Security Statement

Content Security

We respect your privacy and take significant efforts to protect all of your data. We go to considerable lengths to ensure that all data sent to is handled securely - keeping secure is fundamental to our business.
As you continue to learn more about we recommend you also review our Terms of Service and Privacy Policy.
The following is what we're doing to keep your data and our infrastructure safe.

System Architecture

Data encryption
All traffic on runs over SSL/TLS/HTTPS, the most common and trusted communications protocol on the internet.
Physical security
Our information systems infrastructure is hosted on Amazon Web Services (AWS). AWS data centers are housed in nondescript facilities and employ  strict safety measures to ensure data security.
Network protection
To provide rigorous access controls, we have both network layer (IP) and transport layer (TCP) firewalls that segregate network traffic between application tiers.
Our network is built using Amazon's secure Virtual Private Cloud (VPC) technology, adding an extra layer of protection against intrusion.
Secure data centers
We have partnered with Amazon Web Services (AWS) to provide our web and data services because of their stringent security measures, which include compliance with the following certifications:
  • SAS70 Type II audits
  • Payment Card Industry (PCI) Data Security Standard (DSS)
  • ISO 27001 certification
Disaster recovery and backups
Application database backups for occur on daily basis and retained for seven day period.

Content Security

Permission controls
By default, all of your mind maps and files are private unless you choose to share them.
For purposes of providing technical support, an administrator of your account may choose to grant the Support permission to access an account in order to resolve a specified issue.
Password authentication supports sign-on with a unique username and password or single sign-on with Google/Facebook.
Only hashes of passwords are stored by our servers—never the passwords themselves.
Individual user identity is authenticated and re-verified with each transaction, using a unique token created at login.
Data ownership
Whether it’s corporate intellectual property, personal information, or a homework assignment, does not own that data. We do not use your data for advertising. The data that you entrust to us remains yours.
Billing information
Stripe ( powers the payment processing for thousands of businesses. We have partnered with Stripe to provide our payment processing because of their  stringent security measures.
Your billing information is not stored on our servers. All billing information is encrypted and passed directly to Stripe using a secure HTTPS connection.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.

Still need help? Contact Us Contact Us