InMaps
Pricing
Talk to Sales

Privacy Policy

Last updated: April 21, 2026

1. Introduction

This Privacy Policy explains how Inmaps ("we", "us", "InMaps") collects, uses, shares and protects your personal data when you use inmaps.ai and related services.

By using InMaps, you agree to the practices described here. If you do not agree, do not use the service. This policy complies with LGPD (Brazil), GDPR (EU) and general international data protection principles.

2. Data we collect

Account data: name, email address, profile picture (when you sign in with Google), password hash.

Content data: mind maps, nodes, documents and text you create or upload, chat messages with the AI assistant.

Billing data: handled directly by Stripe. We only store subscription status, plan and Stripe customer ID — never card numbers.

Usage data: pages visited, actions taken, device/browser information, IP address, approximate geographic location, referrer.

Cookies and identifiers: session cookies, authentication tokens, analytics identifiers, advertising identifiers for measurement.

3. How we use your data

Provide and operate the service: authentication, saving your maps, running AI features.

Process subscriptions and payments through Stripe.

Improve product quality: analyze usage patterns, fix bugs, develop new features.

Communicate with you: service updates, security alerts, billing notices, optional marketing (you can opt out).

Measure ad campaigns: conversion tracking and audience building via Google Ads and Meta, strictly for marketing attribution.

Legal compliance and fraud prevention.

4. Third-party services we rely on

Supabase (database and authentication) — stores your account and content, Ireland/EU region.

Stripe (payment processing) — PCI-DSS compliant payment handling.

Google (OAuth sign-in, Analytics, Ads) — identity and measurement.

Meta (Facebook Pixel, Conversions API) — ad attribution and retargeting.

Anthropic (Claude API) — powers AI features. Your prompts and map content may be sent to Anthropic to generate responses. Anthropic does not train on this content per their API terms.

Vercel (hosting and CDN) — serves the site globally.

Each provider processes data under their own privacy terms. Links to their policies are available on request.

5. Cookies and tracking technologies

We use essential cookies for authentication and session handling.

Analytics cookies (Google Analytics 4) to understand aggregated usage.

Advertising cookies (Meta Pixel, Google Ads tag) fired via Google Tag Manager for conversion measurement.

You can disable non-essential cookies in your browser settings. Some features may not work without authentication cookies.

6. Data retention

Account data: retained while your account is active and for 90 days after deletion, except where law requires longer retention (e.g. tax records for billing).

Content data (maps): deleted immediately when you delete them; permanently removed from backups within 30 days.

Analytics and logs: up to 26 months.

You can request full account deletion at any time by contacting us.

7. Your rights (LGPD / GDPR)

Access: request a copy of the personal data we hold about you.

Correction: ask us to fix inaccurate data.

Deletion: ask us to remove your data, subject to legal retention obligations.

Portability: export your maps and account data in machine-readable format.

Restriction and objection: limit how we process your data or object to specific uses (e.g. marketing).

Withdraw consent: revoke consent for any processing based on consent.

Complaint: lodge a complaint with your national data protection authority (ANPD in Brazil, relevant DPA in the EU).

To exercise any right, contact us at the address below. We respond within 15 days under LGPD and 30 days under GDPR.

8. Security

All traffic is encrypted in transit via TLS 1.2+. Data at rest is encrypted at the database level. Passwords are stored hashed (never plain text).

Access to production systems is restricted, logged and reviewed.

No system is 100% secure. If a breach materially affecting your data occurs, we will notify you within 72 hours as required by law.

9. Children

InMaps is not intended for users under 13 years of age (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a minor has created an account, contact us and we will delete it.

10. International data transfers

Your data may be processed in countries outside your own, including the United States and the European Union, due to the cloud infrastructure we use. Transfers are protected by standard contractual clauses and the privacy frameworks of each provider.

11. Changes to this policy

We may update this policy to reflect new features or legal requirements. The "Last updated" date will change accordingly. For significant changes, we will notify registered users by email.

12. Contact

Controller: Inmaps

Email: contato@inmaps.ai

For LGPD-related requests, you may also contact Brazil's national data protection authority (ANPD) at anpd.gov.br.

InMaps

Powerful mind maps, made with love.

Product

  • Features
  • Pricing
  • Editor

Solutions

  • Mind Map for Exams
  • AI Mind Map
  • Online Mind Map
  • Free Mind Map
  • Brainstorming
  • Project Management
  • See all→

For You

  • For CEOs
  • For Managers
  • For Students
  • For Marketing

Company

  • Privacy Policy
  • Terms of Service
  • Contact

© 2026 InMaps. All rights reserved.