Privacy Policy

Last Updated: April 5, 2025

Introduction & Overview

Welcome to IdeaMap. We are committed to protecting your privacy and handling your data with transparency and respect. This policy outlines the types of data we collect, how it is used and protected, and your rights regarding your personal information, in compliance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws.

Data Collection & Processing

We collect certain information when you use our service to ensure its functionality, security, and continuous improvement. The types of data collected and the purposes for processing are detailed below:

• User Inputs: Text prompts, queries, and, if the voice feature is used, audio data submitted to the service may be processed and logged. The primary purpose of this processing is to provide the AI response, improve service quality (e.g., AI model training, debugging), and for content moderation purposes as detailed below. The legal basis for this processing is our legitimate interest in providing and improving the service and ensuring compliance with our terms.
• IP Addresses: Your IP address is automatically logged when you interact with the service. This information is retained solely for security purposes, such as detecting and preventing malicious activity or abuse, and ensuring the stability of our infrastructure. The legal basis for processing IP addresses is our legitimate interest in maintaining service security and integrity. IP logs are typically retained for a limited period (e.g., 90 days) unless required for an ongoing security investigation.
• Local Storage & Cookies: We may utilize your browser's local storage or cookies to store session information or user preferences (e.g., theme settings, acknowledged warnings). This data remains on your device and is used solely to enhance your user experience and maintain session state. We do not use tracking cookies for advertising purposes. The legal basis for using essential local storage/cookies is our legitimate interest in providing a functional user experience.

Content Moderation

To maintain a safe and respectful environment, all user inputs (text and potentially transcribed audio) are subject to content moderation.

• Inputs are automatically filtered using OpenAI's Moderation API, a third-party service, to detect potentially harmful or inappropriate content according to predefined categories (e.g., hate speech, harassment, self-harm).
• If content is flagged by the moderation API, the flagged input, the associated IP address, and the specific moderation categories triggered will be logged for review, auditing, and potential action.
• In certain cases, a warning message may be displayed to the user regarding potentially problematic input. User acknowledgement of such warnings is also logged.
• The legal basis for moderation processing is our legitimate interest in preventing abuse, ensuring compliance with acceptable use policies, and protecting our users and service.

Data Retention & Security

We retain data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law.

• Logged user inputs and associated moderation data may be stored for auditing, service improvement, and enforcing moderation policies. We strive to anonymize or pseudonymize this data where feasible for long-term analysis.
• IP addresses collected for security purposes are retained for a limited duration (typically up to 90 days) unless a longer period is necessary for security incident investigation or legal requirements.
• We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include data encryption where appropriate, access controls, and regular security reviews.
• No personally identifiable information (beyond IP address for security/moderation logs) is stored unless you explicitly provide it, for example, when contacting support.

Third-Party Services & Data Transfers

• We utilize OpenAI's Moderation API for content filtering. Your inputs may be shared with OpenAI for this purpose. OpenAI processes this data according to their own privacy policies.
• Data processed by third parties like OpenAI may involve international data transfers. We ensure such transfers comply with GDPR requirements, typically through mechanisms like Standard Contractual Clauses (SCCs) or Adequacy Decisions, providing appropriate safeguards for your data.

Your Data Protection Rights (GDPR)

Under the GDPR, you have several rights concerning your personal data. We are committed to upholding these rights. You have the right to:

• Access: Request access to the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure ('Right to be Forgotten'): Request the deletion of your personal data, subject to certain legal limitations (e.g., data required for legal obligations or security logs).
• Restrict Processing: Request the restriction of processing your personal data under specific circumstances.
• Data Portability: Request a copy of your data in a machine-readable format (where applicable).
• Object: Object to the processing of your personal data based on legitimate interests, under specific circumstances.
• Lodge a Complaint: You have the right to lodge a complaint with the relevant supervisory authority (in the UK, this is the Information Commissioner's Office - ICO) if you believe our processing infringes data protection laws.

To exercise any of these rights, please contact us using the details provided below.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify users of significant changes where feasible. We encourage you to review this policy periodically. The "Last Updated" date at the top indicates the latest revision.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have any concerns regarding your data, please contact us at:

admin@ideamap.co.uk

Please allow a reasonable timeframe for us to respond to your enquiries and requests.