Mindmup GDPR Compliance

At Mindmup, we care about your privacy and data. Users are our most important stakeholders, not a product to be sold to third parties. Because optional Mindmup subscriptions make the service commercially sustainable, including for free users, we do not rely on advertising or user tracking for revenue.

We store only the minimum information necessary to provide the service, share it only with GDPR-compliant processors when required for operational purposes, and do not allow other third parties to link, track, or access user information.

Mindmup is operated by Mindmup Inc, a company registered in the United States. We apply strong data protection standards, including principles aligned with the European Union GDPR, and extend the same level of privacy protection to all users, regardless of location.

We process personal data in order to provide the service you request (performance of a contract), to comply with legal obligations, and for our legitimate interests, including security, fraud prevention, and service improvement. Where required by law, we rely on user consent for certain processing activities such as analytics.

For data processing, Mindmup is using Amazon Web Services (AWS), which are GDPR compliant.

For additional payment processing, only when instructed by our users, we may share personal data with Stripe.

For signing into the application, only when instructed by our users, we may also share personal data with Google and Microsoft. The Mindmup web site does not include any widgets or analytics that would allow Google or Microsoft to track users without their knowledge.

We use Google Analytics to understand how users interact with Mindmup, improve performance, and enhance the user experience. Google Analytics may collect information such as IP address, device type, browser information, pages visited, and usage patterns through cookies or similar technologies. This information is processed in accordance with applicable data protection laws, including GDPR where applicable. We do not use analytics data to access or review the content of your maps. For users accessing Mindmup through educational institutions, analytics data is limited to service improvement purposes and is not used to build advertising profiles.

If you are using Mindmup without signing in (free users), we are not collecting or processing any of your personal data.

If you are signing in using a third-party, such as Google or Microsoft, we will store your basic third-party profile information (such as the user account identifier and domain), along with the time of the authentication operation, in a database on AWS, for security and auditing purposes. This applies both to free and paying users.

If you are signing in using a third-party, such as Google or Microsoft, and using Mindmup Cloud storage, we will also store your e-mail for the purpose of enabling other users to share documents with you.

If you subscribe to Mindmup, we will store your administrative e-mail, chosen account name and anonymised payment information in a database on Amazon Web services for the purpose of securing your account and authenticating you when you use Mindmup. We will share the payment information, as provided by you, directly with our payment processor. In most cases, this is Stripe. In the past, we also allowed users to subscribe using PayPal. Although we do not offer this to new subscribers, if you previously subscribed to Mindmup with PayPal, we have also stored your basic PayPal profile information in a database on AWS.

Mindmup uses Google e-mail services. When you send us e-mails, or when Mindmup sends you operational information by e-mail, the contents of the messages along with the recipient information are stored and processed using Google Mail.

In case of attempted payment fraud or security violations, we store the e-mail associated with the operation and the meta-data about the incident for security purposes and to prevent fraud.

If you are using Mindmup Cloud storage for your mind maps, Mindmup stores the contents of those maps to the AWS Simple Storage Service (S3).

If you are using Mindmup for Google Drive, Mindmup does not store the contents of the maps, but instead shares it with Google Drive.

Regardless of the type of storage used, Mindmup also collects operational information about user actions (such as opening pages on our web site, or managing the maps) for auditing and troubleshooting purposes. We may record the type of action taken and the time when the action occurred, along with the metadata about the user’s browser. We store this information using AWS.

We use AWS data centre located in the United States.

For information on where the payment processors and authentication processors store information, please consult their support.

Account-related information is stored for the duration of the subscription and remains stored until the account is deleted. When an account is deleted, associated personal data is removed from our active systems, subject to standard backup processes.

Any information related to security or auditing, including information on attempted payment fraud, may be retained for legitimate security and fraud prevention purposes.

When users sign into Mindmup using a third-party authentication system, such as Google or Microsoft, we collect basic third-party profile information (name, e-mail, user account identifier and domain), directly from the authentication provider.

We use subscription information to decide what level of service to provide to users. Apart from that, there are no other automated decisions made.

We are not aware of any security or privacy breaches related to data stored by Mindmup.

We keep a copy of key subscription and account information, along with the key fraud prevention data, for seven days on an external disk outside AWS. This data is destroyed after seven days.

If you are located in the European Union or a jurisdiction with similar laws, you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability where applicable. You also have the right to lodge a complaint with a supervisory authority. To exercise your rights, contact contact@mindmup.com.

Please send an e-mail to contact@mindmup.com.

Please send an e-mail to contact@mindmup.com.