Privacy
Privacy Notice
This notice explains how Minefy processes personal data for its website, private demos, pilot environments, web app, mobile app, and customer planning platform.
Last updated: 20 May 2026
Controller
1. Controller and contact details
For personal data processed by Minefy for its own website, sales, demos, customer administration, billing, security, support, and service administration purposes, the controller is:
Minefy Oy
Business ID: 3586248-7
Registered office: Kemi, Finland
Email: [email protected]
Platform Roles
2. Customer platform roles
In the Minefy customer platform, customer organizations control their own planning data, operational data, user access, uploaded content, and workspace configuration.
For customer workspace content, Minefy generally acts as a processor on behalf of the customer organization. The customer organization acts as the controller or, where applicable, as an independent processor for its own customers or partners.
Customer workspace content may include users, organization memberships, roles, schedules, tasks, equipment information, production plans, progress updates, comments, uploaded documents, mine maps, attachments, planning context, audit logs, AI prompts, AI-assisted planning context, and AI-generated outputs.
Data
3. Personal data Minefy may process
- Name, work email address, company, role, and contact details.
- Demo request, sales, and customer communication information that you choose to send by email.
- Account, authentication, organization membership, role, and permission data.
- Customer workspace content submitted or configured by customer organizations and authorized users.
- Planning, scheduling, task, equipment, progress, document, map, comment, and report data.
- Prompts, AI requests, AI outputs, and related planning context when AI-assisted features are used.
- IP addresses, device/browser information, requested URLs, referrers, usage events, audit logs, security logs, error logs, and diagnostic data.
- Billing, invoicing, customer relationship, and business administration information.
Minefy does not require customers to submit special category personal data. Customers should not submit unnecessary special category personal data or legally restricted information into the service or AI prompts unless the customer has assessed and approved that use under its own policies and applicable law.
Purpose
4. Purposes and legal bases
Minefy processes personal data to operate, maintain, secure, support, and improve the website and platform; respond to demo requests and sales inquiries; manage accounts, organizations, roles, and access rights; provide planning, scheduling, collaboration, reporting, and AI-assisted features; monitor availability, performance, errors, and security events; manage billing, contracts, and customer relationships; comply with legal obligations; and establish, exercise, or defend legal claims.
Where Minefy acts as controller, the legal bases may include performance of a contract or pre-contractual steps, Minefy's legitimate interests, compliance with legal obligations, and consent where required. Where Minefy acts as processor, Minefy processes personal data on the documented instructions of the relevant customer organization.
| Purpose | Typical legal basis |
|---|---|
| Demo requests and sales communication | Pre-contractual steps and/or Minefy's legitimate interests. |
| Customer administration and billing | Contract, legal obligations, and Minefy's legitimate interests. |
| Account, authentication, organization membership, roles, and access management | Contract and Minefy's legitimate interests. |
| Service operation, support, maintenance, troubleshooting, and improvement | Contract and Minefy's legitimate interests. |
| Security monitoring, audit logs, abuse prevention, and incident investigation | Minefy's legitimate interests and legal obligations where applicable. |
| AI-assisted features in customer workspaces | Customer instructions under the applicable customer agreement or DPA; where Minefy acts as controller, contract or legitimate interests as applicable. |
| Legal claims and compliance | Legal obligations and Minefy's legitimate interests. |
| Consent-based processing | Consent where required, for example if non-essential cookies or optional communications are later enabled. |
Providers
5. Service providers, AI, and transfers
Minefy may use trusted service providers and subprocessors to provide, secure, monitor, support, and administer the service. These providers may support cloud hosting, database and storage services, network and security services, authentication, email delivery where configured, monitoring, logging, AI-assisted product features, billing, and administration.
Minefy may provide AI-assisted features through service providers including OpenAI. When a user requests AI assistance, Minefy may send relevant planning context, prompts, user instructions, workspace information, and related outputs to generate the requested assistance.
Some service providers may process personal data outside the European Economic Area. Where required, Minefy uses appropriate safeguards such as data processing agreements, EU Standard Contractual Clauses, adequacy decisions, transfer impact assessments, and technical and organizational security measures.
| Provider | Purpose | Data categories | Location/transfer note |
|---|---|---|---|
| Railway | Hosting and application infrastructure where used for deployment. | Request metadata, application logs, and application data in transit. | Processing location may depend on the selected deployment region and provider configuration. |
| Neon | PostgreSQL database infrastructure. | Account, organization, workspace, audit log, and service data stored in databases. | Region and transfer details depend on the active database configuration and customer agreement. |
| Cloudflare R2 | S3-compatible object storage for uploaded files, documents, and mine maps. | Uploaded files, object metadata, tenant identifiers, and related storage metadata. | Bucket location and transfer details depend on the active Cloudflare/R2 configuration. |
| Auth0 | Authentication, identity management, organization membership, invitations, and roles. | User identity data, work email, authentication events, organization membership, and role data. | Processing and transfers depend on Auth0 tenant settings, provider terms, and applicable safeguards. |
| OpenAI | AI-assisted planning, summaries, suggestions, and related product features. | Prompts, relevant planning context, AI outputs, and usage metadata when AI-assisted features are used. | Provider retention and abuse-monitoring settings may depend on provider terms, API configuration, service plan, and product settings. |
The public website uses local/system font rendering and does not currently load Google Fonts or other remote font files. Minefy does not use remote fonts for analytics or marketing profiling.
Retention
6. Retention
Minefy retains personal data only for as long as necessary for the purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law, contract, or legitimate security needs.
| Data category | Typical retention |
|---|---|
| Website contact and demo requests | Up to 24 months after the last relevant interaction, unless a customer relationship begins or a longer period is needed for legal claims or business records. |
| Customer workspace data | According to the applicable customer agreement, workspace configuration, and customer instructions. |
| Security logs and technical logs | Typically for a limited period necessary to secure the service, investigate incidents, troubleshoot issues, and maintain auditability; longer if required for legal, security, or customer-agreement reasons. |
| Audit logs | According to the applicable customer agreement or service configuration. |
| Billing and accounting records | As required by applicable accounting and tax laws. |
| AI prompts and outputs | According to the applicable customer agreement, service configuration, and provider retention settings. |
Cookies
7. Cookies and similar technologies
Minefy currently aims to use only cookies and similar technologies that are necessary to operate the website, maintain sessions, secure authentication, remember essential preferences, and provide requested services. The public website does not currently include a contact form; demo requests are started through the user's own email client.
Minefy does not currently use non-essential analytics or marketing cookies on the public website. If Minefy later enables non-essential analytics, marketing, or support cookies, Minefy will provide appropriate information and consent controls where required.
| Technology | Purpose | Type |
|---|---|---|
| Session/authentication cookies | Login, session security, and authenticated service access where applicable. | Essential |
| CSRF/security tokens | Security controls intended to protect requests and reduce misuse. | Essential |
| Essential preference storage | Remembering required preferences or service settings where needed. | Essential |
| Server logs | Security, diagnostics, service operation, troubleshooting, and incident investigation. | Operational, not marketing |
Rights
8. Data subject rights
Depending on the circumstances and applicable law, individuals may have the right to request access, correction, deletion, restriction, objection, data portability, withdrawal of consent, and to lodge a complaint with a data protection supervisory authority.
For personal data contained in a customer workspace, requests should generally be directed to the relevant customer organization, because the customer controls that workspace data. Minefy will assist customers with data subject requests as required by the applicable customer agreement, data processing agreement, and data protection law.
Privacy requests can be sent to: [email protected].