Privacy Notice

Last updated: June 8, 2026

1. Who we are

Mind Map ("we", "us") provides the Mind Map service and is the data controller for personal data processed in connection with the Service.

2. What we collect and why

• Account data (email, authentication identifiers): to create and secure your account. Legal basis: contract performance.
• Content you submit (brain dumps, schedules, reminders): to provide the Service and generate AI outputs. Legal basis: contract performance.
• Usage and device data (IP address, browser, device identifiers, log events): to operate, secure, and improve the Service. Legal basis: legitimate interests.
• Support communications: to respond to your requests. Legal basis: legitimate interests.
• Cookies / local storage essential for authentication and session state. Legal basis: legitimate interests / strictly necessary.

3. Who we share data with

• Service providers / subprocessors: hosting, database, authentication, and AI inference providers acting on our instructions.
• Paddle.com, our Merchant of Record, for selling the product, subscription management, payments, tax compliance, invoicing, and refunds. Paddle acts as an independent controller for payment data it collects.
• Professional advisers (legal, accounting) where necessary.
• Authorities where required by law.

We do not sell your personal data.

4. International transfers

Your data may be transferred outside your country, including to the EEA / UK / United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

We keep your data for as long as your account is active and for a reasonable period afterwards to meet legal, tax, and accounting obligations. We delete or anonymise data when no longer needed.

6. Your rights

Depending on your jurisdiction, you have rights to access, rectify, erase, restrict, port, or object to processing of your personal data, to withdraw consent at any time, and to complain to your local supervisory authority. To exercise these rights, contact us through the support channel inside the Service. We respond within one month.

7. Security

We use appropriate technical and organisational measures, including encryption in transit, access controls, and audit logging, to protect personal data.

8. Cookies

We use only strictly necessary cookies and local storage for authentication and session state. We do not use advertising cookies.

9. Changes

We may update this Notice from time to time. Material changes will be notified through the Service.

10. Contact

Questions about this Notice or your data? Contact us through the support channel inside the Service.