Privacy Policy

1. Who we are

Mindgrind LLC (“Mindgrind,” “we,” “us,” or “our”) operates Rapid ITAD, a business software service for data destruction and ITAD workflows, available at rapiditad.mindgrind.app.

For privacy questions or requests, contact: sales@mindgrind.app.

2. Scope

This Privacy Policy applies to information we process when you use the Rapid ITAD website, admin dashboard, floor scanner experience, and related services. It does not cover third-party websites or your own policies toward your end clients—you are responsible for telling your customers how you handle their data.

3. Information we collect

Account and organization data

• Administrator email address and password (authentication is handled by our hosting provider);
• Organization name, business address, logo, certificate compliance text, and related profile fields you provide;
• Technician display names and PINs (PINs are stored in hashed form on our servers).

Operational and certificate data

• Client names, job or PO references, destruction method, expected units, and customer email addresses for certificate delivery;
• Device serial numbers, scan timestamps, and technician attribution recorded in batch audit logs;
• Batch status (e.g., in progress, completed) and certificate version metadata.

Floor scanner and workstation data

• Workstation activation and device tokens stored in your browser’s local storage to keep a bench signed in;
• A browser-generated device fingerprint identifier used to associate a device with a workstation;
• Workstation display names, and optional network or device metadata you or the app supply for administration.

Technical data

• Standard server and application logs (e.g., IP address, request timestamps, errors) from our infrastructure providers;
• Payment-related identifiers if you subscribe (processed by our payment provider—we do not store full card numbers).

4. How we use information

We use information to:

• Provide, maintain, and improve the Service;
• Authenticate users and provision workstations;
• Generate and host Certificates of Destruction and serialized audit trails;
• Send certificate notification emails to addresses you specify;
• Process subscriptions and billing when enabled;
• Protect the Service, investigate abuse, and comply with law.

5. How we share information

We do not sell your personal information. We share information only as follows:

• Service providers that help us run the Service, such as cloud hosting and database (Supabase), transactional email (Resend), payment processing (Stripe, when billing is enabled), and static content delivery. They process data under our instructions and their own terms.
• Your direction—for example, when you email a certificate link to your client or share a certificate URL.
• Legal requirements—if we believe disclosure is required by law or necessary to protect rights, safety, or the Service.
• Business transfers—in connection with a merger, acquisition, or sale of assets, with notice where appropriate.

6. Public certificates

Completed Certificates of Destruction are available to anyone who has the certificate link (including serial numbers, client and job information, and compliance text you configured). Do not share certificate URLs publicly unless you intend that audience to view the document. You control when certificates are finalized and which customer email receives a link.

7. Storage on your devices

The Service uses browser local storage and similar technologies to remember workstation activation, active batch context, and technician session state on floor devices. You can clear this data by using “forget workstation” in the app or clearing site data in your browser.

8. Retention and deletion

While your organization maintains an active account, we retain information as needed to operate the Service. If you close your organization account, we keep your data for ninety (90) calendar days so you can export it from the Company profile tab or by emailing sales@mindgrind.app. After that period, we delete application data (organization profile, batches, serial logs, workstations, and related records) except where law requires longer retention. Billing and payment records may be kept separately through our payment processor.

You may request deletion of your organization’s account and associated data by closing the account in the app or contacting sales@mindgrind.app. We will respond within a reasonable time, subject to legal or backup retention requirements.

9. Security

We use reasonable administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Your choices

• Update organization and certificate settings in the admin dashboard;
• Export all organization data from the Company profile tab;
• Manage technicians, workstations, and access within your organization;
• Contact us to access, correct, or delete account data where applicable.

11. Children

The Service is not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children.

12. U.S. privacy rights

Depending on where you live, you may have rights to access, delete, or correct personal information, or to opt out of certain processing. California residents may have additional rights under the CCPA/CPRA. To exercise rights, email sales@mindgrind.app with enough detail for us to verify your request. We will not discriminate against you for exercising privacy rights permitted by law.

13. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised Policy with a new “Last updated” date. Material changes may be communicated through the Service or by email where appropriate.

14. Contact

Mindgrind LLC
Email: sales@mindgrind.app