Privacy Policy

Last Update: 30/10/2025

Table of Contents

  • Introduction

  • Data Protection Officer

  • How we collect and use (process) your personal information

  • Use of the rembrandtagents.com website (landing page)

  • Cookies and tracking technologies

  • Use of the Rembrandt platform (my.rembrandtagents.com)

  • When and how we share information with third parties

  • Transferring personal data outside the EEA

  • Data Subject rights

  • Security of your information

  • Data storage and retention

  • Questions, concerns, or complaints

Introduction

Rembrandt (operated by Mindmapp B.V., trading as Rembrandt) is a business intelligence platform that identifies actionable business signals from public domain sources and matches companies to commercial intent profiles.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes Rembrandt's policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

Rembrandt is headquartered in Amsterdam, Netherlands (Weesperstraat 107, 1018VN, Amsterdam). Rembrandt has appointed an internal data protection officer for you to contact if you have any questions or concerns about Rembrandt's personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Rembrandt's data protection officer.

Rembrandt's data protection officer contact information:

Data Protection Officer

Rembrandt (Mindmapp B.V.)
Weesperstraat 107
1018VN Amsterdam
Netherlands

Email: privacy@rembrandtagents.com

How we collect and use (process) your personal information

Rembrandt collects personal information about its website visitors and customers. The information we collect depends on how you interact with our services:

Information collected via our marketing website (rembrandtagents.com):

  • Contact information provided through email inquiries or occasionally through contact forms (name, email address, company name)

  • Website usage data: Internet protocol (IP) addresses, browser type, operating system, and usage information about the use of our website, including a history of the pages you view

Information collected via our platform (my.rembrandtagents.com):

  • Administrator Information: First name, last name, and email address for account management and access control

  • Usage Data: Aggregated platform interaction metrics for service improvement

  • Platform usage patterns and feature interactions

How we use information from our marketing website:

  • To respond to your inquiries and requests submitted through email or contact forms

  • To analyze website usage and improve our website and marketing communications

  • To understand visitor preferences and improve user experience

How we use information from our platform:

  • To authenticate you and provide secure access to your account

  • To process and deliver the services you have subscribed to, including processing company data and generating business intelligence according to your configured use cases

  • To manage your account settings, user permissions, and organization configuration

  • To provide you with technical support and respond to your service requests

  • To communicate with you about your account, service updates, and important notices

  • To monitor platform usage and performance to ensure service availability and reliability

  • To analyze aggregated usage patterns to improve our services and develop new features

  • To detect, prevent, and address technical issues, security threats, or fraudulent activity

  • To comply with our legal obligations, enforce our Terms of Service, and protect our rights and the rights of our users

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services.

Use of the rembrandtagents.com website (landing page)

Rembrandt operates a marketing website at rembrandtagents.com. As is true of most other websites, our landing page collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of the website, including a history of the pages you view.

We use this information to help us design our site to better suit our users' needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Rembrandt has a legitimate interest in understanding how visitors and potential customers use its website. This assists Rembrandt with providing more relevant products and services and with improving our marketing communications.

Cookies and tracking technologies

Rembrandt uses cookies and similar tracking technologies on our marketing website (rembrandtagents.com) to collect and store information about your use of our website. We use cookies for:

  • Essential website functionality

  • Analytics and performance monitoring

  • User experience customization

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.

For more detailed information about the cookies and tracking technologies we use, please contact us at privacy@rembrandtagents.com.

Use of the Rembrandt platform (my.rembrandtagents.com)

When you access and use the Rembrandt business intelligence platform at my.rembrandtagents.com, we collect and process:

Administrator Information:

  • First name, last name, and email address for account management and access control

Usage Data:

  • Aggregated platform interaction metrics for service improvement

  • Platform usage patterns and feature interactions

Public Business Data:

  • Publicly available information from various sources including company websites and public platforms, such as company names, locations, activities, and business developments

Data Processing and AI Engagement:

  • We use OpenAI models to evaluate and classify public data

  • These models process public data segments along with signal framework definitions and solution details

  • Data is enriched and classified to provide additional context

  • All AI processing is conducted with appropriate data protection measures

When and how we share information with third parties

The personal information Rembrandt collects from you is stored in databases hosted by third-party service providers. These third parties do not use or have access to your personal information for any purpose other than cloud storage, retrieval, and service delivery.

Our Sub Processors:

Rembrandt engages third-party service providers (sub processors) to facilitate the delivery of our services. These include:

  • AWS (Amazon Web Services) - Cloud hosting and infrastructure (EU - eu-central-1 region)

  • OpenAI - AI model processing and data classification (United States)

  • LangGraph Cloud - AI agent workflow orchestration (United States)

  • SuperTokens Cloud - Authentication and user management services (EU)

  • Stripe - Payment processing (EU)

  • And other service providers as necessary for service delivery

A complete and up-to-date list of all sub processors, including their purpose, data access scope, and location, is detailed in Section 5 (Subprocessors) of the Rembrandt Data Processing Agreement (DPA), which forms part of our service agreements with customers. The DPA is available as part of our Master Subscription Agreement or can be obtained by contacting us at privacy@rembrandtagents.com.

We do not otherwise reveal your personal data to non-Rembrandt persons or businesses for their independent use unless:

  1. You request or authorize it

  2. The information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others

  3. The information is provided to our agents, vendors or service providers who perform functions on our behalf

  4. To address emergencies or acts of God

  5. To address disputes, claims, or to persons demonstrating legal authority to act on your behalf

We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.

The Rembrandt marketing website (rembrandtagents.com) may connect with third party services such as social media platforms. If you choose to share information from the Rembrandt website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

Transferring personal data outside the EEA

Rembrandt is headquartered in Amsterdam, Netherlands (European Economic Area).

Personal Data Processing:

Your personal data (administrator information, authentication data, account settings) is processed exclusively within the EU (eu-central-1 region, Frankfurt, Germany). Personal data is not transferred outside the EEA.

Business Data Processing:

Public business data (company information, job postings, news articles, signal data) may be processed outside the EEA through US-based subprocessors (OpenAI, LangGraph Cloud) for legitimate business purposes in delivering our services. This business data does not include personal data.

Safeguards for Business Data Transfers:

All international transfers of business data are subject to appropriate safeguards through contractual arrangements with subprocessors:

  • Data Processing Agreements: Rembrandt enters into data processing agreements with all third-party service providers that process data on our behalf

  • Appropriate Contractual Safeguards: All subprocessors are bound by appropriate data protection obligations

For detailed information about data processing locations, subprocessors, and international transfers, please refer to Section 9 (International Data Transfers) of the Rembrandt Data Processing Agreement (DPA), which is available as part of our service agreements or by contacting us at privacy@rembrandtagents.com.

Data Subject rights

The European Union's General Data Protection Regulation (GDPR) and other countries' privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

  • Right to be informed - You have the right to be informed about the collection and use of your personal data

  • Right of access - You have the right to access your personal data

  • Right to rectification - You have the right to have inaccurate personal data corrected

  • Right to erasure - You have the right to have your personal data deleted ("right to be forgotten")

  • Right to restrict processing - You have the right to request restriction of processing of your personal data

  • Right of data portability - You have the right to receive your personal data in a structured, commonly used format

  • Right to object - You have the right to object to processing of your personal data

  • Rights related to automated decision making including profiling - You have rights related to automated decision-making, including profiling

This Privacy Notice is intended to provide you with information about what personal data Rembrandt collects about you and how it is used.

If you wish to confirm that Rembrandt is processing your personal data, or to have access to the personal data Rembrandt may have about you, please contact us at privacy@rembrandtagents.com.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Rembrandt might have received the data from Rembrandt; what the source of the information was (if you didn't provide it directly to Rembrandt); and how long it will be stored.

You have a right to correct (rectify) the record of your personal data maintained by Rembrandt if it is inaccurate. You may request that Rembrandt erase that data or cease processing it, subject to certain exceptions. You may also request that Rembrandt cease using your data for direct marketing purposes.

In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Rembrandt processes your personal data. When technically feasible, Rembrandt will—at your request—provide your personal data to you in a structured, commonly used format.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame (typically within 30 days), Rembrandt will provide you with a date when the information will be provided. If for some reason access is denied, Rembrandt will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at privacy@rembrandtagents.com. Alternatively, if you are located in the European Union, you can also have recourse to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or with your nation's data protection authority.

Security of your information

Rembrandt implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data encrypted both at rest and in transit using industry-standard encryption protocols

  • Access Controls: Role-based access control systems with organization-level data isolation, authorizing user access while restricting unauthorized users from accessing information not needed for their role

  • Monitoring and Logging: Continuous monitoring and logging of system activities to detect and respond to security events

  • Intrusion Detection: Intrusion detection systems to prevent and identify potential security attacks

  • Incident Response: Operational procedures for managing security incidents and breaches

  • Regular Security Assessments: Regular security assessments of systems and infrastructure

While we implement appropriate safeguards, no method of transmission over the Internet or electronic storage is 100% secure. However, we strive to use commercially acceptable means to protect your personal information.

Data storage and retention

Your personal data is stored by Rembrandt on AWS servers located in the eu-central-1 region (Frankfurt, Germany), and on the servers of cloud-based service providers engaged by Rembrandt.

Data Retention Periods:

  • Administrator data: Retained as long as necessary to provide the service

  • Signal data: Retained for the duration of the customer relationship plus 2 years for analytics

  • Public data and customer-specific configurations: Retained while you actively use the platform and for up to 7 years for historical analysis

  • Account termination: Upon account termination, all customer account data is deleted within 90 days

  • LangGraph Cloud processing data: AI agent execution traces retained for 14 days (standard) or up to 400 days (with extended retention, if applicable)

  • Website logs: Retained for security and compliance purposes for up to 365 days

Rembrandt retains service data for the duration of the customer's business relationship with Rembrandt and for a period of time thereafter, to analyze the data for Rembrandt's own operations, and for historical and archiving purposes associated with Rembrandt's services.

All personal data that Rembrandt controls may be deleted upon verified request from Data Subjects or their authorized agents, subject to legal retention requirements (e.g., accounting records retained for 7 years as required by Dutch tax law, legal obligations).

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: privacy@rembrandtagents.com

Questions, concerns or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

Rembrandt (Mindmapp B.V.)

Data Protection Officer

Weesperstraat 107
1018VN Amsterdam
Netherlands

Email: privacy@rembrandtagents.com
General Inquiries: info@rembrandtagents.com

Data Protection Authority:

If you are not satisfied with how we handle your privacy concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens (Dutch DPA)
Bezuidenhoutseweg 30
2594 AV Den Haag
Netherlands

Website: https://autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 8500

Last Updated: October 30, 2025

Next Review: October 2026