MyMap
Log inGet Started
← Back to MyMap

Privacy Policy

Effective date: 2026-02-25

MyMap ("we," "us," or "our") respects your privacy. This policy explains how we collect, use, store, and protect your data when you use our AI-powered visual thinking platform at mymap.ai (the "Service").

1. Data We Collect

We collect the following categories of data:

Account and registration

When you sign up, we collect your email, name (optional), and password (or OAuth credentials from Google). We use this to create and manage your account.

User-generated content

Maps, nodes, connections, AI chat messages, and any text or diagrams you create are stored to provide and sync the Service. You own this content; we process it solely to operate the Service and do not use it for advertising or selling to third parties.

Payment and billing

Subscription payments are handled by Paddle. We receive subscription status and identifiers; payment details (e.g., card numbers) are processed directly by Paddle and not stored by us.

Technical and usage data

We collect session identifiers, IP addresses, and basic usage data (e.g., to detect errors and ensure the Service works). Our hosting provider (Vercel) may log requests for security and operations. We may use analytics tools to understand feature usage; where used, we configure them to minimize identification.

Cookies and similar technologies

We use cookies and local storage for session management and preferences (e.g., theme). These are essential for the Service to function. We do not use third-party advertising cookies.

2. How We Use Your Data

We use your data to: provide and improve the Service; process subscriptions; respond to support requests; detect and prevent abuse; comply with legal obligations; and communicate important updates about the Service.

3. AI and Third-Party Processing

When you use AI features, your prompts and canvas context are sent to OpenAI to generate responses. OpenAI processes this data to deliver the service and does not use your content to train its models (per its API terms). For details, see OpenAI's privacy policy.

4. Third-Party Services

We use the following services to operate MyMap:

  • Supabase — Database, auth, and storage. Data is stored in Supabase's cloud infrastructure.
  • Vercel — Hosting and serverless functions. Requests may be logged for security and operations.
  • Google — OAuth sign-in. If you use Google to log in, we receive your email and name from Google.
  • OpenAI — AI generation. Prompts and context are sent to OpenAI to generate responses.
  • Paddle — Payment processing. Subscription and billing data is handled by Paddle.

Each provider has its own privacy policy. We select providers that commit to appropriate data protection practices.

5. Data Retention and Deletion

We retain your data while your account is active. When you delete your account or request deletion, we remove your data from active systems within a reasonable timeframe. Backups may retain deleted data until overwritten. You can export your maps and content before closing your account.

6. International Data Transfers

We and our providers operate in multiple regions. Your data may be processed in the United States, European Union, or other locations. Where required, we use Standard Contractual Clauses or other mechanisms to ensure adequate protection for transfers outside your jurisdiction.

7. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and secure authentication. No system is fully secure; we commit to notifying affected users of significant data breaches as required by law.

8. Your Rights

Depending on where you live, you may have the right to:

  • Access — Request a copy of your data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data
  • Portability — Receive your data in a structured format
  • Object or restrict — Object to certain processing or request restrictions
  • Withdraw consent — Where processing is based on consent

EU/EEA users: These rights apply under GDPR. You may also lodge a complaint with your data protection authority.

California residents: Under CCPA/CPRA, you have rights to know, delete, correct, limit use of sensitive information, and opt out of sale/sharing. We do not sell your personal information.

To exercise these rights, contact us at help@mymap.ai. We will respond within the timeframes required by applicable law.

9. Children

The Service is not intended for users under 16. We do not knowingly collect data from children. If you believe we have collected a child's data, contact us and we will delete it.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or the law. We will notify you of material changes by email or in the Service. The "Effective date" at the top indicates when the current version took effect.

11. Contact

For privacy questions, data requests, or concerns, contact us at help@mymap.ai. For general support, you can reach us through the Service.