Terms of Use & Data Processing Addendum
These Terms govern your use of MynAI. The Data Processing Addendum (DPA) below forms part of these Terms and is intended to meet Article 28 GDPR requirements.
1. Definitions
The operator of the MynAI service. Contact details are available on the Contact page.
The person or entity creating an account and using the Service, including any authorised users under your account.
The MynAI website, applications, APIs and related services, including file upload, link sharing, and AI-assisted chat with content.
Files, text, metadata and other content you upload or provide, including any personal data contained within them.
2. The Service
- You can upload files, generate shareable links, and (where enabled) allow recipients to download files and/or chat with your content.
- Links are intended to be shared only with people you trust. You remain responsible for link distribution.
- We may improve, change, or discontinue parts of the Service from time to time.
AI responses can be incomplete or incorrect. You should verify outputs, especially for legal, medical, financial, or other high-stakes decisions.
3. Accounts, access and sharing
You are responsible for all activity under your account. Use strong passwords and keep credentials confidential. Notify us if you suspect unauthorised access.
Sharing a link grants access to the linked content (subject to your settings and our safeguards). You control who receives the link and whether downloads are enabled.
4. Plans, billing and usage limits
Your plan determines storage and question limits (see Pricing). We may enforce limits, pause processing, or require an upgrade if you exceed your plan.
- Free plan limits apply per account.
- Professional and Enterprise plans may be provisioned manually until automated billing is enabled.
- We may change plans and pricing with advance notice where required by law.
5. Acceptable use
- Upload unlawful content, malware, or content that infringes rights of others.
- Attempt to bypass security, scrape, reverse engineer, or disrupt the Service.
- Use the Service to violate privacy laws, confidentiality duties, or export restrictions.
You remain the owner (or authorised controller) of Customer Data. You represent that you have the lawful basis and necessary permissions to upload and share it.
6. Intellectual property
We retain all rights in the Service, software, branding, and documentation. You receive a limited, non-exclusive, non-transferable right to use the Service during your subscription term in accordance with these Terms.
7. Data Processing Addendum (DPA)
This DPA applies where MynAI processes personal data on your behalf as a processor. If you need a signed version, contact us.
- You are the controller (or act on behalf of the controller) for Customer Data.
- MynAI is the processor for personal data processed through the Service on your documented instructions.
- Subject matter, nature and purpose of processing are described in Annex 1.
- We will process personal data only on your documented instructions, unless required by EU/Member State law (in which case we will inform you unless prohibited).
- We ensure persons authorised to process personal data are bound by confidentiality.
- We implement appropriate technical and organisational measures (TOMs) as described in Annex 2.
- We will assist you, taking into account the nature of processing, with data subject requests and GDPR compliance obligations where reasonably possible.
We use the following subprocessors to deliver the Service. We will ensure they are bound by data protection obligations no less protective than this DPA.
- Cloud86 — hosting and infrastructure (storage and server operations).
- Mistral (AI) — large language model inference to generate answers for the “chat with your documents” feature. We send your question and relevant text snippets to the model to produce a response.
We may add or replace subprocessors over time for legitimate business reasons (e.g., reliability, security). Where required by law or contract, we will provide prior notice and allow you to object.
We aim to store and process Customer Data within the EEA. If processing involves transfers outside the EEA, we will use appropriate safeguards (such as Standard Contractual Clauses) where applicable.
We will notify you without undue delay after becoming aware of a personal data breach involving Customer Data and provide information reasonably required for your notifications and mitigation.
Upon termination of the Service, we will delete or return Customer Data in accordance with our retention practices, unless EU/Member State law requires storage. You can delete content from the Service at any time using the provided controls.
We will make available information reasonably necessary to demonstrate compliance with this DPA and allow for audits by you (or an independent auditor) on reasonable notice, subject to confidentiality and security constraints.
Subject matter: Hosting and making Customer Data available through share links and AI-assisted interaction.
Duration: For the term of your account and until deletion/expiration, subject to backups and legal retention.
Nature of processing: Upload, storage, indexing, retrieval, display, and (where enabled) AI-assisted analysis of content.
Purpose: Providing the Service features you select and share.
Categories of data subjects: Your employees, contractors, customers, end users, or other individuals whose data you upload.
Types of personal data: Depends on your uploads; may include identifiers, contact details, employment information, documents, and any data embedded in files.
- Access controls for accounts and administrative functions.
- Transport encryption (HTTPS) for data in transit.
- Logical separation between customer content by link/token and authorisation checks.
- Backups and integrity checks appropriate to the Service tier.
- Monitoring and rate limiting to mitigate abuse.
- Incident response procedures and breach notification workflow.
8. Availability and support
We aim to provide a reliable service, but we do not guarantee uninterrupted availability. Planned maintenance may occur. Support is provided as described on the Service and may vary by plan.
9. Disclaimers and limitation of liability
The Service is provided “as is” and “as available”. To the maximum extent permitted by law, we disclaim warranties of merchantability, fitness for a particular purpose, and non-infringement.
To the maximum extent permitted by law, our total liability for direct damages is limited to the fees paid by you for the Service in the 12 months preceding the event giving rise to the claim (or €0 if you are on the Free plan).
We are not liable for indirect or consequential damages, including lost profits, loss of data, or business interruption.
10. Miscellaneous
Each party will keep the other party’s confidential information confidential and use it only for the purpose of providing or using the Service.
We may update these Terms from time to time. Changes become effective when posted, unless we are required to provide advance notice by law.
These Terms are governed by the laws of the Netherlands, excluding its conflict of laws rules. Courts in Amsterdam have jurisdiction, unless mandatory law provides otherwise.