Privacy Policy

Effective Date: March 20, 2026

Legal Entity: Gnosis Oy (Business ID: FI20679962, Jyväskylä, Finland), operating as MindMastery

1. Who we are

MindMastery is a life architecting consultancy operated by Gnosis Oy, a Finnish limited liability company. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with GDPR and Finnish data protection law.

Data Controller: Gnosis Oy, Jyväskylä, Finland — [email protected]

2. What data we collect

Information you provide directly

Full name, email address, professional title and organisation
Annual compensation range (for service qualification)
Self-reported sovereignty constraint descriptions and career context
Communication records and programme materials
Billing name and email (payment processed via Stripe/Wise)

Data collected automatically

IP address, browser type, pages visited, session duration
Essential cookies only — no advertising or tracking cookies

Data we do NOT collect

Medical or health information
Financial account details
Sensitive personal data (race, religion, political opinions, sexual orientation)
Data from individuals under 18

3. Legal basis (GDPR Article 6)

Contractual necessity (6(1)(b)): Delivering services you have engaged us to provide
Legitimate interest (6(1)(f)): Operating our consultancy and improving methodology
Consent (6(1)(a)): Optional communications — withdraw at any time
Legal obligation (6(1)(c)): Finnish accounting and tax law compliance

4. How we use your data

Conducting diagnostic assessments and delivering transformation frameworks
Responding to inquiries and coordinating sessions
Processing payments and maintaining financial records

We do NOT sell your data, use it for advertising, or share it with marketing platforms.

5. Third-party processors

Stripe/Wise — Payment processing (PCI-DSS compliant)
Google Workspace — Email and document storage (GDPR-compliant)
Notion — CRM and client records (GDPR-compliant)
Systeme.io — Marketing automation (GDPR-compliant)
n8n (self-hosted) — Workflow automation

We will never sell, rent, or trade your personal data. This is non-negotiable.

6. Data retention

Active client data: Duration of engagement + 6 months post-completion
Financial records: 6 years (Finnish accounting law)
Consultation inquiries (non-clients): 12 months
Marketing consent: Until withdrawn or deletion requested

7. Your rights under GDPR

Access (Art. 15): Request a copy of all data we hold about you
Rectification (Art. 16): Correct inaccurate or incomplete data
Erasure (Art. 17): Request deletion (subject to legal retention requirements)
Restriction (Art. 18): Limit processing while accuracy is verified
Portability (Art. 20): Receive data in machine-readable format
Object (Art. 21): Object to processing based on legitimate interest
Withdraw consent (Art. 7): Revoke at any time
Lodge complaint (Art. 77): File with the Finnish Data Protection Ombudsman (tietosuoja.fi)

To exercise your rights: email [email protected] with subject “GDPR Request — [Your Name]”. We will respond within 30 days.

8. Security

End-to-end encryption for email communication
Secure cloud storage with encryption at rest
Two-factor authentication on all systems
Breach notification within 72 hours as required by GDPR Article 33

9. Cookies

We use strictly necessary cookies only (session management, security). No tracking or advertising cookies are deployed. You may disable cookies in your browser settings.

10. Contact

Email: [email protected]
Subject: “GDPR Request — [Your Name]”

Legal Address:
Gnosis Oy
Kivääritehtaankatu 8 B
40100 Jyväskylä, Finland

Finnish Data Protection Authority:
Office of the Data Protection Ombudsman
tietosuoja.fi · [email protected]