mindchart Logo

Privacy Policy

Last updated – 13 May 2025

1. Introduction

Mindchart.ai ("we", "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

CategoryExamplesLegal basis (GDPR)
Account dataname, e-mail, password hashArt. 6 (1)(b) contract
Usage datalogs, device/browser, IP, clicksArt. 6 (1)(f) legitimate interests (security & analytics)
Payment databilling address, partial card info (processed by Stripe)Art. 6 (1)(b) contract
Cookies & similar techpreference cookies, analytics pixelsConsent where required (Art. 6 (1)(a))

3. How We Use Information

  • Provide, maintain, and improve the Service
  • Process transactions and send invoices
  • Respond to enquiries and support requests
  • Analyse usage to enhance features and UX
  • Send critical security or service notices
  • (With consent) deliver product updates or marketing e-mails (opt-out anytime)

4. Sharing & Disclosure

We share personal data only with:

  • Processors – all bound by GDPR-compliant data-processing agreements:
    • Google Firebase Hosting (Frankfurt, germany-west3) – backend compute, database, auth
    • Vercel (EU region) – static frontend and edge functions
    • Stripe (Ireland head office) – payment processing
    • Postmark (EU data centre, Frankfurt) – transactional and system e-mail
  • Competent public authorities when legally required
  • A successor in the event of merger, acquisition, or insolvency

We never sell your personal information.

5. International Transfers

Your data is stored exclusively in German data centres. No cross-border transfer occurs unless you:

  1. Enable optional third-party integrations that store data abroad; or
  2. Complete a payment (Stripe may transmit limited data to US entities under the EU–US Data Privacy Framework or Standard Contractual Clauses).

When future transfers are necessary, we rely on an adequacy decision, SCCs, or your explicit consent.

6. Data Retention

We keep account data while your account is active and for up to 30 days after deletion (to allow recovery), unless longer retention is required by law.

7. Your Rights (EEA/UK Residents)

  • Access, correct, or delete personal data
  • Port data in a structured, machine-readable format
  • Restrict or object to processing
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority (e.g., Baden-Württemberg DPA)

8. California Privacy (CCPA/CPRA)

We do not "sell" personal information. California residents can request disclosure or deletion via privacy@mindchart.ai.

9. Security

We apply TLS 1.3 encryption, role-based access control, daily backups, and 24/7 monitoring. No method of transmission is 100 % secure, but we employ industry-standard safeguards.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect their data.

11. Cookies & Tracking

We use first-party cookies for authentication and preferences, plus privacy-friendly analytics (Plausible) hosted in Germany. Manage preferences anytime via our cookie banner.

12. Changes to This Policy

We'll e-mail you or display a banner at least 30 days before material changes take effect.

13. Contact

E-mail privacy@mindchart.ai or write to:

Mindchart.ai
Grimmstrasse 2
74076 Heilbronn
Germany