Xmind
Legal
Explore simple, transparent terms that help you understand how Xmind operates and how we protect your rights.
Data Processing Agreement
Last Updated: Dec, 2025
Effective Date: Dec, 2025
This Data Processing Agreement ("Agreement") is entered into by and between Xmind and the user of Xmind's services ("User") and supplements the Terms of Service, Privacy Policy, and Cookies Policy provided by Xmind. This Agreement governs the processing of Personal Data by Xmind on behalf of the User and is effective as of the date the User accepts the Terms of Service.
1. Definitions
• "Personal Data" refers to any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data, such as collection, storage, use, disclosure, and deletion.
• "Controller" means the entity that determines the purposes and means of Processing Personal Data.
• "Processor" means the entity that Processes Personal Data on behalf of the Controller.
2. Roles and Responsibilities
• The User acts as the Controller of their Personal Data.
• Xmind acts as the Processor of such Personal Data.
3. Subject Matter, Nature, and Purpose of Processing
• Subject Matter: Personal Data processed in connection with the provision of Xmind services.
• Duration: For the duration of the User’s use of Xmind services and as otherwise required by applicable law.
• Nature and Purpose: Provision and optimization of Xmind services, customer support, account management, and compliance with legal obligations.
• Categories of Data Subjects: Users of the services, their collaborators, and associated individuals.
• Types of Personal Data: Name, email address, usage data, payment information (via third parties), cookies data, and other data uploaded by users.
4. Sub-Processing
• Xmind uses third-party service providers to provide infrastructure and technical services, notably Amazon Web Services (AWS), under a DPA that ensures GDPR compliance.
• Xmind ensures that all sub-processors are bound by contractual obligations equivalent to those set forth in this Agreement.
5. Data Subject Rights and Assistance
• Xmind will assist the User in fulfilling data subject requests such as access, rectification, erasure, and data portability, as required by applicable data protection laws.
• Requests may be submitted to privacy@xmind.com.
6. Security Measures
• Xmind follows the requirement of ISO/IEC 27001, SOC 2 Type II and implements appropriate technical and organizational measures to ensure the security of Personal Data, including encryption, access controls, and data backup procedures.
• These measures are aligned with the standards provided under Xmind’s agreement with AWS and industry best practices.
7. International Data Transfers
• Xmind may transfer Personal Data to third countries in accordance with applicable data protection laws and Standard Contractual Clauses where necessary.
8. Data Retention and Deletion
• Personal Data is retained for the duration of the User’s account and deleted upon request or within 30 days of account termination.
• Backup data is deleted within standard retention cycles, typically within 90 days.
9. Cookies and User Consent
• Xmind uses cookies only after obtaining user consent, in accordance with its Cookies Policy.
• Users maintain control over cookie preferences and may manage or withdraw consent at any time.
10. Liability
• Xmind’s liability is subject to limitations as outlined in the Terms of Service.
11. Governing Law and Jurisdiction
• This Agreement is governed by the laws of the Republic of Singapore.
12. Term and Termination
• This Agreement remains in effect until the termination of the User’s use of Xmind services.
13. Miscellaneous
• In the event of conflict between this DPA and other agreements, the terms of this DPA shall prevail with respect to data protection obligations.
For any questions or requests regarding this DPA, please contact: privacy@xmind.com.
