Privacy policy

This policy describes the information MindDigitize collects, how we use it, and the choices you have. It applies to minddigitize.com, the editor at app.minddigitize.com, the public viewers we host on customer subdomains, and the analytics dashboard.

For day-to-day operators, the short version: we collect what we need to run the platform, we don't sell anything to anyone, we don't run advertising trackers, and we keep your data in the region you tell us to.

What we collect

Account data

When your organisation signs up, we store the names and work emails of the people authorised to administer your venues. This is used to log you in and to send operational email about the service (changelog summaries, incident notifications, billing).

Floor-plan and venue data

The CAD files you upload, the POIs you place, the routing weights you tune, and the analytics events your viewers emit. This is your data. You retain ownership; we process it on your behalf.

Viewer analytics

When a visitor opens a public viewer, we record anonymised event data: page loads, route requests, POI hover, search queries. We do not record IP addresses with the events, we do not set advertising cookies, and we do not fingerprint browsers. The visitor's session is not joinable to any identity outside of the viewer.

Contact-form submissions

Name, work email, company, venue type, message body. Submitting the demo form does not opt you in to a mailing list. We use the message to follow up about the demo, period.

What we don't collect

• Visitor IP addresses on viewer events.
• Browser fingerprints, third-party advertising identifiers, or cross-site tracking.
• Anything from children. Our service is not directed at people under 16.
• Health data, payment card numbers (Stripe handles billing — we never see card details), or government-issued IDs.

How we use it

Account data and floor-plan data are used to provide the service. Viewer analytics are used to power the analytics dashboards your team accesses. Contact-form data is used to respond to your inquiry. We do not sell, rent, or trade any of it.

Subprocessors

We run on a small list of vendors. Current subprocessors are published at minddigitize.com/legal/subprocessors — that page is updated within 30 days of any change. The list at time of writing: AWS (compute, storage, KMS), Stripe (billing), Resend (transactional email), and Vercel (marketing site hosting).

Where your data lives

By default, customer data lives in us-east-1 for US accounts and eu-west-3 (Paris) for EU accounts. Enterprise customers can pin data residency to specific regions on request.

How long we keep it

Active customer data is retained for the life of the account. Analytics events are retained per your plan tier (30 days, 90 days, or 13 months). If you cancel, we hold all data for 90 days, then delete it. Backups are retained for an additional 30 days after deletion before being purged.

Your rights

You can access, correct, export, or delete any data we hold about you or your organisation at any time. Email privacy@minddigitize.com. We respond within 30 days, typically within 5 business days.

If you are in the EU, EEA, UK, or California, your local data-protection law gives you specific rights (GDPR Articles 15–22, CCPA §1798.100 et seq.). The list above covers them; if a request requires a specific legal-form response, say so in your email and we'll meet that.

Changes to this policy

We update this policy when our practices change. Material changes are announced 30 days in advance via the changelog and (for paying customers) via direct email. The "last updated" date at the top of this page is authoritative.

Contact

Privacy questions, data-subject requests, lawful-process responses: privacy@minddigitize.com.