Privacy Policy
Last updated: July 31, 2025
Thank you for choosing Mdit. Your privacy is important to us. This Privacy Policy explains how Mdit (“we”, “our”, or “us”) collects, uses, discloses, and protects your information when you use the Mdit desktop and web applications, websites, APIs, and related services (collectively, the “Service”).
1. Scope
This Privacy Policy applies to all users of the Service anywhere in the world. If you do not agree with this Policy, please do not use the Service.
2. Information We Collect
We collect the following categories of information:
2.1 Information You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, authentication tokens (no passwords stored), profile photo | Create and secure your account |
| Chat Messages | Prompts you type and AI replies | Provide chat history, improve continuity |
| Customer Support | Feedback, bug reports, attachments | Respond to inquiries and improve the Service |
2.2 Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Usage Data | Feature usage, timestamps, in‑app events | Analytics, performance, product improvement |
| Device Information | OS version, app version, device ID, language | Diagnostics, security, compatibility |
| Log Data | IP address, browser type, crash reports | Security, fraud prevention |
2.3 Content Caching for AI Processing
| Category | Maximum Retention | Notes |
|---|---|---|
| Documents & Files | Up to 48 hours | Temporarily cached on our servers solely to generate AI responses. Automatically and irreversibly deleted afterwards. |
| Chat Messages | Until deleted by user or account closure | Stored encrypted in the cloud to sync across devices. |
2.4 Information from Third Parties
- Authentication Providers (e.g., Google OAuth) supply basic profile info if you sign in with them.
- Payment Processors provide limited billing data (e.g., subscription status, last four digits of card) — we never see full card numbers.
3. How We Use Your Information
- Provide and maintain the Service and its AI features.
- Authenticate you and secure the Service.
- Process payments and manage subscriptions.
- Improve and personalize features, including AI model performance (using anonymized or aggregated data whenever possible).
- Communicate with you about updates, security alerts, and support.
- Comply with legal obligations and prevent fraud.
4. Legal Bases for Processing (EEA/UK Users)
We process your information under the following legal bases:
- Performance of a contract (providing the Service)
- Legitimate interests (security, product improvement)
- Consent (marketing emails, non‑essential cookies)
- Compliance with legal obligations
5. Sharing & Disclosure
We do not sell your personal data. We may share your information only:
- Service Providers. Cloud hosting, LLM API partners (e.g., OpenAI, Anthropic, Google), analytics, payment processors — all under confidentiality agreements.
- Legal Requirements. To comply with subpoenas, court orders, or other legal processes.
- Business Transfers. In connection with a merger, acquisition, or asset sale (with notice to you).
- With Your Consent. When you authorize third‑party integrations.
6. Data Storage & Retention
| Data Type | Storage Location | Retention |
|---|---|---|
| Local Documents & Workspaces | Your device | Stored locally; may be temporarily uploaded (≤48 h) for LLM caching |
| Document/File Cache | Encrypted cloud storage | Deleted within 48 hours |
| Chat Messages | Encrypted cloud storage | Until you delete them or close account |
| Account & Billing | Encrypted cloud storage | Until account deletion (may retain limited records for legal purposes) |
7. Security
We employ industry‑standard safeguards, including:
- TLS encryption in transit
- AES‑256 encryption at rest for cloud data
- Access controls and regular security audits
No security system is perfect; we cannot guarantee absolute security.
8. International Transfers
We may transfer your data to countries outside your jurisdiction where we or our service providers operate. We use standard contractual clauses and other mechanisms to protect your data in accordance with applicable law.
9. Your Rights & Choices
Depending on your location, you may have rights to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (“right to be forgotten”)
- Port your data to another service
- Object to or restrict processing
- Withdraw consent (for optional processing)
You can exercise these rights via in‑app settings or by emailing us at [email protected].
10. Children’s Privacy
The Service is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
11. Cookies & Tracking Technologies
Our website may use:
- Essential cookies for login and security
- Analytics cookies (e.g., first‑party telemetry, privacy‑focused analytics) to understand usage — disabled if you enable “Do Not Track.” We do not use third‑party advertising cookies.
12. Changes to This Policy
We may update this Policy periodically. If we make material changes, we will notify you by email or in‑app notice at least 30 days before the new Policy takes effect. Your continued use of the Service after the effective date constitutes acceptance.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: [email protected]