Free Trial
How to Buy
Log In

Privacy Policy

Privacy Policy

Effective Date: 11/03/2026
Last Updated: 11/03/2026

MindSpeller BCI BV (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, interact with our services, or use our medical device applications.

We comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable privacy laws.

 

This version of the MindSpeaker system is for wellness and assistive use only and should not be used for clinical decision-making.

1. Who We Are

MindSpeller BCI

Company Number: BE 0749.699.835
Address: Duigemhofstraat 101, 3020 Herent, Belgium
Email: contact@mindspellerbci.com

We are a medical device company commercialising EEG-based neurometrics applications for communication assistance and dementia diagnostics.

Please note that the specific EEG-based communication, voice banking, and adaptive BCI applications covered by this Privacy Policy are currently provided as assistive technologies and are not yet certified medical devices.

2. What Data We Collect

We collect information to operate and improve our Services, personalize experiences, and ensure security.

a. Information You Provide

Category

Example Fields

Purpose

Lawful Basis

Account Data

Name, email address, password

Account creation, authentication

Contract

Payment & Profile Data

Payment details, phone number, optional profile info

Billing and identity verification

Contract

Content Data

Emails, uploaded files.

Enable analytics, communication, and insights

Consent / Contract

Special-Category Data 

EEG-derived features

Interpret neural signals for interface control (e.g., ‘click’ commands) and to calibrate personalized classification algorithms (adaptive BCI)

Explicit Consent (Art. 6(1)(a), 9(2)(a))

Special-Category Data 

User Voice Data

Generate a personalized Text-to-Speech (TTS) model that replicates the User’s unique vocal timbre (‘Voice Cloning’)

Explicit Consent (Art. 6(1)(a), 9(2)(a))

Special-Category Data 

Eye-tracking (Gaze) data

Enable real-time cursor control (navigation)

Explicit Consent (Art. 6(1)(a), 9(2)(a))

b. Information Collected Automatically

  • Device & Browser Data: IP address, device type, operating system, and browser version.

  • Usage Data: Interactions, timestamps, and feature engagement metrics.

  • Location Data: Approximate geographic region inferred from IP.

  • Cookies & Local Storage: Used for session continuity, progress tracking, and consent preferences.

3. How We Use Your Information

We process personal data to deliver, improve, and secure our Services.

Purpose

Description

Lawful Basis

Website Service Delivery

Authenticate accounts, process searches, display results.

Contract

System Analytics & Performance Monitoring

Identifying bugs, monitoring server health, and analyzing website/app usage.

Legitimate Interest

Personalized Content & Ads

Adapt experience and recommendations.

Consent

Security & Fraud Prevention

Detect and respond to suspicious activity.

Legitimate Interest

Application Service Delivery

Enable cursor control (gaze data), click detection (EEG processing), personalized Text-to-Speech (voice cloning) and Biometric Data storage (“MindBank”).

Explicit Consent

Research & Model Improvement

Aggregate pseudonymized metrics for calibration of tailored ML models.

Explicit Consent

Legal Compliance & Law Enforcement

Comply with valid court orders, subpoenas, regulatory requests, and maintain financial records for tax and accounting purposes.

Legal Obligation

3a. Automated Processing and Assistive Technologies

We process your biometric data (EEG, Voice, and Eye-tracking) to facilitate device control and communication. Our system uses automated algorithms—including machine learning for our EEG features, software processing for eye-tracking, and a secure third-party provider for voice cloning.

  • Logic Involved:  

    • MindClick (EEG): Algorithmic classification of your neural signals to distinguish between ‘Rest’ and ‘Action’ states.

    • Eye-Tracking (Gaze): Software processing of your eye movements to calculate and stabilize real-time cursor coordinates on your screen.

    • Voice Cloning: Processing of your voice recordings through a secure third-party provider to generate a personalized Text-to-Speech (TTS) model.

  • Purpose: To translate your physical and neural signals into direct digital commands (such as moving a cursor or triggering a click) and to provide a personalized vocal output for assistive communication.

  • Impact: Outputs are strictly functional and assistive. The algorithms operate solely as a User Interface. The system does not profile your personality, diagnose medical conditions, or make autonomous decisions that produce legal or similarly significant effects concerning you (Art. 22 GDPR).

Human Oversight & Control: You remain in full control of the interface at all times. You can undo unintended commands, and actively recalibrate the system to better match your intent.

4. How We Share Your Information

MindSpeller BCI BV does not sell or share personal data in an identifiable form.

However, we retain the right to aggregate, anonymize, and where lawfully permitted, broker anonymized or statistical datasets that cannot reasonably be used to identify an individual. These aggregated datasets may be used for research, analytics, benchmarking, or commercial purposes supporting MindSpeller BCI BV’s mission to advance neuro-technologies.

a. EEG Hardware and Processing Partners

  • EEG Hardware Provider: used solely for EEG signal acquisition. The headset transmits encrypted data directly to MindSpeller BCI BV’s platform. EEG Hardware Provider does not access, store, or retain any EEG or personal data.

  • Text-to-Speech Model Provider: We engage a specialized third-party AI provider to generate your personalized Text-to-Speech (TTS) model (Voice Cloning). We securely transmit a temporary voice recording and text prompts to this provider. The provider acts strictly as a Data Processor. Under our commercial agreement, the provider does not use your biometric voice data, recordings, or text inputs to train their foundational AI models or for any independent purpose.

b. Other Service Providers

We use additional subprocessors, such as:

  • AWS (EU Region) – encrypted data hosting and infrastructure.

  • Stripe – secure payment processing.

  • Analytics and security vendors – system monitoring, fraud prevention, and operational support.

All subprocessors act solely under MindSpeller BCI BV’s instructions and are contractually prohibited from using data for their own benefit.

Data may be transferred outside the European Economic Area (EEA) only where adequate safeguards are in place (e.g., EU Standard Contractual Clauses).

c. Aggregation and Anonymization

Mindspeller retains the right to aggregate and analyze anonymized or de-identified data (for example, statistical EEG metrics, engagement patterns, or usage trends).
These datasets contain no personally identifiable information and may be used for:

  • internal research and product improvement,

  • algorithmic calibration and bias analysis, or

  • creation of commercial or academic insight reports based on anonymized trends.

Such aggregation is conducted under GDPR Recital 26 principles for non-identifiable data, ensuring individuals cannot be re-identified.

d. Legal Disclosures

We may disclose information if required by law or to protect the rights, safety, or property of MindSpeller BCI BV, our users, or others.

5. Your GDPR Rights

You have full control over your data and consents:

  • Review & Update: Edit or correct your data.

  • Consent Management: You can view or withdraw consent for biometric data processing. Withdrawal stops processing immediately.

  • Data Deletion: Request permanent deletion of your data, including EEG-features, voice files and trained weights of any personalized neural model (Adaptive BCI), by emailing us.

  • Export & Portability: Request a structured JSON export of your profile data.

  • Profiling Objection: You may opt out of further data storage without deleting your entire account.

 

To exercise your rights, contact us at: contact@mindspellerbci.com

6. Data Retention and Security

  • Retention of Voice Data: Voice recordings and voice-derived data are stored only as long as necessary to provide the relevant services and are deleted upon account deletion.

  • Retention of EEG Data: Pseudonymized EEG-derived features are stored under salted hashes as long as your account is active, or until deletion is requested. Upon account deletion, this EEG data is strictly and irreversibly anonymized. We achieve this by ensuring no raw temporal EEG metadata is retained—storing only abstracted mathematical features—and by deleting any existing connection to your unique identifier and account, so it can no longer be linked to you. This allows us to continuously improve our general machine learning models.

  • Minimization: Raw EEG windows are not retained beyond transient processing. Only EEG-derived features are stored in a pseudonymized, encrypted matter.

  • Encryption: Data is encrypted at rest and in transit.

  • Pseudonymization: User identifiers are replaced by salted hashes. Direct identifiers are kept entirely separate from your biometric feature files.

  • Access Controls: Role-based access and logging of all profile retrievals.

7. Cookies & Tracking

Our website uses cookies for functionality, analytics, and security. You can manage cookie preferences through your browser settings. For more details, see our Cookie Policy.

8. Children’s Data

Our services are not intended for children under 16 unless supervised by a parent, guardian, or healthcare professional. We do not knowingly collect personal data from minors without proper consent.

9. Changes to This Privacy Policy

We may update this policy from time to time. Changes will be posted on this page with an updated “Last Updated” date.

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Data Protection Officer
MindSpeller BCI
Duigemhofstraat 101, 3020 Herent, Belgium
Email: contact@mindspellerbci.com

You also have the right to lodge a complaint with the Belgian Data Protection Authority: https://www.gegevensbeschermingsautoriteit.be/

Giving back expression when all else fails.

Facebook Linkedin Instagram Youtube

Get Started

Legal

Newsletter


    © 2025 MindSpeaker. All rights reserved.

    Scroll to Top