Privacy Policy

SpawnGraph is a browser-native mind mapping tool. The core NLP that structures your content into a mind map runs entirely inside your browser — no content you paste, drop, or upload is sent to our servers for processing. You can verify this in DevTools → Network during any generation: there are zero outbound calls carrying your content.

This policy describes what data we do collect (account information, board metadata, usage counters) and how we use it.

Account data — When you register, we store your name, email address, and a hashed password. Google OAuth sign-ins store your name, email, and Google profile ID. We never store your Google password.

Board data — Mind map content (nodes, edges, layout) you save is stored in our database on a Hetzner server in Germany. Guest (unauthenticated) boards are stored only in your browser's localStorage and are never sent to our servers unless you choose to save them by creating an account.

Images — Images you drag onto a board are uploaded to Cloudflare R2 object storage and served via signed URLs that expire after 7 days.

Usage counters — We track board count and export count per user to enforce plan limits. We do not track individual page views or build behavioral profiles.

Payment data — Payments are processed by Dodo Payments (our merchant of record). We store a subscription status and customer ID but never handle raw card numbers.

We do not use Google Analytics, Meta Pixel, or any third-party behavioral tracking scripts. We do not sell your data. We do not train AI models on your content.

• Authenticate you and maintain your session
• Store and sync your mind maps across devices
• Send transactional emails (verification, password reset, collaboration invites) via Brevo
• Enforce free-plan board and export limits
• Manage your subscription via Dodo Payments

We use the following sub-processors:

• Hetzner — server and database hosting (Germany, EU)
• Cloudflare — CDN, Pages hosting, R2 image storage
• Brevo — transactional email delivery
• Dodo Payments — payment processing and subscriptions
• Google — optional OAuth sign-in

Your account data is retained until you delete your account. You can delete your account at any time from Settings → Account → Delete account. Deletion removes your profile, boards, and images within 30 days.

Anonymized usage counters (board count totals) may be retained for up to 90 days after deletion for billing reconciliation.

Depending on your location, you may have rights under GDPR, CCPA, or similar laws to access, correct, export, or delete your personal data. To exercise these rights, email us at [email protected].

We use a single session cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies.

We will notify registered users by email of material changes at least 14 days before they take effect. Continued use after that date constitutes acceptance.

Questions? Email [email protected].