Privacy Policy

US English

Last updated: March 28, 2026

1. Introduction

This Privacy Policy explains how Mihnea Nicolau, trading as Minico AI (“we”, “us”, “our”), collects, uses, and protects your personal data when you visit our website at https://minico.ai. We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable German data protection laws.

We do not use cookies for tracking or advertising purposes on this website. However, certain personal data may be processed as described below.

2. Controller

The controller responsible for data processing on this website within the meaning of Article 4(7) GDPR is:

Mihnea Nicolau

trading as Minico AI

c/o IP-Management #9003

Ludwig-Erhard-Straße 18

20459 Hamburg

Email: mihnea.nicolau@minico.ai

Phone: +49 15679 789018

We are not required to appoint a Data Protection Officer under Article 37 GDPR.

3. Overview of Data Processing

When you visit our website, we process personal data through the following activities:

Provision and delivery of the website via Cloudflare (Section 4)
Website analytics via Cloudflare Web Analytics (Section 5)
Contact form submissions via Formspree (Section 6)
Appointment scheduling via Google Calendar (Section 7)
Email communication via Google Workspace (Section 8)
Video conferencing via Google Meet (Section 9)
Communication via WhatsApp (Section 10)
Communication via other third-party messaging services (Section 11)
Lead research from publicly available sources (Section 12)
Lead sourcing and prospecting via Instantly and Apollo (Section 13)
Cold email outreach campaigns via Instantly (Section 14)
Email tracking and analytics via Instantly (Section 15)

Each processing activity is described in detail below, including the type of data collected, the purpose, legal basis, and any third-party recipients.

4. Website Hosting and Content Delivery (Cloudflare)

4.1 Description

Our website is hosted on Cloudflare Pages and delivered through Cloudflare’s global content delivery network (CDN). When you access our website, your request is routed through Cloudflare’s infrastructure. This is necessary to deliver the website content to your browser, ensure its security, and protect against malicious attacks (such as DDoS attacks).

4.2 Data Processed

When you visit our website, Cloudflare automatically processes the following technical data:

IP address
Date and time of the request
Requested URL and referrer URL
Browser type and version
Operating system
Amount of data transferred
HTTP status code

This data is processed by Cloudflare’s infrastructure as part of routing and delivering web traffic. Cloudflare may also set strictly necessary security cookies (such as __cf_bm for bot management) to protect the website from automated threats. These cookies are technically necessary and do not require consent under § 25(2) TDDDG.

4.3 Purpose and Legal Basis

The processing is necessary for the provision of our website and its security. The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest lies in the secure and efficient delivery of our website to visitors.

Right to object: You have the right to object to this processing at any time on grounds relating to your particular situation, pursuant to Article 21 GDPR. To exercise this right, please contact us using the details in Section 25.

4.4 Recipient and Data Transfer

Cloudflare, Inc. is a US-based company. Their EU entity is Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany. Cloudflare processes data across its global network, which may include servers outside the EEA, including in the United States.

Transfer safeguard: Cloudflare is certified under the EU-US Data Privacy Framework (adequacy decision pursuant to Article 45 GDPR, European Commission decision C(2023) 4745). Additionally, Cloudflare’s standard Data Processing Addendum (DPA), which is incorporated into their Self-Serve Subscription Agreement, includes EU Standard Contractual Clauses (SCCs) as a supplementary safeguard.

Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

Cloudflare DPA: https://www.cloudflare.com/cloudflare-customer-dpa/

Cloudflare DPF listing: https://www.dataprivacyframework.gov/list

4.5 Retention

Cloudflare processes this data transiently as part of delivering web traffic. We do not have access to individual server logs on the free Cloudflare plan. Cloudflare’s retention practices are governed by their Privacy Policy.

5. Website Analytics (Cloudflare Web Analytics)

5.1 Description

We use Cloudflare Web Analytics to understand how visitors use our website, including which pages are visited, traffic volume, and general geographic distribution (country level). Cloudflare Web Analytics is a privacy-first analytics service that does not use cookies, does not use localStorage, does not fingerprint visitors via IP address or User Agent, and does not track individual users across sessions or websites.

5.2 Data Processed

Cloudflare Web Analytics collects the following aggregate, non-personal metrics via a lightweight JavaScript beacon:

Page views and visits (counted via referrer-based logic, not unique user tracking)
Page URL and referrer URL
Browser type and operating system (aggregated)
Country of origin (derived at the network edge, not stored per visitor)
Page load performance metrics (Core Web Vitals)

Cloudflare states that it does not store visitor IP addresses for the purpose of Web Analytics and does not use any persistent client-side identifiers.

5.3 Purpose and Legal Basis

The processing is carried out for the purpose of understanding website usage patterns and improving our website. The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest lies in optimizing our web presence and understanding visitor engagement. Given the privacy-preserving design of this service (no cookies, no individual tracking, no IP storage), we consider that this interest is not overridden by your rights and freedoms.

5.4 Recipient and Data Transfer

See Section 4.4 above. Cloudflare Web Analytics is provided by the same Cloudflare entity and the same transfer safeguards apply.

5.5 Retention

Cloudflare Web Analytics data is available for a limited period (currently up to 30 days) in aggregated form and cannot be linked to individual visitors.

6. Contact Form (Formspree)

6.1 Description

Our website includes a contact form that allows you to send us inquiries. When you submit the contact form, your message is processed through Formspree, a third-party form processing service, and forwarded to our business email address.

6.2 Data Processed

When you submit the contact form, the following data is processed:

Your name
Your email address
Your company name
Your work details / project description
Your message

In addition, Formspree automatically collects certain technical data when the form is submitted, including your IP address, browser type, and the date and time of submission.

6.3 Purpose and Legal Basis

We process this data for the purpose of responding to your inquiry and, where applicable, for the initiation of a business relationship. The legal basis is:

Article 6(1)(b) GDPR — processing is necessary for the performance of a contract or for steps taken at your request prior to entering into a contract (pre-contractual measures); or
Article 6(1)(f) GDPR — our legitimate interest in responding to business inquiries directed to us.

Right to object: Where processing is based on our legitimate interest, you have the right to object at any time on grounds relating to your particular situation, pursuant to Article 21 GDPR. To exercise this right, please contact us using the details in Section 25.

6.4 Recipient and Data Transfer

Formspree, Inc. is a US-based company. Their services are hosted on Amazon Web Services (AWS) in the United States. When you submit the contact form, your data is transferred to and stored on Formspree’s servers in the US.

Transfer safeguard: Formspree relies on EU Standard Contractual Clauses (SCCs) as the legal mechanism for international data transfers.

After processing by Formspree, your submission is forwarded to our Google Workspace email (see Section 8).

Formspree Privacy Policy: https://formspree.io/legal/privacy-policy/

6.5 Retention

Formspree stores form submissions on its servers (the 100 most recent submissions on the free plan). We will delete or request deletion of your data from Formspree once your inquiry has been fully processed and the data is no longer needed. We retain the corresponding email communication in our business email for the duration necessary to fulfill the purpose of your inquiry or as required by statutory retention obligations (up to 6 years for general business correspondence under § 257 HGB, or up to 10 years where the communication is tax-relevant under § 147 AO).

6.6 Alternative

You may also contact us directly by email at mihnea.nicolau@minico.ai instead of using the contact form. In that case, your data is not processed by Formspree.

7. Appointment Scheduling (Google Calendar)

7.1 Description

Our website contains an external link to Google Calendar, an external scheduling platform by Google, through which you can book a consultation or introductory meeting. When you click this link, you leave our website and are redirected to the Google platform. Google Calendar is not embedded on our website and does not set cookies or process data on our website. Data processing by Google only occurs when you navigate to their platform and choose to book an appointment.

7.2 Data Processed

When you use Google Calendar to book an appointment, Google may collect the following data:

Your name
Your email address
Additional information you provide in the booking form
Technical data (IP address, browser information)

This data is processed by Google on their platform, not on our website.

7.3 Purpose and Legal Basis

The purpose is to facilitate appointment scheduling at your request. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures at your request).

7.4 Recipients and Data Transfers

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Transfer safeguard: Google LLC is certified under the EU-US Data Privacy Framework. In addition, Google uses EU Standard Contractual Clauses (SCCs) as a transfer mechanism.

Google’s Privacy Policy: https://policies.google.com/privacy

7.5 Retention Period

Google’s data retention practices are governed by their privacy policy and terms of service. We retain scheduling data only for as long as necessary to fulfill the purpose of the appointment and any subsequent business relationship.

8. Email Communication (Google Workspace)

8.1 Description

We use Google Workspace (Gmail) as our business email provider. When you send us an email or when your contact form submission is forwarded to our inbox, your communication is processed and stored through Google’s infrastructure.

8.2 Data Processed

Your email address
Your name (if provided)
The content of your email message
Metadata (date, time, subject line)

8.3 Purpose and Legal Basis

We process this data for the purpose of business communication and responding to your inquiries. The legal basis is:

Article 6(1)(b) GDPR — processing is necessary for the performance of a contract or pre-contractual measures; or
Article 6(1)(f) GDPR — our legitimate interest in maintaining business correspondence.

8.4 Recipient and Data Transfer

Google LLC is a US-based company. Google Workspace data may be processed in data centers located in the EU/EEA and in the United States.

Transfer safeguard: Google LLC is certified under the EU-US Data Privacy Framework. Google’s Cloud Data Processing Addendum and Standard Contractual Clauses provide additional safeguards.

Google Privacy Policy: https://policies.google.com/privacy

Google Cloud DPA: https://cloud.google.com/terms/data-processing-addendum

8.5 Retention

We retain email correspondence for the duration necessary to fulfill the purpose of the communication, and in compliance with statutory retention obligations under German commercial and tax law (§ 257 HGB, § 147 AO), which may require retention of business correspondence for up to 6 or 10 years.

9. Video Conferencing (Google Meet)

9.1 Description

When you schedule an appointment through the Google Calendar link on our website (see Section 7), the meeting may take place via Google Meet, a video conferencing service provided by Google as part of Google Workspace. Google Meet is not embedded on our website; processing occurs only when you join a video call on Google’s platform.

9.2 Data Processed

When you participate in a Google Meet video call, Google may process the following data:

Your name and email address (as provided when joining the call)
Your IP address and device information (browser type, operating system, device type)
Audio and video data transmitted during the call
Screen sharing content, if applicable
Meeting metadata (date, time, duration, participant list)

If a meeting is recorded with the consent of all participants, the recording and any automatically generated transcripts are stored in our Google Workspace account.

9.3 Purpose and Legal Basis

We process this data for the purpose of conducting business meetings and consultations. The legal basis is:

Article 6(1)(b) GDPR — processing is necessary for the performance of a contract or for pre-contractual measures taken at your request; or
Article 6(1)(f) GDPR — our legitimate interest in conducting business meetings efficiently.

9.4 Recipient and Data Transfer

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google may process data in data centers located in the EU/EEA and in the United States.

Transfer safeguard: Google LLC is certified under the EU-US Data Privacy Framework. Google’s Cloud Data Processing Addendum and Standard Contractual Clauses provide additional safeguards. The same transfer safeguards described in Section 8.4 apply.

Google Privacy Policy: https://policies.google.com/privacy

Google Cloud DPA: https://cloud.google.com/terms/data-processing-addendum

9.5 Retention

Meeting metadata is retained as part of our Google Workspace account for the duration described in Section 8.5. Recordings, if made, are stored only for as long as necessary for the purpose of the business relationship and are deleted thereafter, unless statutory retention obligations apply.

10. Communication via WhatsApp

10.1 Description

If you contact us via WhatsApp at your own initiative or request that we communicate with you via WhatsApp, we may use this messaging service to respond to your inquiries and maintain business communication. We do not advertise WhatsApp as a communication channel on our website, and we only use it when you expressly choose this method of contact.

10.2 Data Processed

When we communicate with you via WhatsApp, the following data may be processed by WhatsApp:

Your mobile phone number
Your WhatsApp profile name and profile picture
The content of messages exchanged (text, images, documents, voice messages)
Metadata (timestamps, delivery and read confirmations, device information)
Your IP address

WhatsApp uses end-to-end encryption for message content in personal chats, meaning that WhatsApp (Meta) cannot read the content of messages. However, WhatsApp does process metadata and account information as described in their privacy policy.

10.3 Purpose and Legal Basis

We process this data for the purpose of responding to your inquiries and maintaining business communication at your request. The legal basis is:

Article 6(1)(b) GDPR — processing is necessary for the performance of a contract or for pre-contractual measures taken at your request; or
Article 6(1)(f) GDPR — our legitimate interest in responding to client inquiries via the communication channel they have chosen.

10.4 Recipient and Data Transfer

The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The parent company is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. WhatsApp may process data on servers located in the United States and other countries.

Transfer safeguard: Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework. Additionally, Meta uses EU Standard Contractual Clauses (SCCs) as a supplementary transfer mechanism.

WhatsApp Privacy Policy: https://www.whatsapp.com/legal/privacy-policy

Meta DPF listing: https://www.dataprivacyframework.gov/participant/4452

10.5 Retention

We retain WhatsApp messages for the duration necessary to fulfill the purpose of the communication. Messages may be deleted at your request. Statutory retention obligations under German commercial and tax law (§ 257 HGB, § 147 AO) may require retention of business-relevant correspondence for up to 6 or 10 years. We have no control over WhatsApp’s own data retention practices, which are governed by their privacy policy.

10.6 Alternative

You are not obligated to communicate with us via WhatsApp. You may always contact us by email at mihnea.nicolau@minico.ai or through the contact form on our website instead.

11. Communication via Other Third-Party Messaging Services

11.1 Description

If you contact us through other third-party messaging services (such as Telegram, Signal, or similar platforms) at your own initiative, or if you request that we use such a service to communicate with you, we may respond and conduct business communication through the platform you have chosen.

11.2 Data Processed

The types of data processed depend on the specific messaging service used, but typically include your username or phone number, message content, and technical metadata (such as timestamps and device information). Each platform processes data according to its own privacy policy.

11.3 Purpose and Legal Basis

We process this data for the purpose of responding to your inquiries and maintaining business communication via the channel you have selected. The legal basis is:

Article 6(1)(b) GDPR — processing is necessary for the performance of a contract or for pre-contractual measures taken at your request; or
Article 6(1)(f) GDPR — our legitimate interest in responding to client inquiries via their preferred communication channel.

11.4 Recipients and Data Transfer

Data is processed by the respective platform provider. These providers may transfer data outside the EEA. We encourage you to review the privacy policy of the specific messaging service you choose to use. If you have concerns about data processing by a particular platform, you may contact us via email instead.

11.5 Retention

We retain messages for the duration necessary to fulfill the purpose of the communication, subject to statutory retention obligations under German commercial and tax law (§ 257 HGB, § 147 AO). We have no control over the data retention practices of the respective platform providers.

12. Lead Research from Publicly Available Sources

12.1 Description

As part of our B2B marketing activities, we may research and collect business contact information from publicly available sources to identify potential business clients. These sources include, but are not limited to:

Google Maps and Google Business Profiles
Company websites (e.g., “Contact Us” or “About” pages)
Public business directories and registries
Professional social media profiles (e.g., LinkedIn), where the information has been made publicly visible by the user
Industry directories and trade association listings

This research may be conducted manually or with the assistance of publicly available tools and search engines. We do not use automated scraping tools to mass-harvest personal data, and we do not collect data from profiles or sources where users have restricted visibility of their information.

12.2 Data Processed

We may collect the following categories of data from publicly available sources:

Business name and address
General business phone number (as published by the business for customer contact)
General business email address (e.g., info@, office@, contact@)
Website URL
Where publicly available and relevant: name, job title, and professional contact details of a business representative

12.3 Source of Data

In accordance with Article 14(2)(f) GDPR, we inform you that your personal data was not collected directly from you. Your data was obtained from publicly available sources where the information was published by you or your business for the purpose of public visibility and business contact.

12.4 Purpose and Legal Basis

We process this data for the purpose of B2B direct marketing — specifically, to identify and contact potential business clients who may be interested in our services. The legal basis is:

Article 6(1)(f) GDPR — our legitimate interest in marketing our services to relevant business contacts.

We limit our collection to information that businesses and professionals have made publicly available for the purpose of being contacted. We consider that the data subjects' reasonable expectations align with being contacted in a professional context when they have published their contact details publicly for this purpose.

Right to object: You have the right to object to this processing at any time, pursuant to Article 21(2) and (3) GDPR. To exercise this right, please contact us using the details in Section 25, or use the unsubscribe link in any communication we send you.

12.5 Data Transfer

Data collected through our own research is stored and processed using our Google Workspace account (see Section 8) and may subsequently be uploaded to Instantly for outreach campaigns (see Sections 13–15). The data transfer safeguards described in Sections 8.4 and 13.5 apply accordingly.

12.6 Retention

We retain this data only for as long as necessary to carry out the outreach and any resulting business relationship. If you object to processing or opt out, we remove your data from active use promptly and add your contact details to our permanent suppression list. The suppression list is retained indefinitely for this purpose, in accordance with Article 17(3)(d) GDPR.

13. Lead Sourcing and Prospecting via Third-Party Platforms (Instantly, Apollo)

13.1 Description

We use Instantly (https://instantly.ai) and Apollo (https://www.apollo.io) as lead generation and prospecting platforms to identify potential business contacts for our B2B outreach. These platforms provide access to databases of professional contact information compiled from publicly available sources. We use this data to contact businesses and professionals who may have an interest in our services.

13.2 Data Processed

We obtain the following categories of personal data from these platforms:

Name (first and last)
Business email address
Job title / role
Company name
Company industry and size
Company website
LinkedIn profile URL (where publicly available)
Business phone number (where publicly available)
Country / location (business location)

13.3 Source of Data

In accordance with Article 14(2)(f) GDPR, we inform you that your personal data was not collected directly from you. Your data originates from the following sources:

Instantly's lead database (operated by Foo Monk LLC), which aggregates professional contact information from publicly available sources
Apollo's B2B database (operated by ZenLeads Inc. d/b/a Apollo.io), which compiles professional contact data from publicly available sources, including public profiles, company websites, business registries, and other publicly accessible directories. Apollo is a registered data broker in the state of California and other applicable US states.

13.4 Purpose and Legal Basis

We process this data for the purpose of B2B direct marketing — specifically, to contact potential business clients who may be interested in our services. The legal basis is:

Article 6(1)(f) GDPR — our legitimate interest in marketing our services to relevant business contacts.

We have conducted a legitimate interest assessment and have concluded that our interest in reaching potential business clients through targeted, relevant B2B communication is not overridden by the data subjects' rights and freedoms, taking into account that:

We process only professional (not private) contact information
The outreach is directed at individuals in their professional capacity and is relevant to their business role
We provide a clear and easy opt-out mechanism in every communication
We maintain a suppression list and promptly honor all opt-out requests
The volume and frequency of communications is limited and reasonable

Right to object: You have the right to object to this processing at any time, pursuant to Article 21(2) and (3) GDPR. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, and we will cease processing your data for this purpose without requiring you to provide any specific reason. To exercise this right, you may use the unsubscribe link included in every email or contact us using the details in Section 25.

13.5 Recipients and Data Transfers

Instantly:

The provider is Foo Monk LLC (d/b/a Instantly.ai), a Wyoming corporation with its principal business address at 30 N. Gould St., Ste. R, Sheridan, Wyoming, 82801, United States. When we use Instantly's lead database, your data is processed on Instantly's infrastructure in the United States.

Transfer safeguard: Instantly is not currently certified under the EU-US Data Privacy Framework. For international data transfers, we rely on the EU Standard Contractual Clauses (SCCs) incorporated into Instantly's Data Processing Addendum (DPA), which also includes the UK Transfer Addendum (UK SCCs). The DPA is governed by the law of Ireland in relation to EEA Restricted Transfers.

Instantly Privacy Policy: https://instantly.ai/privacy
Instantly DPA: https://instantly.ai/dpa

Apollo:

The provider is ZenLeads Inc. (d/b/a Apollo.io), with its principal business address at 440 N Barranca Ave #4750, Covina, CA 91723, United States. When we use Apollo's database, your data is processed on Apollo's infrastructure in the United States.

Transfer safeguard: Apollo (ZenLeads Inc. / ZenLeads Holdings LLC) is certified under the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (certification status: Active; DPF participant number: 5934). Additionally, Apollo's Data Processing Agreement incorporates EU Standard Contractual Clauses (SCCs) and Apollo conducts Transfer Impact Assessments as required.

Apollo Privacy Policy: https://www.apollo.io/privacy-policy
Apollo DPA: https://www.apollo.io/dpa
Apollo DPF listing: https://www.dataprivacyframework.gov/participant/5934

13.6 Retention

We retain prospecting data only for as long as necessary to carry out the outreach campaign and any resulting business relationship. If you object to processing or opt out, we will remove your data from active campaign lists promptly and add your email address to our permanent suppression list to ensure you are not contacted again. The suppression list is retained indefinitely for this purpose, in accordance with Article 17(3)(d) GDPR.

14. Cold Email Outreach Campaigns (Instantly)

14.1 Description

We use Instantly (https://instantly.ai) as our cold email outreach platform to send B2B marketing emails to prospective business contacts. Emails are sent from our Google Workspace email accounts through Instantly's sending infrastructure.

14.2 Data Processed

In the course of sending outreach emails, the following personal data is processed:

Recipient's name
Recipient's business email address
Recipient's job title and company name (used for email personalization)
Email content (including any personalized elements)
Sending and delivery metadata (timestamps, delivery status, bounce information)

14.3 Purpose and Legal Basis

We process this data for the purpose of B2B direct marketing. The legal basis is:

Article 6(1)(f) GDPR — our legitimate interest in promoting our services to relevant business contacts.

The same legitimate interest assessment described in Section 13.4 applies.

Right to object: You have the right to object to this processing at any time without providing a reason, pursuant to Article 21(2) and (3) GDPR. To exercise this right, use the unsubscribe link in any email we send you, or contact us at mihnea.nicolau@minico.ai.

14.4 Recipient and Data Transfer

The provider is Foo Monk LLC (d/b/a Instantly.ai). See Section 13.5 for full details on the provider, data transfer safeguards, and relevant links.

Emails are sent through our Google Workspace accounts (see Section 8 for Google's data processing details).

14.5 Retention

Campaign data (recipient lists, email content, sending history) is retained on Instantly's platform for the duration of the campaign and a reasonable period thereafter for performance analysis. We delete campaign data from Instantly when it is no longer needed. Email correspondence resulting from outreach is retained in our Google Workspace email in accordance with Section 8.5.

15. Email Tracking and Analytics (Instantly)

15.1 Description

Our outreach emails sent through Instantly may contain tracking technologies to measure the effectiveness of our email campaigns. Specifically:

Open tracking: A small, invisible tracking pixel (1x1 image) may be embedded in the email. When the email is opened and images are loaded, the pixel registers that the email was opened.
Click tracking: Links in our emails may be routed through Instantly's tracking infrastructure to register when a recipient clicks a link.

15.2 Data Processed

Through email tracking, the following data may be collected:

Whether and when the email was opened
Number of times the email was opened
IP address at the time of opening (which may indicate approximate geographic location)
Email client / device information (derived from user agent data)
Whether and when links in the email were clicked
Which specific links were clicked

15.3 Purpose and Legal Basis

We process this data for the purpose of analyzing and improving the effectiveness of our B2B outreach campaigns. The legal basis is:

Article 6(1)(f) GDPR — our legitimate interest in understanding the effectiveness of our business communications and optimizing our outreach.

We consider this processing proportionate given that it involves only technical interaction data in a professional B2B context and does not involve profiling for purposes unrelated to our direct business communication.

Right to object: You have the right to object to this processing at any time, pursuant to Article 21 GDPR. To exercise this right, please contact us using the details in Section 25. You may also prevent open tracking by configuring your email client to not load remote images by default.

15.4 Recipient and Data Transfer

Tracking data is processed by Foo Monk LLC (d/b/a Instantly.ai). See Section 13.5 for full details on the provider, data transfer safeguards, and relevant links.

15.5 Retention

Email tracking data (open and click events) is retained on Instantly's platform for the duration of the campaign and a reasonable period thereafter for analysis purposes. We delete this data when it is no longer needed for campaign evaluation.

16. Cookies and Similar Technologies

16.1 Our Approach

We have designed this website to minimize data collection. We do not use any tracking cookies, advertising cookies, or analytics cookies. Our website analytics (Cloudflare Web Analytics) operate without cookies and without individual user tracking.

16.2 Strictly Necessary Cookies

Cloudflare may set strictly necessary cookies for security and performance purposes (such as __cf_bm for bot management). These cookies are technically necessary to protect the website from automated attacks and to ensure its proper functioning. They do not require your consent pursuant to § 25(2) TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz), as they are strictly necessary for the provision of the service you have requested.

16.3 Language Preference Cookie

We use a Cloudflare Worker to detect whether a visitor is located in Romania based on the country information provided by Cloudflare's network (derived from the visitor's IP address at the network edge; the IP address itself is not stored or logged by us for this purpose). If a visitor from Romania accesses the English version of our website and has not yet set a language preference, a banner is displayed suggesting the Romanian version of the website.

When you interact with this banner or use the language switcher on our website, a cookie named “locale” is set in your browser. This cookie stores only your language preference (“en” for English or “ro” for Romanian), contains no personal data, and has a duration of 90 days. The cookie is set entirely on the client side (in your browser) and is read by our Cloudflare Worker solely to determine whether the language suggestion banner should be displayed on subsequent visits.

This cookie does not require consent under § 25(2) TDDDG, as it is a strictly functional cookie that remembers an explicit preference you have expressed. The country-level detection used to trigger the banner is based on network routing information already processed by Cloudflare as part of content delivery (see Section 4) and does not involve any additional personal data processing.

16.4 Fonts

We use self-hosted fonts via Cloudflare Fonts and next/font. No font requests are sent to external servers such as Google Fonts. No additional data processing occurs through font loading.

17. Social Media Links

Our website contains links to our social media profiles (including YouTube, Instagram, Facebook, Twitter/X). These are standard hyperlinks — no social media plugins or embeds are loaded on our website, and no data is transmitted to these platforms when you visit our website. Data processing by the respective social media platform only occurs if you click on the link and navigate to that platform, where the platform’s own privacy policy applies.

18. Credential Verification Links (Skilljar)

18.1 Description

Our website contains links to verify.skilljar.com, an external credential verification platform operated by Skilljar Inc. (part of the Gainsight group of companies). These links allow visitors to verify the authenticity of our professional qualifications and certifications. These are standard hyperlinks — no Skilljar content is embedded on our website, and no scripts, cookies, or tracking technologies from Skilljar are loaded on our website. Data processing by Skilljar only occurs when you click the link and navigate to their platform.

18.2 Data Processed

When you navigate to Skilljar's verification page, Skilljar may process the following data in accordance with their own privacy policy:

IP address
Browser type and version, operating system, and device information
Date and time of access
Cookies, including strictly necessary cookies, performance cookies, and third-party advertising cookies
Data collected through pixels and similar tracking technologies

This data is processed by Skilljar on their platform, not on our website. We do not transmit any personal data to Skilljar; your browser makes a direct connection to Skilljar's servers when you click the link.

18.3 Purpose and Legal Basis

The purpose of providing these links is transparency and verifiability of our professional qualifications. The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest lies in enabling visitors and prospective clients to independently verify the authenticity of our certifications. The navigation to the external platform occurs solely at your initiative.

18.4 Recipient and Data Transfer

Skilljar Inc. is a US-based company (part of the Gainsight group) headquartered in Seattle, Washington, USA. Skilljar's services are hosted on Amazon Web Services (AWS) in the United States. When you click a verification link, your browser makes a direct connection to Skilljar's servers in the US.

Transfer safeguard: Skilljar's Data Processing Addendum (DPA) includes EU Standard Contractual Clauses (SCCs) as the mechanism for international data transfers. We were unable to confirm a Skilljar certification under the EU-US Data Privacy Framework.

Skilljar Privacy Policy: https://www.skilljar.com/privacy
Skilljar DPA: https://www.skilljar.com/dpa
Skilljar Cookie List: https://www.skilljar.com/cookie-list
Skilljar Security: https://www.skilljar.com/security

18.5 Retention

We have no control over the retention period of data that Skilljar collects when you visit their verification page. Skilljar's retention practices are governed by their privacy policy.

18.6 Note

Clicking a verification link is entirely voluntary. The certification information (certification name, issuing organization, and issue date) is also displayed directly on our website without needing to visit the external platform. If you have concerns about data processing by Skilljar, you may choose not to visit the verification page.

19. Your Rights Under GDPR

Under the GDPR, you have the following rights with respect to your personal data:

Right of access (Article 15 GDPR): You have the right to obtain confirmation as to whether we process personal data concerning you, and if so, to access that data and receive certain information about the processing.

Right to rectification (Article 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.

Right to erasure (Article 17 GDPR): You have the right to request the deletion of your personal data where one of the grounds set out in Article 17 GDPR applies, for example where the data is no longer necessary for the purposes for which it was collected.

Right to restriction of processing (Article 18 GDPR): You have the right to request the restriction of processing of your personal data under certain circumstances.

Right to data portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where the processing is based on consent or a contract and is carried out by automated means.

Right to object (Article 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6(1)(f) GDPR (legitimate interest). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Right to withdraw consent (Article 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise any of these rights, please contact us at: mihnea.nicolau@minico.ai

We will respond to your request without undue delay and in any event within one month of receipt.

20. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR if you believe that the processing of your personal data violates data protection law.

The competent supervisory authority for our business is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18

91522 Ansbach

Germany

Website: https://www.lda.bayern.de

Email: poststelle@lda.bayern.de

Phone: +49 (0) 981 180093-0

You may also lodge a complaint with the supervisory authority of your habitual residence or place of work.

21. Data Security

We take appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our website is served exclusively over HTTPS (TLS encryption). Communication via our contact form and email is encrypted in transit.

22. No Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Article 22 GDPR on this website.

23. Children’s Privacy

Our website and services are directed at businesses (B2B) and are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected personal data from a child, please contact us so we can promptly delete it.

24. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or the services and tools we use. We will indicate the date of the last update at the top of this page. We encourage you to review this Privacy Policy periodically.

25. Contact

If you have any questions about this Privacy Policy, about how we process your personal data, or if you wish to exercise your data subject rights, please contact us at:

Mihnea Nicolau

trading as Minico AI

c/o IP-Management #9003

Ludwig-Erhard-Straße 18

20459 Hamburg

Email: mihnea.nicolau@minico.ai

Phone: +49 15679 789018

Privacy Policy for Our Social Media Presences

US English

Our Social Media Presences

This privacy policy applies to the following social media presences:

Data Processing by Social Networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, X, and others can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can attribute this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, such data collection occurs, for example, through cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside of the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal Basis

Our social media presences are intended to ensure the broadest possible presence on the internet. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) GDPR).

Controller and Assertion of Rights

When you visit one of our social media presences (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You may generally assert your rights (access, rectification, erasure, restriction of processing, data portability, and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g., vis-à-vis Facebook/Meta).

Please note that, despite the joint controllership with the social media portal operators, we do not have full influence over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Retention

The data collected directly by us through the social media presence will be deleted from our systems as soon as you request us to do so, you revoke your consent to storage, or the purpose for data storage ceases to apply. Stored cookies remain on your device until you delete them. Mandatory statutory provisions — in particular retention periods — remain unaffected.

We have no influence over the retention period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policy, see below).

Your Rights

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have a right to object, a right to data portability, and a right to lodge a complaint with the competent supervisory authority. Furthermore, you may request the rectification, blocking, deletion, and, under certain circumstances, the restriction of processing of your personal data.

Third-Party Link Services and Affiliate Links

On some of our social media profiles, we use Beacons, a link-in-bio service that allows us to consolidate various links and content for our audience in one place. When you click our Beacons link (e.g., in the bio of one of our social media channels), you leave the respective social media platform and are redirected to the Beacons platform. Beacons is not embedded on our website; data processing by Beacons only occurs when you navigate to their platform.

The provider is Beacons AI Inc., a US-based company. Beacons may process data in accordance with its own privacy policy, including your IP address, device information, and usage data. We encourage you to review Beacons' privacy policy.

Beacons Privacy Policy: https://home.beacons.ai/beacons-privacy-policy

Our Beacons page, social media posts, video descriptions, community pages, and online courses may contain affiliate links to third-party services (such as software tools, hosting providers, automation platforms, pet products, or other goods and services). If you click on such a link and subsequently register for or purchase the linked service, we may receive a referral commission at no additional cost to you. These affiliate links may use cookies or similar tracking technologies operated by the respective third-party services to track clicks and attribute referrals. This tracking is carried out by the third-party services, not by us. We have no control over the data processing carried out by these third parties. For details on their data processing practices, please refer to the privacy policies of the respective services.

Social Networks in Detail

X (formerly Twitter)

We use the short messaging service X (formerly Twitter). The provider is the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The entity responsible for data processing of persons living outside the USA is the subsidiary Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your X privacy settings independently in your user account. To do so, click the following link and log in: https://x.com/settings/account/personalization.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html.

For details, please refer to X’s privacy policy: https://x.com/en/privacy.

Instagram (including Threads)

We maintain a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

We also maintain a presence on Threads, a platform operated by Meta that is linked to Instagram. Threads shares Instagram’s data infrastructure, and the same data processing practices and privacy policy apply.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.

For details on how your personal data is handled, please refer to Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. For further information, please see: https://www.dataprivacyframework.gov/participant/4452

We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how your personal data is handled, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We maintain a profile on YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how your personal data is handled, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=en.

Facebook

We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Meta”). According to Meta, the collected data is also transferred to the USA and other third countries. We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement defines which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can adjust your advertising settings independently in your user account. To do so, click the following link and log in: https://www.facebook.com/settings?tab=ads. Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381. For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/. The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to upholding these data protection standards. For more information, please visit the provider at: https://www.dataprivacyframework.gov/participant/4452

TikTok

We maintain a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. For details on how they handle your personal data, please refer to TikTok’s privacy policy: https://www.tiktok.com/legal/privacy-policy. Data transfers to non-secure third countries are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.tiktok.com/legal/privacy-policy.