MindsHub
Star Log in Get started

Legal

AI Policy

Last updated:

Approved By: MindsDB Executive Team

1. Purpose & Scope

MindsDB provides a secure, developer-first AI data platform that enables enterprises to query and analyze their data using natural language.

 This AI Governance Policy establishes the principles, safeguards, and responsibilities by which MindsDB ensures that:

  • All AI-enabled capabilities respect human oversight and enterprise governance.

  • MindsDB software does not host customer data, but instead runs within the customer’s infrastructure (VPC or on-premises).

  • MindsDB leverages customer-provided AI models and endpoints, ensuring full control remains with the customer.

This policy applies to all use of MindsDB software by customers, employees, contractors, and partners.

2. Principles & Commitments
MindsDB commits to the following Responsible AI Principles:

  1. Human in the Loop

    • MindsDB does not make autonomous business, medical, financial, or legal decisions.

    • All outputs are recommendations or information retrievals, subject to human interpretation and approval.

  2. Data Stewardship

    • MindsDB does not host, store, or transfer customer data.

    • All processing occurs within the customer’s controlled environment.

    • MindsDB does not collect or share customer data for training purposes.

  3. Model Control

    • Customers provide their own Large Language Model (LLM) endpoints.

    • MindsDB never substitutes or injects third-party models without explicit customer approval.

  4. Security by Design

    • Each user in MindsDB configures their own credentials to access only the data sources they are authorized for.

    • User accounts are completely independent: credentials, permissions, and query scopes are isolated per user.

    • MindsDB enforces that users cannot view or query data outside of their authorized scope, preserving enterprise-grade data governance.

    • Access policies and enforcement remain fully under the customer’s control, leveraging existing identity and access management systems.

  5. Transparency & Explainability

    • All queries and AI interactions can be logged for audibility if requested by the customer.

    • Customers can review, trace, and validate how an answer was generated.

  6. Compliance & Ethics

    • MindsDB aligns with leading frameworks such as NIST AI Risk Management Framework, ISO/IEC 42001, and relevant privacy regulations (e.g., GDPR, HIPAA, CCPA).

    • MindsDB is committed to avoiding bias, discrimination, or harmful uses of AI.

3. Governance FrameworkMindsDB operates under the following governance structure:

  • AI Governance Committee: Oversees policy updates, risk assessments, and compliance mapping.

  • Customer Control: Each customer determines which models, datasets, and users are permitted.

  • Lifecycle Governance:

    • Configuration: MindsDB connects customer data sources and models.

    • Operation: All inference runs in the customer’s VPC or on-prem environment.

    • Monitoring: Logs and metrics are visible to the customer for oversight.

    • Incident Response: In case of malfunction or harmful output, MindsDB provides support but the customer maintains decision authority.

4. Roles & Responsibilities

  • MindsDB

    • Provides secure software and documentation.

    • Ensures product updates maintain compliance with this policy.

    • Supports customers with configuration, monitoring, and responsible AI guidance.

  • Customer

    • Hosts the software and provides model endpoints.

    • Interprets and validates all AI-generated insights.

5. Implementation & Enforcement

  • Customers are encouraged to integrate MindsDB outputs into their own model risk management and data governance processes.

  • Violations of this policy (e.g., unauthorized modification of MindsDB software) may result in suspension of support and contractual remedies.

6. External EngagementMindsDB is committed to:

  • Transparency with customers about product capabilities and limitations.

  • Supporting customers in meeting obligations under the EU AI Act, U.S. AI Executive Orders, and sector-specific requirements (e.g., HIPAA in healthcare).

7. Policy ReviewThis AI Governance Policy will be reviewed prior to each deployment or in response to regulatory changes. Updates will be communicated to customers promptly.