Compliance

Regulatory Compliance

Our commitment to data protection and international regulatory compliance.

Our Commitment

MYNDME Group places the protection of personal data and respect for privacy at the heart of its activities. With offices in Paris, Casablanca, and Singapore, we are committed to complying with the regulations in force in each jurisdiction where we operate.

This commitment is reflected in concrete measures: minimizing data collected, full transparency about processing activities, and implementing appropriate technical and organizational safeguards.

Applicable Regulations

European Union — GDPR

The General Data Protection Regulation (GDPR, EU Regulation 2016/679) is our primary regulatory framework. It applies to all personal data of European Union residents processed by MYNDME Group.

Principles observed:

  • Lawfulness, fairness, and transparency of processing
  • Purpose limitation
  • Data minimization
  • Accuracy of data
  • Storage limitation
  • Integrity and confidentiality

California (USA) — CCPA

The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) apply to California residents. MYNDME Group respects the following rights:

  • Right to know what data is collected
  • Right to request deletion of data
  • Right to opt out of the sale of personal data (we do not sell any data)
  • Right to non-discrimination for exercising these rights

Singapore — PDPA

Singapore's Personal Data Protection Act (PDPA) governs the collection, use, and disclosure of personal data. MYNDME Group complies with the following obligations:

  • Consent obligation before collection
  • Purpose notification obligation
  • Data access limitation
  • Protection of data through reasonable security measures
  • Limited retention obligation
  • Right of access and correction for data subjects

Morocco — Law 09-08

Law 09-08 on the protection of individuals with regard to the processing of personal data applies to our Casablanca office. MYNDME Group complies with:

  • Conditions for lawful processing
  • Rights to information, access, correction, and objection
  • Security and confidentiality obligations
  • Conditions for data transfer outside Morocco

Technical and Organizational Measures

To ensure the protection of your data, MYNDME Group implements the following measures:

Technical Security

  • Encryption in transit: all communications are protected by TLS/SSL (HTTPS enforced across the entire site)
  • Secure hosting: Cloudflare Pages with DDoS protection, WAF (Web Application Firewall), and global CDN
  • No database: the showcase website does not store any personal data in a database. Forms are processed by Formspree
  • No trackers: no analytics tools, no tracking pixels, no advertising cookies

Organizational Measures

  • Limited access: only authorized personnel have access to contact form data
  • Minimization: we only collect data strictly necessary for the declared purposes
  • Awareness: team members are trained in data protection best practices
  • Periodic review: data processing activities are subject to regular review

Sub-processors

MYNDME Group uses the following sub-processors for the operation of the website:

Cloudflare, Inc.

  • Role: hosting (Cloudflare Pages), CDN, DDoS protection, SSL certificate
  • Headquarters: San Francisco, CA, USA
  • Safeguards: ISO 27001 certified, compliant with the EU-US Data Privacy Framework
  • Data processed: technical data (IP, HTTP headers) for security and content delivery

Formspree, Inc.

  • Role: processing and forwarding of contact form submissions
  • Headquarters: USA
  • Data processed: name, email, company, message submitted via the contact form
  • Retention: data passes through Formspree and is forwarded by email to MYNDME Group

Google Fonts (Google LLC)

  • Role: loading website fonts
  • Headquarters: Mountain View, CA, USA
  • Data processed: user IP address when fonts are loaded
  • Safeguards: compliant with the EU-US Data Privacy Framework

User Rights by Jurisdiction

European Union Residents (GDPR)

  • Right of access, rectification, and erasure
  • Right to data portability
  • Right to object and restrict processing
  • Right to withdraw consent
  • Right to lodge a complaint with the CNIL or your country's supervisory authority

California Residents (CCPA/CPRA)

  • Right to know what data is collected and how it is used
  • Right to request deletion
  • Right to opt out of sale (we do not sell your data)
  • Right to non-discrimination
  • Right to correct inaccurate data

Singapore Residents (PDPA)

  • Right to access personal data
  • Right to correction
  • Right to withdraw consent
  • Right to file a complaint with the PDPC

Morocco Residents (Law 09-08)

  • Right to information at the time of collection
  • Right to access data
  • Right to correction and deletion
  • Right to object to processing
  • Right to file a complaint with the CNDP (Commission Nationale de controle de la protection des Donnees a caractere Personnel)

Contact

For any questions regarding our compliance policy or to exercise your rights, contact us:

We commit to processing your request as quickly as possible and in accordance with applicable regulatory requirements (30 days maximum for GDPR).

For more details about the processing of your personal data, see our Privacy Policy.

Last updated: March 2026