NEWMindMap Digital has acquired Bluetide.co— deepening our data & agentic-AI stack.Read more →
Book a Call

Last updated: May 2026

Privacy Policy

This Privacy Policy explains how MindMap Digital Pvt. Ltd. ("MindMap Digital", "we", "us", or "our") collects, uses, stores, and discloses information about you when you use our website at mindmapdigital.ai, submit an enquiry, or engage with our services.

We are registered in India. We operate offices in India, the United Kingdom, and the UAE, and serve clients globally. Accordingly, this policy is designed to comply with the EU General Data Protection Regulation (GDPR), UK GDPR, and India's Digital Personal Data Protection Act 2023 (DPDP Act).

1. Who We Are

MindMap Digital Pvt. Ltd. is the data controller for personal data collected through this website. Our registered address is in Noida, Uttar Pradesh, India. For EU/UK data subjects, MindMap Digital also acts as a data processor when handling client data in the course of service delivery.

For privacy-related enquiries, contact: privacy@mindmapdigital.ai

2. Data We Collect

We collect the following categories of personal data:

  • Contact information: Name, email address, phone number, company name, and job title — when you submit an enquiry through our contact form, email us, or register for an event.
  • Usage data: IP address, browser type, pages visited, time spent, and referring URL — collected automatically when you visit our website.
  • Communications: Content of messages you send us via the contact form or email.
  • Cookie data: See the Cookies section below.

We do not collect sensitive personal data (health data, financial account details, biometric data) through this website unless you are an existing client engaging via a dedicated delivery channel.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Responding to enquiries: To reply to questions, schedule demos, and provide information about our services. Legal basis: legitimate interests / contract performance.
  • Service delivery: To onboard and manage client relationships. Legal basis: contract performance.
  • Improving our website: To understand how visitors use our site and improve user experience. Legal basis: legitimate interests.
  • Marketing communications: We may send you relevant articles, product updates, or event invitations — but only if you have opted in. Legal basis: consent. You can withdraw consent at any time.
  • Legal obligations: To comply with applicable laws, regulations, or court orders.

4. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We share data only as necessary with:

  • Resend (email delivery platform) — to send transactional emails and enquiry confirmations. Resend processes data in accordance with GDPR.
  • Vercel (hosting and serverless infrastructure) — our website is hosted on Vercel, which processes request data as part of serving the site.
  • Google Analytics / other analytics providers — anonymised usage data to understand site performance (where you have consented via cookie preferences).
  • Our delivery team and sub-processors — only where necessary for client engagement, under appropriate data processing agreements.
  • Legal authorities — where required by law, court order, or regulatory obligation.

Any third-party processor we engage is bound by a Data Processing Agreement (DPA) and is required to implement appropriate technical and organisational safeguards.

5. Data Retention

  • Contact and enquiry data: Retained for up to 3 years from the date of last contact, or the end of a client relationship, whichever is later.
  • Server and request logs: Retained for 90 days for security and debugging purposes.
  • Marketing consent records: Retained until you withdraw consent, plus 12 months for audit purposes.

After retention periods expire, data is securely deleted or anonymised.

6. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

EU / UK (GDPR / UK GDPR)

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your data, subject to legal obligations.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

EU/UK residents also have the right to lodge a complaint with their national data protection supervisory authority (e.g., the ICO in the UK, or your local EU DPA).

India (DPDP Act 2023)

  • Right of access: Request a summary of personal data processed and processing activities.
  • Right to correction and erasure: Request correction of inaccurate data or erasure where purpose is fulfilled.
  • Right to withdraw consent: Withdraw consent for data processing at any time; withdrawal does not affect prior lawful processing.
  • Right to grievance redressal: Raise a grievance with us; we will respond within the statutory period.

To exercise any of these rights, email privacy@mindmapdigital.ai with your request. We will respond within 30 days (or as required by applicable law).

7. Cookies

Our website uses cookies and similar technologies. We use the following types:

  • Essential cookies: Required for the website to function. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). Only set with your consent.
  • Preference cookies: Remember your settings and choices on the site.

You can manage cookie preferences via your browser settings or our cookie consent banner. Withdrawing consent for non-essential cookies will not affect your ability to use the site.

8. International Transfers

As a global company, your data may be processed in India, the UK, or the EU. Where personal data of EU/UK residents is transferred outside the EEA/UK, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) or adequacy decisions.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. This includes TLS encryption for data in transit, access controls, and regular security reviews. However, no internet transmission is 100% secure; we encourage you not to share sensitive data via the contact form.

10. Children's Privacy

Our website and services are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. We will post the updated policy on this page with a revised "last updated" date. For material changes, we will notify affected individuals where we have contact details.

12. Contact

For any privacy-related questions, requests, or complaints:

We aim to respond to all requests within 30 days.

Related policies:

Talk to the product team