ModuMind (“we”, “us”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to the ModuMind web service and any related properties operated by us.
1. Information We Collect
a. Account information
- Email address, display name, password (hashed)
- If you sign in with a third party (e.g., Google): the email, name, and avatar provided by that provider
b. Billing information
- Subscription ID, plan, billing country, receipt metadata, and payment status received from Polar.sh (our Merchant of Record).
- We never receive or store your full payment card number. Card data is handled exclusively by Polar.sh and its PCI-compliant processors.
c. Automatically collected
- IP address, user agent, cookies, log records, error reports, basic usage telemetry
2. Mind Map Data
Your mind maps are not stored on our serversby default. They live in your browser’s IndexedDB and, if you opt in, sync to a cloud drive of your choice (e.g., Google Drive). The only exception is when you explicitly generate a public share link — in that case the snapshot needed to render the link is hosted on our infrastructure (Supabase Storage).
3. How We Use Information
- To create and authenticate your account and prevent fraud or abuse
- To process subscriptions, payments, and refunds
- To operate, maintain, and improve the Service
- To respond to support requests and send essential service notices
- To comply with legal obligations
4. Retention
| Category | Retention |
|---|---|
| Account information | Until you delete your account |
| Billing records | Up to 5 years (legal accounting requirements) |
| Access logs | 3 months |
| Error reports | Up to 12 months, then anonymized |
5. Sub-processors
We rely on the following sub-processors to operate the Service. By using ModuMind you consent to this processing.
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase, Inc. | Authentication, database, file storage | Seoul (ap-northeast-2) |
| Polar.sh | Payment processing (Merchant of Record) | United States / Global |
| Vercel, Inc. | Web hosting and CDN | Global edge |
| Google LLC | Google Drive sync (only if you opt in via OAuth) | Global |
We do not sell your personal information. We do not share it with third parties for marketing purposes.
6. International Transfers
Some sub-processors operate outside your country of residence. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal data
- Object to or restrict processing
- Receive a copy of your data in a portable format
- Withdraw consent (where processing is based on consent)
To exercise these rights, contact us at mailside@gmail.com. You can also delete your account at any time from Settings.
8. Cookies & Local Storage
We use cookies and browser local storage to keep you signed in and to remember your language and theme preferences. You can disable cookies in your browser, but parts of the Service may not work as expected.
9. Security
- Passwords are stored using one-way hashing
- All traffic is encrypted via HTTPS/TLS
- Access controls follow the principle of least privilege
- Regular security review and dependency updates
10. Children
The Service is not directed to children under 13 (or the equivalent minimum age in your country). If we become aware that a child has provided us personal data, we will delete it promptly.
11. Data Protection Contact
Privacy Officer: Jay Kim
Email: mailside@gmail.com
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced via email or in-product notice at least 14 days in advance.