Privacy Policy

Effective TBD · AllesMind is operated by . Contact: support@allesmind.com.

1. What this policy covers

This policy describes how AllesMind ("we", "us") collects, uses, stores, and shares information when you use AllesMind (the "Service") — the website at allesmind.com and any related applications. By using the Service you agree to the practices set out below.

2. Information we collect

2.1 Information you give us

  • Account details: your email address, display name (optional), and a hashed password.
  • Content you create or upload: the documents (PDFs, photos, pasted text) you submit for mind-map generation, the mind maps you save, images you attach to nodes, and any metadata such as the map title and sharing visibility.
  • Payment details for paid plans and credit top-ups — handled by our payment processor (see §4). We never see or store your full card number.

2.2 Information we collect automatically

  • Authentication cookie: a single HTTP-only cookie (am_token) holds your session token. We do not use third-party tracking cookies.
  • Server logs: request paths, response codes, IP addresses, user-agent strings, and timestamps. Retained for 90 days for security and debugging, then deleted.
  • AI usage metadata: per-generation token counts, model used, and credit balance changes. Used for billing accuracy and plan limits.

3. How we use your information

  • To provide the Service — turning your inputs into mind maps and showing them back to you.
  • To authenticate you, enforce plan limits, and apply credits.
  • To send transactional emails (welcome, password reset, payment receipts). We do not send marketing email unless you explicitly opt in.
  • To investigate abuse, comply with legal obligations, and resolve disputes.

We do not use your mind-map content to train AI models, sell access to your content, or share it with advertisers.

4. Third parties we share with

We rely on a small number of processors to run the Service. Each only receives the data needed for their specific role.

Anthropic, PBC (USA)
Operates the Claude AI models used for mind-map generation. The document, image, or text you submit is sent to Anthropic's API, processed to produce the map, and returned. Anthropic's commercial terms state inputs and outputs are not used to train their models. See Anthropic Privacy.
Cloudflare, Inc. (USA / global)
Hosts images via Cloudflare R2 object storage. Stored images include those you upload to nodes and images extracted from your source PDFs. See Cloudflare Privacy.
Paddle.com Market Limited (UK) — payment processor
Paddle is the merchant of record for all paid plans and credit purchases. They handle card data, fraud screening, and tax compliance. See Paddle Privacy.
SMTP delivery provider
We send transactional emails through an SMTP relay configured in the admin panel. Only the recipient address and message content are passed through. No marketing list is built.

We do not transfer your data to any other third party except where required by law or to defend our legal rights.

5. Where your data is stored

Account, billing-state, and mind-map data are stored on servers in South Africa. Object-storage assets (uploaded images) live in Cloudflare R2 buckets, which may replicate globally. AI processing happens in Anthropic's infrastructure (currently in the United States).

6. How long we keep it

  • Mind maps and account data: until you delete the map or the account.
  • Source PDFs / images submitted for generation: not stored beyond the generation request itself. Images extracted from PDFs (and source images you uploaded) are saved to your map's image library; library images you never attach to a node are automatically deleted after 7 days.
  • Server logs: 90 days.
  • Payment records: retained as required by South African tax law (currently 5 years).
  • Backups: rolling 30-day backups, then overwritten.

7. Your rights

Under the South African Protection of Personal Information Act (POPIA) — and, where applicable, the EU/UK GDPR — you have the right to:

  • Access the personal information we hold about you.
  • Ask us to correct anything inaccurate.
  • Ask us to delete your account and all associated data ("right to erasure").
  • Object to processing, or restrict it.
  • Receive a copy of your mind-map content in a portable format (you can already export to Markdown, PNG, SVG, and PDF from inside the app).
  • Lodge a complaint with the Information Regulator (South Africa) or your local data-protection authority.

To exercise any of these rights, email support@allesmind.com. We respond within 30 days.

8. Security

We use HTTPS everywhere, bcrypt-hashed passwords, HTTP-only auth cookies, parameterised SQL queries, and the principle of least privilege for our processors. No system is unbreakable; if a breach affects your account we will notify you within 72 hours where required by law.

9. Children

The Service is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email and reflected in the "Effective" date at the top of this page. Continued use of the Service after a change means you accept the new policy.