Privacy policy

Last updated: April 2026

The short version

We don't sell your data. We don't use your data for advertising. We don't share your data with third parties except as needed to run the service (hosting, payment processing). Your diagrams are yours.

What we collect

• Account information — your email address and, if you sign in with Google, your Google account identifier. We use this to authenticate you and deliver the service.
• Diagrams — the Mermaid source code and titles you create. These are stored on our servers when you're signed in so they can sync across your devices.
• Payment information — handled entirely by Stripe. We never see or store your card number. We receive your Stripe customer ID and subscription status so we know which plan you're on.

What we don't collect

• We don't use analytics or tracking scripts.
• We don't set advertising cookies.
• We don't fingerprint your browser.
• We don't collect usage telemetry.

How we protect your data

• Passwords are hashed before storage and never stored in plaintext.
• Session and API tokens are stored as hashes, not raw values.
• All traffic is encrypted via HTTPS.
• Database backups are automated and retained for 7 days.

When you're not signed in

If you use MMD Studio without signing in, your diagrams live entirely in your browser's local storage. Nothing is sent to our servers. We have no access to your data in this mode.

Data deletion

You can delete any diagram from the app at any time. If you want your entire account and all associated data removed, email support@mmd.studio and we'll process the request within 48 hours.

Changes

If we make material changes to this policy, we'll notify you via the email on your account. The current version is always available at this URL.

Contact

Questions about your data? Email support@mmd.studio.