MindsHub
Star Console Download

Legal

AI Policy

Last updated:

Approved By: MindsDB Executive Team

1. Purpose & Scope

MindsDB builds MindsHub, a platform for running open-source AI agents, together with the open-source MindsDB query engine that lets those agents reach the data and tools they need.

 This AI Governance Policy establishes the principles, safeguards, and responsibilities by which MindsDB ensures that:

  • All AI-enabled capabilities respect human oversight and enterprise governance.

  • Under self-managed / open-source deployments, MindsDB software runs within the customer’s own infrastructure (VPC or on-premises) and does not host, store, or access customer data.

  • Under the MindsHub hosted platform, the software runs on MindsDB-operated infrastructure: MindsDB hosts the data needed to run the service (account data, credentials in an encrypted per-connection vault, agent memory, and artifacts), while the customer still chooses its models. In both models, customers keep control of their data and models, and MindsDB does not sell customer data or use customer content to train models.

This policy applies to all use of MindsDB software by customers, employees, contractors, and partners.

2. Principles & Commitments
MindsDB commits to the following Responsible AI Principles:

  1. Human in the Loop

    • MindsDB does not make autonomous business, medical, financial, or legal decisions.

    • All outputs are recommendations or information retrievals, subject to human interpretation and approval.

  2. Data Stewardship

    • In self-managed deployments, MindsDB does not host, store, or transfer customer data, and all processing occurs within the customer’s controlled environment.

    • In the MindsHub hosted platform, MindsDB hosts the data needed to run the service (account data, vaulted credentials, agent memory, and artifacts), protected with encryption and scoped access, and processes it only to provide and secure the service.

    • In both models, MindsDB does not collect or share customer data for training purposes.

  3. Model Control

    • Customers choose which models the software uses — by providing their own Large Language Model (LLM) endpoints and keys, or, on the MindsHub hosted platform, by routing through the MindsHub model router to the providers they select.

    • MindsDB never substitutes or injects third-party models without the customer’s selection or approval.

  4. Security by Design

    • Each user in MindsDB configures their own credentials to access only the data sources they are authorized for.

    • User accounts are completely independent: credentials, permissions, and query scopes are isolated per user.

    • MindsDB enforces that users cannot view or query data outside of their authorized scope, preserving enterprise-grade data governance.

    • Access policies and enforcement remain fully under the customer’s control, leveraging existing identity and access management systems.

  5. Transparency & Explainability

    • All queries and AI interactions can be logged for audibility if requested by the customer.

    • Customers can review, trace, and validate how an answer was generated.

  6. Compliance & Ethics

    • MindsDB aligns with leading frameworks such as NIST AI Risk Management Framework, ISO/IEC 42001, and relevant privacy regulations (e.g., GDPR, HIPAA, CCPA).

    • MindsDB is committed to avoiding bias, discrimination, or harmful uses of AI.

3. Governance FrameworkMindsDB operates under the following governance structure:

  • AI Governance Committee: Oversees policy updates, risk assessments, and compliance mapping.

  • Customer Control: Each customer determines which models, datasets, and users are permitted.

  • Lifecycle Governance:

    • Configuration: MindsDB connects customer data sources and models.

    • Operation: In self-managed deployments, inference runs in the customer’s VPC or on-prem environment; on the MindsHub hosted platform, the agent runtime runs on MindsDB-operated infrastructure and calls the models the customer has selected.

    • Monitoring: Logs and metrics are visible to the customer for oversight.

    • Incident Response: In case of malfunction or harmful output, MindsDB provides support but the customer maintains decision authority.

4. Roles & Responsibilities

  • MindsDB

    • Provides secure software and documentation.

    • Ensures product updates maintain compliance with this policy.

    • Supports customers with configuration, monitoring, and responsible AI guidance.

  • Customer

    • In self-managed deployments, hosts the software and provides model endpoints; on the MindsHub hosted platform, configures the account, connects data sources, and selects models.

    • Interprets and validates all AI-generated insights.

5. Implementation & Enforcement

  • Customers are encouraged to integrate MindsDB outputs into their own model risk management and data governance processes.

  • Violations of this policy (e.g., unauthorized modification of MindsDB software) may result in suspension of support and contractual remedies.

6. External EngagementMindsDB is committed to:

  • Transparency with customers about product capabilities and limitations.

  • Supporting customers in meeting obligations under the EU AI Act, U.S. AI Executive Orders, and sector-specific requirements (e.g., HIPAA in healthcare).

7. Policy ReviewThis AI Governance Policy will be reviewed prior to each deployment or in response to regulatory changes. Updates will be communicated to customers promptly.