Privacy Policy

Last updated: May 2026

1. Who we are

This Privacy Policy is issued by Virtual Minds Ltd ("Virtual Minds", "we", "us", "our"), a company incorporated in the Abu Dhabi Global Market (ADGM), United Arab Emirates, with registered office at [REGISTERED OFFICE ADDRESS] and registered number [ADGM REGISTRATION NUMBER]. For the purposes of the ADGM Data Protection Regulations 2021 (the "DPR 2021"), Virtual Minds is the Controller of personal data processed in connection with the services described below.

2. Scope

This Policy applies to personal data we process when you visit virtualminds.tech, create an account, use our consumer applications (Room AI, Garden AI, Car AI, Reshot AI, AI Chart Analyzer, AI Chat Analyzer, AI Video Generator), our enterprise products (LeadsMind, InsureMind), or otherwise interact with us. It does not cover third-party services we link to.

3. Personal data we collect

Provided by you

  • Identity and contact details (name, email, phone where given)
  • Account credentials and profile information
  • Billing details (processed by our payment providers; we do not store card numbers)
  • Content you upload, submit or generate through our applications ("User Content")
  • Correspondence with us

Collected automatically

  • Device, browser, operating system and approximate location (derived from IP address)
  • Usage events: features accessed, session duration, referral source
  • Cookies and similar technologies (see Section 11)

4. Lawful bases for processing

Under the DPR 2021, we rely on the following lawful bases:

  • Performance of a contract — to provide the services you have requested, manage your account, and process payments.
  • Legitimate interests — to operate, secure, troubleshoot and improve our services, prevent fraud and abuse, and communicate with you about your account. We balance these interests against your rights and document this assessment.
  • Consent — for marketing communications, non-essential cookies, and any processing of special categories of personal data where applicable. You can withdraw consent at any time without affecting prior lawful processing.
  • Legal obligation — to comply with laws and regulatory requirements that apply to us in the ADGM, the wider United Arab Emirates, or other relevant jurisdictions.

5. Purposes of processing

  • Providing, maintaining and operating the services and your account
  • Processing payments and managing subscriptions
  • Customer support and responding to enquiries
  • Service and security analytics, debugging, and abuse detection
  • Product improvement using aggregated or anonymised data; we do not use identifiable User Content to train foundation models without your consent
  • Marketing where you have consented, including newsletters and product updates
  • Compliance with legal obligations and the establishment, exercise or defence of legal claims

6. Recipients and processors

We share personal data only with processors and partners bound by written agreements that require confidentiality and DPR 2021-compliant safeguards. Categories include:

  • Cloud infrastructure — Google Cloud Platform (hosting, storage, identity, analytics, push notifications)
  • Payment processors — for subscription billing and in-app purchases
  • Analytics and monitoring — for usage and performance measurement
  • Professional advisers — auditors, lawyers and accountants where required
  • Authorities — where disclosure is required by ADGM, UAE federal, or other applicable law, or to protect our legal rights

We do not sell personal data.

7. International transfers

Some of our processors operate outside the ADGM, including in jurisdictions that may not have been designated by the ADGM Commissioner of Data Protection as offering an adequate level of protection. Where that is the case, we rely on the appropriate safeguards permitted by the DPR 2021 — including standard contractual clauses and supplementary technical measures such as encryption in transit and at rest. You may request a summary of the safeguards in place by contacting privacy@virtualminds.tech.

8. Retention

We keep personal data only for as long as it is needed for the purposes set out above, or longer where required by law. Account data is retained for the life of your account and then deleted or anonymised within a reasonable period after closure, subject to legal retention requirements (for example, accounting and tax records). User Content is retained according to the settings of the relevant application; in most cases you can delete content yourself at any time.

9. Security

We implement technical and organisational measures appropriate to the risks of processing, including encryption in transit and at rest, role-based access control, secure development practices, and infrastructure monitoring. Further detail is available on our Security page.

10. Your rights under the DPR 2021

Subject to the conditions and exemptions set out in the DPR 2021, you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate or incomplete personal data rectified
  • Request erasure of your personal data in the circumstances permitted by the DPR 2021
  • Restrict processing in defined circumstances
  • Object to processing carried out on the basis of legitimate interests, and to processing for direct marketing
  • Data portability for personal data you provided that we process by automated means on the basis of consent or contract
  • Withdraw consent at any time without affecting prior lawful processing
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, except as permitted by the DPR 2021

To exercise these rights, contact privacy@virtualminds.tech. We respond within one month and may ask for proof of identity before acting on a request.

11. Cookies

We use strictly necessary cookies to operate the site, and analytics and preference cookies where you have consented. You can manage non-essential cookies through your browser or our cookie controls. Disabling strictly necessary cookies may impair functionality of the services.

12. Children

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@virtualminds.tech and we will delete it promptly.

13. Automated processing and AI

Our applications produce AI-generated outputs based on inputs you provide. We do not use identifiable User Content to train foundation models without your consent. Where we make a decision about you that produces legal or similarly significant effects (for example, suspension of an account for suspected abuse), a member of our team reviews the decision before it takes effect or, where this is not possible, on your request.

14. Personal data breaches

We maintain procedures for detecting and responding to personal data breaches. Where a breach is likely to result in a risk to the rights and freedoms of individuals, we notify the ADGM Office of Data Protection without undue delay and, where feasible, within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk, we also notify affected individuals without undue delay.

15. Changes to this Policy

We may update this Policy from time to time. Material changes will be flagged here with a new "Last updated" date and, where appropriate, notified by email or in-product notice.

16. Complaints

Please contact us first at privacy@virtualminds.tech so we have an opportunity to address the matter. You also have the right to lodge a complaint with the Office of Data Protection at the Abu Dhabi Global Market, the supervisory authority responsible for the DPR 2021.

17. Contact

Controller: Virtual Minds Ltd, [REGISTERED OFFICE ADDRESS], Abu Dhabi Global Market, Abu Dhabi, United Arab Emirates.
Email: privacy@virtualminds.tech.
Visit our Contact page for other channels.