Privacy Policy

MindFlow

Last updated: 6/18/2025

Please read the following privacy policy carefully before using our service.

1. Information about the collection of personal data and contact details of the person responsible

1.1

We are pleased that you are using our application (hereinafter "app"). In the following we inform you about the handling of your personal data when using our app. Personal data is all data with which you can be personally identified.

1.2

Responsible for data processing regarding this app within the meaning of the General Data Protection Regulation (GDPR) is:

Abdullah Riaz
101 Lalazar, Lahore, Pakistan
Tel.: 0923314994587
Email: abdullahriaz95+mindflow@gmail.com

The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

2. Contact

When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted once your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.

3. Data processing for contract processing

3.1

For the processing of contracts concluded via the app, we work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institute as part of the payment process, provided this is necessary for the payment process. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Article 6 (1) (b) GDPR.

3.2 - RevenueCat

In the case of in-app payments, payment is made via RevenueCat Inc., 300 Euclid Avenue San Francisco, CA 94118, USA. to whom we pass on the information you provided during the ordering process together with the information about your order. Your data will be passed on in accordance with Article 6 Paragraph 1 Letter b GDPR exclusively for the purpose of payment processing and only to the extent that it is necessary for this. We have concluded an order processing contract with RevenueCat Inc., with which we oblige the provider to protect the data of the app users and not to pass it on to third parties.

Further information on data protection by RevenueCat can be found here:
https://www.revenuecat.com/privacy

3.3 - MindMap Generation Data Processing

In order to provide MindMap generation services and enhance user experience, our app, MindFlow, processes various types of content data. We want to transparently inform you about the specifics of this data processing:

3.3.1 MindMap Generation Service

MindFlow provides MindMap generation services using three different data input types to create visual mind maps for our users:

Data Input Types:
  • PDF Documents: When you upload PDF files, the content is processed to extract text and generate mind maps. The PDF files are temporarily processed and the extracted content is used solely for mind map generation.
  • Web Links: When you provide web URLs, our service accesses the public content from these links to extract relevant information for mind map creation. No personal data from these websites is stored beyond what is necessary for mind map generation.
  • YouTube Links: When you provide YouTube video URLs, our service processes publicly available video information (such as titles, descriptions, and transcripts if available) to generate mind maps. No personal viewing data or account information is accessed.

Minimal User Data Collection: MindFlow collects minimal personal information from users. The only personal data we require is:

  • Email address for account login and authentication purposes
  • Uploaded PDF files (when users choose to generate mind maps from PDF documents)

All data processing is performed securely and in compliance with GDPR regulations. The content you provide (PDFs, web links, YouTube links) is processed solely for the purpose of generating mind maps and is not used for any other purposes. Third-party services involved in our data processing adhere to stringent data protection measures and are governed by their respective privacy policies.

3.3.2 Data Storage and Management

For efficient data management and user convenience, all user data, including mind map content, generated mind maps, and account information, is stored and processed securely through Supabase services:

User Content Storage:
  1. All uploaded PDF files are temporarily stored in Supabase Storage for processing and then securely managed according to our data retention policies.
  2. Generated mind maps and associated metadata are stored in Supabase Database for user access and management.
  3. The servers used for storage are located in the eu-west region, ensuring compliance with European data protection standards.
User Account Management:
  1. Your email address, account preferences, created mind maps, and related application data are stored in Supabase Database.
  2. Access to your data is strictly controlled and limited to essential application operations.
  3. No personal data beyond email addresses and voluntarily uploaded content is collected or stored.
Data Protection Measures:
  1. Supabase implements robust security measures to protect against unauthorized access, alteration, disclosure, or destruction of your data.
  2. While Supabase is built on AWS infrastructure (located at 410 Terry Ave N, Seattle 98109, WA), neither Supabase nor AWS employees have access to the contents of your data without explicit permission.
  3. All data transmission is encrypted and follows industry-standard security protocols.

By using MindFlow, you consent to the storage and processing of your data as described in this section. We take the security and privacy of your information seriously and ensure that all third-party services involved in our data processing adhere to stringent data protection measures. Your uploaded content is used solely for mind map generation and is not shared with third parties for any other purposes.

4. Firebase Crashlytics & MixPanel Analytics

To help us monitor user experience and create it better, we use "MixPanel Analytics", a service provided by MixPanel San Francisco, the data will be stored in the Europe Union. We get data related to user experience and information when a user gets an in app purchase.

Secondly to create anonymous crash reports, we use "Firebase Crashlytics", a service provided by Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland, to improve the stability and reliability of our app. If the app crashes, anonymous information will only be transmitted to the Google servers on the basis of your express consent in accordance with Article 6(1)(a) GDPR (app status at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the mobile phone, last log messages). Also transfers to Google LLC. In the US are possible. This information does not contain any personal data.

For more information on data protection, see the Firebase Crashlytics and MixPanel's privacy policies at:
https://firebase.google.com/support/privacy
https://mixpanel.com/legal/privacy-policy

5. Rights of the data subject

5.1

The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the person responsible for the processing of your personal data, about which we will inform you below:

  • Right to information in accordance with Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or will be disclosed, planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed which guarantees pursuant to Art. 46 GDPR when your data is forwarded to third countries exist;
  • Right to rectification in accordance with Art. 16 GDPR: You have the right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
  • Right to deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
  • Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
  • Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically feasible;
  • Right to revoke granted consent in accordance with Art. 7 Para. 3 DSGVO: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation;
  • Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, work or where the alleged infringement took place.

5.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS RESULTING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.