Skip to main content
Under Construction - Some features may not work as expected
MAPb2MAPb2
Sign In

Privacy Policy

Last updated: February 13, 2026

MAPb2 ("we," "our," or "us") is operated by bee2.io LLC. We are committed to protecting your privacy. This policy explains how MAPb2 handles your data when you use our visual thinking tools at mapb2.io.

Privacy at a Glance

  • All your data is stored locally in your browser (IndexedDB)
  • No files or map data are ever uploaded to our servers
  • No tracking or analytics without your consent
  • No data is sold to third parties, ever
  • Authentication is optional and only required for Pro tools

1. Data Storage

MAPb2 is a client-side application. All mind maps, diagrams, sketches, and other content you create are stored in your browser's IndexedDB storage. This data never leaves your device and is not transmitted to any server.

Because data is stored locally:

  • Your data is tied to your browser and device.
  • Clearing browser data (cookies and site data) will remove your saved work.
  • We cannot recover data that has been deleted from your browser.
  • We recommend exporting important work using the built-in export tools.

2. No Server-Side Processing

All tool operations - including mind map creation, diagram editing, image exports, and file conversions - are performed entirely in your browser using client-side JavaScript. No data is sent to our servers or any third-party service for processing. The application loads once and runs locally on your device.

3. Authentication

Authentication is entirely optional. The Mind Map Builder is free and requires no account or sign-up. If you choose to subscribe to the Pro plan to access all 207 additional tools, authentication is handled through:

  • Google Sign-In: We use Google OAuth for authentication. We receive only your email address and display name. We do not access your Google Drive, contacts, or any other Google services.
  • Facebook/Meta Sign-In: We use Facebook OAuth for authentication. We receive only your email address and display name. We do not access your friends list, posts, or any other Facebook data.
  • Twitter/X Sign-In: We use Twitter/X OAuth for authentication. We receive only your email address and display name. We do not access your tweets, followers, or any other Twitter/X data.
  • Supabase: We use Supabase as our authentication provider to securely manage user sessions and subscription status. Supabase stores your email, a hashed session token, and subscription metadata.

4. Analytics and Tracking

We do not use analytics or tracking by default. If analytics are enabled in the future (e.g., Google Analytics or a privacy-respecting alternative), we will:

  • Only enable tracking with your explicit consent (cookie banner).
  • Never track the content of your maps or diagrams.
  • Only collect aggregate usage data (page views, feature usage).
  • Never sell or share analytics data with third parties.

5. Payment Processing

Payments for the Pro plan are processed by our designated payment processor (Merchant of Record). We never see, store, or have access to your full credit card number. Our payment processor handles all payment data in accordance with PCI DSS Level 1 standards and is responsible for payment processing, sales tax, and invoicing. We receive only a confirmation of your subscription status and a customer identifier.

6. Cookies

MAPb2 uses only essential cookies and localStorage for core functionality: your dark mode preference, authentication session tokens (if signed in), and application settings. We do not use advertising cookies or third-party tracking cookies.

7. Third-Party Services

MAPb2 integrates with a limited number of third-party services:

  • Cloud database and authentication provider: Stores account and subscription data. Hosted on AWS infrastructure.
  • Website hosting and CDN: Processes HTTP requests and may log IP addresses for security purposes.
  • Payment processor (Merchant of Record): Handles billing, invoicing, and sales tax. No user content is shared with the payment processor.
  • Transactional email service: Delivers account confirmations, subscription receipts, and other transactional emails.
  • Third-party font delivery network: Font files may be loaded from a third-party CDN. The CDN provider's privacy policy applies to these requests.
  • Google (OAuth): Authentication provider. We receive only your email and display name.
  • Facebook/Meta (OAuth): Authentication provider. We receive only your email and display name.
  • Twitter/X (OAuth): Authentication provider. We receive only your email and display name.
  • GitHub (OAuth): Authentication provider. We receive only your email and display name.
  • LinkedIn (OAuth): Authentication provider. We receive only your email and display name.

8. Data Retention

Since your creative data is stored locally in your browser, you have full control over retention. You can delete your data at any time by clearing your browser's site data for mapb2.io. For server-side data, we apply the following retention periods:

  • Authentication data: Retained for the duration of your account plus 30 days after account deletion.
  • Feedback submissions: Retained for 12 months, then automatically deleted.
  • Payment records: Retained as required by applicable tax law (typically 7 years). Payment records are held by our payment processor.
  • Inactive accounts: Free accounts with no sign-in activity for 6 months are automatically deleted. You will receive email reminders 1 month and 1 week before deletion. Paid accounts are not subject to automatic deletion.

9. Lawful Basis for Processing (GDPR)

Under Art. 6(1) of the General Data Protection Regulation (GDPR), we process personal data on the following legal bases:

  • Authentication data (email, display name, session tokens): Contractual necessity - required to provide the service you have signed up for.
  • Payment processing (subscription status, customer identifier): Contractual necessity - required to fulfill the paid subscription you have purchased.
  • Feedback submissions (bug reports, feature requests): Legitimate interest - to improve the quality and reliability of MAPb2.
  • Essential cookies (session tokens, dark mode preference): Legitimate interest - strictly necessary for the application to function correctly.

10. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18): You may request that we limit how we process your data in certain circumstances.
  • Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interest at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us via our . We will respond to your request within 30 days.

11. International Data Transfers

MAPb2 is operated by bee2.io LLC, based in the United States. If you are accessing MAPb2 from the EEA, UK, or other regions with data protection laws, please be aware that your personal data may be transferred to and processed in the United States through the following service providers:

  • Cloud infrastructure providers - database and authentication hosted on US-based cloud infrastructure.
  • Payment processor - UK-headquartered with global operations.
  • Email delivery provider - US-based transactional email service.

We ensure appropriate safeguards are in place for these transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission with each of our data processors.

12. Children's Privacy

MAPb2 does not knowingly collect personal information from children under 13. The free tools can be used without providing any personal information. If you believe a child has provided personal information through account registration, please contact us and we will promptly delete the account.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated through a notice on the MAPb2 website. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact

If you have questions about this privacy policy or how MAPb2 handles your data, please use the in the bottom-right corner of this page.

For data protection requests, data subject access requests (DSARs), or to exercise your GDPR rights, please contact us via our .

← Back to MAPb2 Tools

Other mind mapping tools upload your data to the cloud. We don't. Everything happens right on your computer. Your brainstorms, project plans, and strategic documents never leave your device. Nothing to leak. Nothing to hack.

PrivateSecure