What is mind mapping?

Mind mapping is a visual note-taking technique where a central idea sits at the centre of the page and related concepts radiate outward as labelled branches, mirroring how the brain naturally associates information.

How do I create a mind map from a PDF?

Drop the PDF onto Marvex Studio's canvas, choose your AI provider (Claude, GPT, or Gemini), and the AI extracts every concept and relationship as a draggable, editable mind map in about 60 seconds.

Is Marvex Studio good for students?

Yes — and it's free for educational use during the founders' round. Most early users are PhD candidates, medical students, and law-school readers who use it to compress dense reading lists.

Are my mind maps private?

Yes. By default every map lives in your browser's local storage — no account, no upload, no tracking. You can opt in to back up to Google Drive, Dropbox, or Zotero with a single click.

Does Marvex Studio work offline?

Yes — the core editing experience is local-first. AI features need a network call to your chosen provider. The desktop app caches everything for full offline reading and editing.

Effective: 1 February 2026

Privacy Policy

We collect as little as we can, never sell your information, and try to make our choices honest enough that this page reads like English instead of legalese.

1. The short version

marvex.app is a local-first research tool. Your mind maps, your highlights, and your AI keys live on your device — not on our servers. We can't read them, sell them, or hand them to anyone. We can't even back them up for you (that's on you).

What we do collect: your email if you sign in, your subscription status, and anonymous product analytics so we know which features matter. That's it.

2. What we collect (the long version)

Account data: when you sign in with Google we receive your email, name, and profile picture URL. Stored on our servers in MongoDB so we can identify you across sessions.
Subscription data: your plan (Free / Monthly / Annual / Lifetime / Founder), trial dates, and a Stripe customer ID. We never see your card details — Stripe handles that.
Waitlist email: if you joined the pre-launch waitlist, we store your email plus the UTM source you arrived from.
Product analytics: page views and a small set of named events (e.g. waitlist_joined, checkout_started) via PostHog on the EU cloud. You can decline this with the cookie banner — the app works either way. We never send your map content, PDF text, or AI keys to PostHog.
Server logs: standard request logs (timestamp, route, status code) retained for 30 days for debugging and abuse prevention.

3. What we do NOT collect

The contents of your mind maps, PDFs, or highlights.
Your AI provider API keys — they live in your browser's localStorage and are sent directly from your browser to the provider.
Browsing history outside our app.
Cross-site tracking. We don't use Google Analytics, Facebook Pixel, or any ad-tech.

4. AI providers

When you use AI features, your text or PDF excerpt is sent directly from your browser to the provider you've configured (OpenAI, Anthropic, Google, or LLMGateway). Their privacy policy applies for that round trip. We don't proxy, log, or persist these requests.

5. Cookies & local storage

Auth cookie: a session cookie (HttpOnly, Secure) so you stay signed in. Deleted on logout.
localStorage: your maps, settings, AI key (if entered), affiliate config, cookie-consent choice. All on your device.
PostHog cookie: anonymous device ID for funnel analytics. Disabled if you decline the cookie banner.

6. Sharing

We share data with Stripe (payments), Google (sign-in), PostHog EU (analytics), and MongoDB Atlas (our database). That's it. We never sell your information, and we don't share with advertisers.

7. Your rights

Email press@marvex.app to access, export, or delete your data. We'll respond within 30 days. EU/UK users have GDPR rights; California users have CCPA rights — both are honoured.

8. UK ICO registration & how to complain

Marvex Studio is the trading name for our UK-based business and we are registered with the UK Information Commissioner's Office (ICO) as a data controller under the Data Protection (Charges and Information) Regulations 2018.

ICO registration: Application pending (ref C1928205). Our registration is currently being processed by the ICO and the number will appear here once issued (typically 3–10 working days from application). Until then, you retain every right described below — registration is a regulatory formality, not a precondition for your rights.
Right to complain: if you believe we've mishandled your personal data you can complain directly to the ICO at ico.org.uk/concerns (or call them on 0303 123 1113). We'd obviously rather you mailed us at ceo@marvex.app first so we can try to put it right — but the ICO route exists either way.

9. Subprocessors

To run the Service we share specific, minimal data with the third parties listed below. Each one is contractually bound to GDPR-equivalent terms (under the EU SCCs / UK IDTA where data crosses borders) and we only ever send them the data they need to do their job.

Subprocessor	What they do	Data	Hosted in
Stripe	Payment processing for paid plans and the Law Pack add-on	Email, billing address, card token (we never see the card)	Ireland (EU) / United States
Google	Sign-in via OAuth (only when the user clicks 'Sign in with Google')	Name, email, profile picture URL	United States (with EU data centre routing)
Resend	Transactional email delivery (welcome, press codes, bug-report receipts)	Email address, message content	United States
PostHog	Privacy-friendly product analytics (page views, feature usage events). User-disablable via cookie banner.	Anonymous usage events, IP address (truncated), referrer	European Union (eu.posthog.com)
Sentry	Error monitoring and crash reporting	Stack traces, browser type, route, anonymised user id	Germany / EU (ingest.de.sentry.io)
MongoDB Atlas	Encrypted database hosting for account, subscription, and waitlist data	All structured account data — encrypted at rest	European Union
Cloudflare	DNS, CDN, DDoS protection, and inbound email routing for press@/tech@/support@/ceo@marvex.app	IP address, request metadata, email forwarding metadata	United States (with EU edge presence)

BYOK AI providers (OpenAI / Anthropic / Google AI) are deliberately not in this list because Marvex is not the processor when you use AI features. Your browser sends the request directly to the provider using your own API key — our servers never see the request, the response, or your key. You have a direct contractual relationship with the AI provider, not via us.

We'll update this list and email subscribed users at least 30 days before adding any new subprocessor that handles personal data.

10. Changes

We'll update this page with a new effective date if anything material changes, and email subscribed users when it does.