Privacy Policy

Mindhive Privacy Policy – October 2025

Mindhive is owned and operated by Mindhive Pty Ltd (ABN 83 618 732 862) (referred to in this policy as Mindhive, we, us or our). This Privacy Policy applies to any information supplied to us whilst using our services, whether that be in person, by phone, over email or through our website located at https://mindhive.ai (Website) (we will refer to these collectively as the Services).

We are committed to protecting the privacy of all our users. The Privacy Act (1988) (Cth) (Privacy Act) and the Australian Privacy Principles (Privacy Principles) set out in Schedule 1 of the Privacy Act govern the collection, storage, use, and disclosure of information by which individuals may be identified. Further, we comply with the EU General Data Protection Regulation 2016/679 (GDPR).

We may update the privacy policy from time to time at our sole discretion. Any variations become effective on posting the updated privacy policy and we shall have no obligation to provide you with individual notice of such changes. Your continued use of the Services following the publication of any amended privacy policy shall signify your acceptance of that amended privacy policy, except where we are otherwise obliged by law to seek your direct consent.

Please read this privacy policy carefully before using our Services.

If you do not agree with any part of this privacy policy, please do not use our Services.

What information do we collect

This privacy policy covers all information collected via your use of the Services. The information we collect can be broken down into the following types:

Personal Information means information that can be used to personally identify you such as your name, email address, contact number, profile pictures, and payment details. We do not collect or process the Personal Information of anyone under the age of 18 without the express consent of their parent or guardian.

Usage Information means anonymous aggregate data that is automatically collected through your use of our Websites. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Website. This information is used for statistical analysis to help us improve the Services to the benefit of all users.

The GDPR recognises that Usage Information, whilst for the most part anonymous, can be cumulatively used to directly or indirectly identify you. Usage Information that can be used to identify you in any way, together with your Personal Information, shall collectively be referred to in this privacy policy as Personal Data.

How do we collect your information

Personal Information is collected directly from you when you:

• join as a Thought Leader or Mindhive Partner Organisation Member
• post a comment or interact with other users and content
• make a payment
• opt into our mailing list
• contact us or access our Website

It is your choice to provide Personal Information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it may be necessary for us to collect your Personal Information to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Information, we may not be able to provide the Services to you in a fully operational form.

Cookies

We collect anonymous Usage Data on our Website which utilises cookies, pixel tags and other tracking technologies (collectively Cookies). These hold specific information that helps a website remember your actions and preferences over time.

To request a full list of the Cookies we use, please email privacy@mindhive.org.

How do we use your information

We use your Personal Data to:

• confirm your identity and provide our Services
• respond to requests and process payments
• improve Website functionality
• prevent, detect and investigate potential illegal activities, security breaches and fraud
• contact you with promotional emails where you have opted in

We will only use your Personal Data for purposes that you would reasonably expect in connection with providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or licence your email address or any of your Personal Data.

‘Opt Out’

You may opt out from direct marketing at any time by emailing privacy@mindhive.org or clicking unsubscribe on any marketing communications.

Who we disclose your information to

We may disclose your Personal Data to:

• employees, contractors and officers of Mindhive and its related entities
• authorities, including police or regulators
• third-party Mindhive Partner Organisations (where you are a visible member)

All personnel are bound by Australian privacy laws. You can withdraw your consent for third-party disclosure at any time, though this may affect your ability to use the Services.

Your rights to your information

Under the GDPR, you have rights to access, erase, restrict processing, and receive a copy of your Personal Data.

Requests may be made by emailing privacy@mindhive.org.

Accessing, reviewing and changing your information

You can update your details at any time through your account settings or by emailing support@mindhive.org. You are responsible for maintaining accurate information to ensure we can provide our Services effectively.

Security

We protect your Personal Data through technical and organisational security measures including encryption, firewalls, and access controls that limit the risk of loss, disclosure, or unauthorised access.

Mindhive’s systems are managed in alignment with internationally recognised information-security standards, including ISO 27001 and NIST Cybersecurity Framework (NIST CSF). Regular internal and external reviews, penetration testing, and data-protection audits are undertaken to verify continuing compliance.

All employees and contractors complete annual security and privacy training, consistent with obligations under Mindhive’s enterprise agreements and government contracts.

While no security system is 100 percent secure, Mindhive maintains incident-response procedures and a disaster-recovery framework to protect your information and restore service continuity.

Breach Notification
Where a data breach is likely to result in serious harm, Mindhive will notify affected individuals and relevant authorities as soon as practicable and within any statutory timeframe required under Australian law or other applicable jurisdictional laws. Notifications will include the nature of the breach, affected data categories, recommended mitigation steps, and contact details for Mindhive’s Privacy Officer.

Data Localisation and Overseas Disclosure

All Personal Data collected by Mindhive is stored on secure servers located in Australia.
Where data may be transferred overseas for service continuity or support purposes, Mindhive ensures equivalent data-protection safeguards consistent with the Australian Privacy Principles and the GDPR.

We may, in the course of providing the Services to you, transfer your Personal Data to countries deemed by the EU Commission to have an adequate level of data protection. Where we transfer data to a third party in a country without an adequacy decision, we require that the recipient is contractually bound to meet the requirements of the Privacy Act, Privacy Principles and GDPR.

Data Anonymisation and Re-identification

Mindhive applies de-identification and minimum-sample thresholds when reporting or analysing group data to protect individual anonymity. All analytical outputs are assessed for disclosure risk before publication or sharing.

Mindhive strictly prohibits any attempt to re-identify individuals from de-identified or aggregated data sets. Such actions are a breach of this policy and may result in termination of access and/or legal action.

Sensitive Information

We generally do not collect sensitive information unless volunteered by you. If we require such data, we will obtain explicit consent and apply enhanced safeguards consistent with the Australian Privacy Principles and GDPR.

Consent

When collecting your Personal Information, we ensure you are fully informed about why it is collected, how it is used, and who will have access. Explicit consent is obtained through active confirmation at the point of collection.

Data Retention and Deletion

We retain Personal Data only as long as necessary to provide the Services, comply with legal obligations, and resolve disputes. You may request deletion of your data at any time.

When engaged by government or enterprise clients, Mindhive applies additional privacy, security, and data-retention controls to meet client-specific regulatory or contractual requirements. These controls may include secure data enclaves, enhanced access logging, encryption-at-rest and in-transit verification, and jurisdiction-specific retention schedules.

Accessibility and Inclusion

Mindhive is committed to accessibility and inclusivity in its digital Services. The Mindhive platform is developed and maintained to conform with WCAG 2.1 AA standards, with a continuous improvement roadmap to ensure equal access for all users.

Contact

Mindhive Pty Ltd
ATT: Privacy Officer
Level 5, 200 Adelaide St, Brisbane QLD 4000
privacy@mindhive.ai

If you are not satisfied with our handling of your Personal Data, you may lodge a complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au) or the European Data Protection Supervisor (https://edps.europa.eu).