MindPlot Privacy Policy

Last Updated: 19 August 2025

Welcome to MindPlot!

OWNERSHIP STATEMENT: The website mindplot.ai and the MindPlot service are owned and operated by Beijing COSINX Technology Co., Ltd., a corporation incorporated under applicable laws.

Beijing COSINX Technology Co., Ltd. ("COSINX", "we", "us", or "our") owns and operates mindplot.ai and all related MindPlot applications and services (collectively, the "Service"). We are committed to protecting your privacy and handling your data in a transparent and secure manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

1. Scope & Application

1.1 This Policy applies to all visitors, users, and others who access or use the Service.
1.2 By using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with any part of it, please discontinue use.

2. Information We Collect

Category	Examples	Purpose
Information You Provide	• E-mail address, display name <br>• Prompts, chat history, uploaded files <br>• Payment details (via Stripe, PayPal) <br>• Feedback & support tickets	• Account creation & authentication <br>• Delivering AI chat & plotting features <br>• Processing payments <br>• Customer support
Automatically Collected	• IP address, browser type & version <br>• Device identifiers (e.g., iOS IDFA, Android AAID) <br>• Usage logs (clicks, time stamps, feature usage) <br>• Crash reports & diagnostics	• Service stability & security <br>• Product improvement & bug fixing <br>• Fraud & abuse prevention
Third-Party Sources	• Google/Apple sign-in (name, avatar, e-mail) <br>• Third-party integrations you authorize	• Streamlined sign-up <br>• Enabling integrations

3. Security & Authentication Model

🔒 Password-Free Authentication:
MindPlot uses OAuth 2.0 authentication through trusted providers (Google, Apple, GitHub). We never collect, store, or have access to your passwords. Your login credentials remain securely with your chosen authentication provider.

🛡️ Data Protection:

Authentication Data: Managed by Supabase, a SOC 2 Type 2 certified platform with enterprise-grade security
Infrastructure Security: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Control: Role-based permissions ensure your data is accessible only to you and authorized service functions
No Sensitive Data Collection: We do not collect credit card details (handled by Stripe/PayPal), social security numbers, or other highly sensitive personal information

🔐 Your Data, Your Control:
Your authentication and personal data are protected by industry-leading security standards. We implement privacy-by-design principles and data minimization practices.

4. Legal Bases for Processing (EEA/UK Users)

We process personal data only when we have a legal basis, including:

Contract performance (Art. 6 (1)(b) GDPR)
Legitimate interests (Art. 6 (1)(f) GDPR)
Consent (Art. 6 (1)(a) GDPR)
Legal obligations (Art. 6 (1)(c) GDPR)

5. How We Use Your Information

We use the collected information to:
a) Provide, maintain, and improve the Service;
b) Personalize your experience;
c) Develop new features;
d) Protect against abuse, fraud, and security threats;
e) Communicate with you (updates, offers, support);
f) Meet legal or regulatory obligations.

6. Sharing & Disclosure

We never sell your personal data. We may share it only:

With service providers (hosting, analytics, e-mail, payment processors) under strict data-processing agreements.
For legal reasons (court orders, law enforcement, enforce our Terms).
In corporate transactions (merger, acquisition, asset sale) with notice and your choices where required.
With your explicit consent.

7. International Data Transfers

Data may be processed in the United States or other jurisdictions. When transferring from the EEA, UK, or Switzerland, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission, or
Adequacy decisions, or
Your explicit consent.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined above, or to comply with legal obligations. When no longer required, we delete or anonymize it.

9. Your Rights & Choices

Right	How to Exercise
Access & Portability	Contact mindplot@cosinx.com
Correction	Edit profile in “Account Settings”.
Deletion	Request via mindplot@cosinx.com
Restriction / Objection	Toggle in “Privacy Settings” or e-mail us.
Withdraw Consent	Any time via settings or e-mail.
Opt-out of Marketing	Click “unsubscribe” in any marketing e-mail.

Pro / Max Subscriber Tip:
If you are on a paid Pro or Max plan, you can switch off the use of your data for service-improvement analytics. Visit Settings ➜ Privacy ➜ Improve MindPlot and toggle “Data analytics for improvement” off. Basic security and operational logging will continue.

10. Cookies & Tracking Technologies

We use essential, performance, and analytics cookies. You can manage or refuse non-essential cookies through your browser or in-app settings. Doing so may affect certain features.

11. Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have done so, contact us and we will promptly delete such data.

12. Security Measures

We implement industry-standard technical and organizational safeguards (encryption in transit & at rest, role-based access, regular audits). Despite best efforts, no system is 100 % secure; please keep your credentials safe.

13. Changes to This Policy

We may update this Policy periodically. Material changes will be posted on this page with a new “Last Updated” date and, where appropriate, notified via e-mail or in-app banner. Continued use after changes constitutes acceptance.

14. Related Policies

Terms of Service: mindplot.ai/terms
Refund Policy: mindplot.ai/refunds

15. Contact Us

For questions, concerns, or to exercise your rights:
E-mail: mindplot@cosinx.com