Privacy Policy

2.1 Information You Provide Directly

• Account Information: Name, email address, username, password, and profile information
• Payment Information: Billing address, payment method details (processed securely by third-party payment processors)
• Learning Content: Topics you explore, questions you ask, learning expeditions you create, notes, and journal entries
• Communications: Messages you send to us, feedback, support requests, and survey responses
• API Keys: If you use our "Bring Your Own Key" (BYOK) plan, we securely store your encrypted API keys for third-party AI services

2.2 Information Collected Automatically

• Usage Data: How you interact with our Service, features used, time spent, click patterns, and navigation paths
• Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
• Technical Data: IP address, location data (general geographic area), connection information, and performance metrics
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies, and similar tracking technologies
• Log Data: Server logs, error reports, and security-related information

2.3 Information from Third Parties

• Authentication Providers: Information from social login services (if used)
• Payment Processors: Transaction status and payment verification data
• Analytics Services: Aggregated usage statistics and performance data
• AI Model Providers: Usage metrics and API response data (anonymized)

3.1 Service Provision

• Provide, operate, and maintain our AI learning platform
• Process your learning queries and generate AI responses
• Create and manage your learning expeditions and knowledge maps
• Generate personalized learning recommendations and insights
• Enable PDF exports and content sharing features
• Provide customer support and respond to your inquiries

3.2 Account and Subscription Management

• Create and manage your user account
• Process payments and manage subscriptions
• Send transactional emails and service notifications
• Enforce usage limits and subscription terms

3.3 Service Improvement and Analytics

• Analyze usage patterns to improve our Service
• Develop new features and enhance existing functionality
• Monitor service performance and troubleshoot issues
• Conduct research and analytics (using aggregated, anonymized data)

3.4 Security and Legal Compliance

• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and policies
• Comply with legal obligations and regulatory requirements
• Respond to legal requests and prevent illegal activities

3.5 Marketing and Communications (With Consent)

• Send promotional emails and product updates (opt-in only)
• Provide educational content and learning tips
• Conduct surveys and gather feedback

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• AI Model Providers: OpenRouter and other AI services (query data only, not personal information)
• Cloud Infrastructure: Supabase, Vercel, and other hosting providers
• Payment Processors: Stripe and other payment services
• Analytics Services: Vercel Analytics and similar services (anonymized data only)
• Email Services: For transactional and marketing emails (with consent)

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify individual users for research, analytics, or business purposes.

6.1 Account Data

We retain your account information and learning data as long as your account is active or as needed to provide our Service.

6.2 Deleted Accounts

When you delete your account, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

6.3 Backup and Recovery

Some information may persist in backup systems for up to 90 days after deletion for disaster recovery purposes.

7.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a portable format
• Export your learning expeditions and journals

7.2 Correction and Updates

• Correct inaccurate personal information
• Update your account information and preferences

7.3 Deletion

• Delete your account and associated data
• Request deletion of specific information (subject to legal requirements)

7.4 Marketing Communications

• Opt out of marketing emails at any time
• Manage your communication preferences

7.5 Exercising Your Rights

To exercise these rights, contact us at privacy@thoughtmap.space or use the privacy controls in your account settings. We will respond to your request within 30 days.

8.1 Types of Cookies

• Essential Cookies: Required for basic functionality and security
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use our Service
• Marketing Cookies: Used for targeted advertising (with consent)

8.2 Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect Service functionality.