Last updated February 2026
MINDSETOR (David Chakrian)
Edmond Jasparstraat 48A, 6217HR, Maastricht, Netherlands
Email: support@mindsetor.com
MINDSETOR is a B2B corporate well-being platform for proactive burnout prevention. We provide:
Account Data: Name, email, employer (job title not collected)
Activity Data: Steps, calories, heart rate, Resting Heart Rate (via Apple HealthKit / Google Health Connect)
Stress Data: Heart Rate Variability (SDNN) for nervous system recovery analysis (via Apple HealthKit / Google Health Connect)
Sleep Data: Duration, consistency, and quality metrics (via Apple HealthKit / Google Health Connect)
Mood Data: Self-reported mood ratings (valence protection)
Well-being Insights: Burnout risk scores (Risk Velocity), weekly trends, and sleep risk analysis
Session Data: Booking details, session notes (Care Hub)
Usage Data: Features used, points earned (Device type/OS not collected)
Platform services: Contract (Art. 6(1)(b))
Health data processing: Explicit consent (Art. 9(2)(a))
Care Hub sessions: Contract + Consent
Burnout risk scores: Consent + Legitimate interest
Session records: Legal obligation (Wkkgz/WGBO)
Your employer cannot see your individual data.
Employers only receive participation rates and anonymized, aggregated trends. A strict minimum of 10 active users is required to generate any team analytics. If fewer than 10 users are active, no data is shown to preserve anonymity. Individual scores, mood data, session notes, and health metrics are never shared.
Our V3 Risk Engine analyzes the convergence of your mood valence, sleep consistency, activity capability, and heart rate variability (HRV) to calculate a burnout risk score ("Risk Velocity"). You have the right to:
Account data: Duration of employment + 2 years
Activity & sleep data: 3 years after last activity
Specialist session notes: 15 years (Dutch Wkkgz)
Gamification data: Duration of account
Upon account deletion, personal identifiers (name, email) are permanently erased. Anonymized, non-identifiable health metrics (steps, sleep duration, mood patterns) may be retained for research and product improvement purposes. This anonymized data cannot be linked back to you.
Google Firebase: Database (Firestore), authentication, hosting — EU (europe-west1, Belgium). SOC 2, ISO 27001.
Google Cloud: Cloud Functions, infrastructure — EU (europe-west1, Belgium). SOC 2, ISO 27001.
Firebase Cloud Messaging: Push notification delivery — EU/USA. No health data in notification payloads.
Daily.co: Video calls for Care Hub sessions — USA, with Standard Contractual Clauses (SCCs). Only video/audio streams; no health data transmitted.
HealthKit and Health Connect data stays on your device. We request permission to read it, but it is not stored by Apple or Google on our behalf.
The full sub-processor register is maintained in our Data Processing Agreement.
Access: Request a copy of your data via the in-app "Download My Data" feature or by emailing support@mindsetor.com
Rectification: Correct inaccurate information via your profile settings or by contacting us
Erasure: Delete your account and all associated data via Settings → Privacy → Delete Account
Restriction: Limit how we use your data
Portability: Export your data in machine-readable JSON format via the in-app "Download My Data" feature
Object: Object to processing based on legitimate interest
Withdraw Consent: Revoke consent at any time by deleting your account
Complaint: Lodge complaint with Dutch DPA (Autoriteit Persoonsgegevens)
Contact support@mindsetor.com — we respond within 30 days.
Strictly Necessary: Authentication, session security
Functional: Language preferences
Analytics: Anonymized usage statistics
We do not use marketing or third-party tracking cookies.
MINDSETOR is intended for employees of corporate clients. Users must be at least 16 years old.
We notify users of material changes via email or in-app notification at least 14 days before they take effect.
Email: support@mindsetor.com
Address: Edmond Jasparstraat 48A, 6217HR, Maastricht, Netherlands
