Retained for the duration of your subscription and for 10 years thereafter as required by Lithuanian tax and accounting laws.
  • Third-party credentials: Deleted within 30 days of service termination or when you revoke access, whichever comes first.
  • Product data (leads, logs, reports): Retained for up to 90 days after generation, unless a longer period is necessary to provide the Service. You may request earlier deletion.
  • Website analytics: Identifiable data is deleted within 90 days. Aggregated and anonymized data may be retained indefinitely.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Credentials and sensitive data are encrypted at rest and in transit. Access is limited to personnel and systems that require it to operate the Services. We maintain records of processing activities in accordance with Article 30 GDPR.

8. Your Rights

Under GDPR and the Lithuanian Law on Legal Protection of Personal Data, you have the right to:

  • Access your personal data (Article 15 GDPR)
  • Rectify inaccurate data (Article 16 GDPR)
  • Erase your data (“right to be forgotten”) (Article 17 GDPR)
  • Restrict processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Object to processing based on legitimate interest, including profiling (Article 21 GDPR)
  • Withdraw consent at any time where processing is based on consent (Article 7(3) GDPR)

To exercise any of these rights, contact us at info@mindmomentum.lt. We will respond within 30 days.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija — VDAI), L. Sapiegos g. 17, LT-10312 Vilnius, email: ada@ada.lt, website: vdai.lrv.lt.

9. Cookies

Our website uses cookies. For detailed information about what cookies we use and how you can manage your preferences, please see our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For material changes affecting active subscribers, we will provide notice via email or through the Service at least 30 days before the changes take effect.

Contact Us

MB "Mind Momentum"
Registration code: 306656270
VAT code: LT100016573916
H. Manto g. 76, LT-92222 Klaipėda, Lithuania
Email: info@mindmomentum.lt