Mindmap by Dumbnote Try Mindmap

Privacy Policy

Last updated: 8 June 2026

Dumbnote is a mind-mapping and note-taking tool that runs in your browser. This policy explains what we collect, why, and the choices you have. The short version: your notes live on your device, and we only ever see anonymous, aggregated usage data — never your content.

The short version

  • Your mind maps, notes, images, and files are stored locally on your device (in your browser), not on our servers.
  • You can use Dumbnote fully without signing in.
  • We use privacy-respecting analytics that never see your note content.
  • Signing in with Google is optional and only enables saving to your own Google Drive.
  • We don't sell your data. Ever.

What stays on your device

Everything you create — maps, graphs, node text, images, attached files, and preferences — is stored locally in your browser (IndexedDB and localStorage). It never leaves your device unless you choose to sync to Google Drive or start a live-share session. Clearing your browser data deletes it, and we can't recover it for you, so keep backups of anything important.

Analytics we collect

We use Google Analytics and PostHog (hosted in the EU) to understand how the product is used.

  • What we collect: anonymous, bucketed usage events — e.g. that a map was created in the "11–50 nodes" range, which export format was used, or that a feature was opened — plus standard web analytics (page views, approximate region, device/browser type).
  • What we never collect: the text of your notes, your node content, your images, or your files. Events carry only bucketed counts and feature flags.
  • Session replay: PostHog session recording is on to help us spot usability issues, but all text and inputs are masked and the note editor is fully blocked — replays show grey placeholders, never your actual content.
  • Analytics run only on the live site, never in local development.

Signing in with Google (optional)

If you choose to sign in, we use Google Sign-In so you can save and sync maps to your own Google Drive.

  • Scopes we request: drive.file (access only to files you create with Dumbnote — not your whole Drive) and basic profile (name and email).
  • We store your name and email so we can recognise returning signed-in users and respond to support requests.
  • Token security: sign-in goes through our token broker — a small server that holds your Google refresh token in an encrypted, http-only cookie so it never sits in your browser. The broker stores nothing about your notes.
  • You can revoke Dumbnote's access anytime in your Google Account settings.

Saving to Google Drive (optional)

When you save to Drive, your map and any embedded images are uploaded as files in your own Google Drive, under your control and governed by Google's privacy policy. We never store your maps on our servers.

Live collaboration (optional)

Live-share connects participants directly, peer-to-peer (WebRTC). Map content is exchanged between collaborators' browsers — it is not routed through or stored on our servers.

Cookies & local storage

  • No third-party advertising or cross-site tracking cookies.
  • A secure, http-only session cookie only if you sign in (to keep you signed in), and browser localStorage for preferences and sign-in state.
  • Our analytics providers set their own identifiers to count unique visitors.

Third parties

Google (Analytics, Sign-In, Drive) and PostHog (EU-hosted product analytics). That's it — no ad networks, no data brokers. Google's and PostHog's own privacy policies apply to data they process.

Your rights (GDPR)

We apply GDPR data-protection standards to everyone, wherever you are — not just EU users. Most of your data never leaves your device, so deleting it is as simple as clearing site data or deleting a map. For analytics data and any sign-in info, you can request access, correction, deletion, or object to processing at any time — email knotz22@gmail.com. We process analytics under legitimate interest (improving the product); you can opt out by blocking analytics or contacting us. Analytics data is stored in the EU (PostHog).

Children

Dumbnote isn't directed at children under 16, and we don't knowingly collect their data.

Changes

We'll update this page and the "last updated" date when things change.

Contact

Questions? knotz22@gmail.com