Privacy Policy

Effective date: 01.03.2024

This Privacy Policy (“Statement”) describes how MindMetrix AG (“we,” “us,” or “our”) collects, uses, and discloses information that we have about your use of myflow.


This Privacy Policy applies to all our Services, including your use of myflow, worldwide.

By using our services, you expressly agree that your personal data that you provide to us directly or that we collect through your use of our services, including myflow, may be processed by us in accordance with this Privacy Policy and may be stored in Switzerland or another country of the European Economic Area.

MindMetrix AG is a company registered under Swiss law and is subject to Swiss data protection regulations, such as the Swiss Federal Data Protection Act (“DPA”). As an internationally active company, the EU General Data Protection Regulation (“GDPR”) is also relevant to us in addition to the Swiss data protection regulations. In this Privacy Policy, the terms “process” or “processing” as well as “personal information” are used synonymously with the terms “edit” or “editing” as well as “personal data”.

We are the controller within the meaning of the DSG/GDPR, which determines the purposes and means of the processing of personal data. This Privacy Policy does not apply to individuals if our client uses our services and there is an agreement between our client and the individual regarding the use of myflow and the processing of personal data related to that individual; in such a case, the client controls the data collected by/through myflow and the client’s privacy policy applies and not this Privacy Policy.

If you have any questions about privacy, please do not hesitate to contact us:

MindMetrix AGc/o ETH Zurich,
Gloriastrasse 37/39
8092 Zurich
You can also reach us by email at support@myflow.ch.

1 What types of personal data do we collect?

We collect information and personal data directly from you, from third party devices and services you connect to, and automatically through your use of myflow.

When you create a profile to use myflow, we collect the information and personal data you provide to us, including your name and email address. We also collect any additional information you choose to add to your profile. If you process personal data of others, it is your responsibility to ensure that you comply with applicable data protection laws.

When you access our website, data transmitted by your browser and automatically stored by our server, such as the date and time of access, the name of the file accessed, as well as the amount of data transferred and the access time, your web browser, browser language and requesting domain, as well as your IP address, are collected (further data is only collected via our website if you provide this information voluntarily, for example as part of a registration or request).

2 Communication

If you contact us directly, we will receive the content of your message or any attachments you send to us, as well as any additional information you choose to provide.

3 For what purposes do we process personal data?

We process your information, including your personal data, for the following purposes:

  1. When you create a profile to use myflow, you provide us with your personal information as described in Section 1.
  2. To enable you to access myflow, to communicate with you about your use of myflow, to respond to your inquiries and for other customer service purposes.
  3. When you use myflow, we process the personal data submitted to us through your use, including but not limited to pupil data (as further described in the Terms of Use or a contract).
  4. To research and develop new products and features, as permitted by law and, if necessary, with your consent.
  5. For marketing, promotional and informational purposes, to the extent permitted by law and, if necessary, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters, special offers and promotions, or to otherwise inform you about products or information that we think may interest you. We may also use the information we learn about you to promote our services on third party websites. You may opt out of receiving these emails at any time as described below.
  6. To better understand how users access and use myflow, both on an aggregate and individual basis, to improve myflow and respond to user requests and preferences, and for other analytical purposes.
  7. To personalize the content and information we send or display to you, to provide personalized help and instructions, and to otherwise personalize your experience when using myflow.
  8. To comply with legal and regulatory obligations and responsibilities, as part of our general business operations and for other business administration purposes.
  9. When we deem it necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use or this Privacy Policy.

4 On what legal basis and for what purposes do we process personal data?

Depending on the purpose of the processing activity (see Section 3 above), the processing of your information and personal data will take one of the following forms:

  1. necessary for MindMetrix AG’s legitimate interests without unreasonably prejudicing your interests or fundamental rights and freedoms (see below);
  2. necessary for the formation or performance of a contract with you for the services or products you have requested or for the performance of our obligations under such contract, for example, where we use your data for some of the purposes set out in Sections 3(1) – 3(3) above (as well as for some of the data sharing described in this Section 4);
  3. necessary to comply with our legal or regulatory obligations, including carrying out checks to identify you and disclosing information to authorities, regulators and government bodies, to the purposes set out in Sections 5(5) and 5(6);
  4. in some cases, necessary for the performance of a task in the public interest;
  5. where we use special categories of personal data necessary for the establishment, exercise or defense of legal claims, or where the processing relates to personal data that are manifestly in the public domain; and
  6. processed with your consent, which we may obtain from you from time to time (e.g., when required by law), or processed with your explicit consent, which may be necessary, where special categories of personal data are involved.

Examples of the “legitimate interests” mentioned above include:

  1. the pursuit of certain purposes of sections 3(5) – 3(7);
  2. exercising our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our entrepreneurial freedom and right to property;
  3. when making the disclosures set forth in Section 5 below, providing products and services, and ensuring a consistently high standard of service and satisfaction of our customers, employees and other stakeholders; and
  4. meeting our accountability and legal requirements around the world,

in any case, unless your interests in privacy outweigh these interests.

5 Who has access to personal data and with whom is it shared?

We may share your information, including personal information, as follows:

  1. Aggregated and Anonymized Information. We may use aggregated or anonymized information – so that it cannot be used to identify an individual – to perform various types of analyses, such as improving our products and services or other similar analyses.
  2. Service Providers. We may share your information with third-party vendors, service providers, contractors or agents who perform service functions we need to operate our business, such as providers of hosting, email communications, customer services, analytics, marketing and advertising, based on our instructions and in accordance with this Statement and other appropriate confidentiality and security measures.
  3. Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will notify affected users before transferring personal information to a new company.
  4. In response to legal process. We may disclose information we collect from you to comply with the law, a court proceeding, a court order, or other legal process, such as in response to a court order or subpoena.
  5. In response to regulatory or legal obligations: As required from time to time, we may disclose personal information to public and judicial authorities, regulatory agencies or governmental bodies and in proceedings, including as required by law or regulation or by such authorities or bodies.
  6. To protect ourselves and others, we may disclose information we collect from you if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Statement, or as evidence in any legal proceeding involving MindMetrix AG.
  7. Third Party Analytics Tools. We use automated devices and applications, such as Google Analytics, to evaluate the use of our Service. We may also use other analytics tools to evaluate our websites. We use these tools to improve myflow, performance and user experience.

6 International transfer of personal data

The recipients mentioned in section 5 above may be located outside of Switzerland. In such cases, except where the country in question has been determined by the EU or Switzerland to provide an adequate level of protection, MindMetrix AG will implement appropriate safeguards to ensure that any such transfer is in compliance with applicable data protection laws.

You may request additional information in this regard and obtain a copy of the appropriate safeguards by contacting us at the address provided at the end of this notice. When MindMetrix AG transfers personal data to service providers in countries that do not provide an adequate level of protection, we rely on standard contractual clauses approved by the European Commission or Switzerland.

7 How long do we store your data for?

We will retain your information, including personal data, only as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal requirements. To this end, we apply criteria to determine the appropriate time periods to retain your personal information based on its purpose, such as proper recordkeeping, facilitating the management of customer relationships, and responding to legal claims or regulatory inquiries.

8 Cookies

Cookies are small text files that are stored on your device and used by web browsers to deliver personalized content and remember logins and account settings. In addition to improving the user experience, we also use cookies and similar technologies for analytics and advertising purposes. You can manage your cookies locally by adjusting your browser settings, or you can opt out of targeted advertising through cookies by visiting networkadvertising.org/choices or aboutads.info/choices. Because there is not yet a common understanding of how to interpret “Do Not Track” signals, we cannot respond to “Do Not Track” requests from browsers. However, we are monitoring for updates and will revise this statement once a common standard is established.

9 Links from third parties

Our Service may contain links to third party websites. Access to and use of such linked websites is not governed by this Privacy Policy, but by the privacy policies of such third party websites. We are not responsible for the information practices of such third party websites.

10 Security of my personal data

We have taken reasonable precautions to protect the information we collect from loss, misuse and unauthorized access, disclosure, alteration and destruction. Please note that despite our best efforts, no data security measures can guarantee security.

We are not responsible for lost, stolen or compromised passwords or for any activity on your account due to unauthorized password activity.

11 Access to, storage of and deletion of personal information

You can access and change the personal data you have entered by going to your profile and updating your profile information. Your personal information is stored and accessible on your device and in the cloud.

We store the information associated with your account until your account is deleted. You may delete your account at any time by contacting support@myflow.ch. Please note that deleting your account information may take some time and we may retain it for legal or damage prevention reasons, as described in the “Sharing Information” section.

12 Users under 18 years

Our services are not intended for users under the age of 18. If we discover that a user under the age of 18 has provided us with personal information, we will delete that information from our systems.

13 Your rights

13.1 What rights do I have?

Individuals located in Switzerland or the European Economic Area (EEA) have certain rights with respect to their personal information. MindMetrix AG offers all of our worldwide users the opportunity to exercise these rights, including:

  1. the right to access your personal data;
  2. the right to correct or rectify inaccurate personal data;
  3. the right to restrict or object to the processing of personal data;
  4. the right to erase your personal data; and
  5. the right to portability of personal data.

This Privacy Policy does not apply to individuals if our customer uses our services and there is an agreement between our customer and the individual regarding the use of our services or products and the processing of personal data relating to that individual; in such a case, the customer controls the data collected and the customer’s privacy policy, rather than this Privacy Policy, applies.

13.2 How can I exercise my individual rights?

Users of our services or products whose data is covered by this Privacy Policy may access and update their personal data worldwide as follows: They may exercise their rights to data erasure and data portability by contacting MindMetrix AG’s Privacy Officer at support@myflow.ch.

Please note that MindMetrix AG may request additional information from you to verify your identity before we disclose any personal or account information.

14 Contact

If you have any questions about our privacy practices, please contact us at support@myflow.ch or at the following address:

MindMetrix AG

c/o ETH Zurich, NCM Lab GLC G25

Gloriastrasse 37/39

8092 Zurich


If you, as a customer, are unable to contact MindMetrix AG using the contact information provided above, you have the right to contact your local data protection authority.

15 Changes to this declaration

This statement is effective as of the effective date indicated above. We may change this Statement from time to time, so you should review it periodically. We will post any changes to this Statement. If we make any changes to this Statement that materially affect our practices with respect to the personal information we have previously collected from you, we will endeavor to notify you in advance of any such change.