Security

MindLM employs industry-leading encryption standards for all data transmission and storage, ensuring your information is protected at every stage.

All communication between clients and servers is encrypted using TLS 1.3 protocol, preventing man-in-the-middle attacks and data interception. At rest, user data is encrypted using AES-256 encryption, ensuring that even in extreme scenarios, unauthorized access cannot read the original data.

• TLS 1.3 encryption for all network traffic
• AES-256 encryption for data at rest
• Encrypted database connections
• Keys managed by dedicated key management service with regular rotation

We implement strict access control policies to ensure only authorized personnel and systems can access user data.

MindLM uses a Role-Based Access Control (RBAC) model following the principle of least privilege. All internal system access requires Multi-Factor Authentication (MFA), with complete audit logging.

• Role-Based Access Control (RBAC) with minimum necessary permissions
• Mandatory Multi-Factor Authentication (MFA) for all administrative access
• Database-level Row Level Security (RLS) ensuring users can only access their own data
• Comprehensive audit logging for all administrative operations

MindLM is built on industry-leading cloud infrastructure, leveraging platform-level security capabilities.

The application is deployed on Vercel's global edge network with enterprise-grade DDoS protection and WAF (Web Application Firewall). Database services are provided by Supabase running on AWS infrastructure with automatic backups, point-in-time recovery, and network isolation.

• Vercel edge network for global acceleration and DDoS protection
• Supabase databases with automatic backups and disaster recovery
• Strict isolation between production and development environments
• Regular dependency security scanning and system updates

We understand users' concerns about AI processing their content, and have implemented strict privacy measures for data handling.

When you use MindLM to generate mind maps, your content is sent to AI models for real-time processing. After processing is complete, the input content is not retained for model training or other purposes. We do not use your content to improve third-party AI models.

Mind maps and related data that you choose to save are stored only in your account, under your complete control.

• AI processing is real-time and ephemeral — original input is not retained after processing
• User content is never used for model training
• All rights to generated output belong to the user
• You can delete all saved data from your account at any time

MindLM follows the core principles of international privacy regulations in its design and operations.

Our data handling practices align with the fundamental requirements of GDPR (General Data Protection Regulation), including data minimization, purpose limitation, storage limitation, and data subject rights. We collect only the minimum data necessary to provide our services.

• Data minimization — only essential data is collected
• Clear data processing purposes and legal basis
• User rights to access, correct, and delete their data
• Transparent privacy policy clearly explaining data collection and usage

While we take comprehensive security measures, we also maintain a robust incident response plan for potential security events.

MindLM has a dedicated security response process covering detection, assessment, containment, remediation, and notification. If a security incident involving user data occurs, we commit to notifying affected users within 24 hours of confirmation.

• 24/7 security monitoring and anomaly detection
• 24-hour notification commitment for confirmed security incidents
• Complete incident response workflow: Detection → Assessment → Containment → Remediation → Review
• Security vulnerability reporting channel: security@mindlm.io

We believe users should have complete control over their data. MindLM provides several tools to help you manage your account security and data.

• Export all personal data (mind maps, account information)
• Permanently delete your account and all associated data
• Manage sharing status of mind maps, revoke public links anytime
• View account activity and login history
• Manage passwords and security settings

Security is an ongoing process. We welcome security researchers and users to report potential security issues.

If you discover a security vulnerability or have security-related questions, please contact our security team at security@mindlm.io. We take every security report seriously and will promptly address confirmed issues.

For general product support, please contact support@mindlm.io.