Privacy policy for mermaidcreator.com

Name

Marcel Heinz

Address

Magdalenenstraße 6, 04129 Leipzig, Germany

Email

mrcl@mrclhnz.com

Privacy requests

mrcl@mrclhnz.com

mermaidcreator.com is an editor for creating Mermaid diagrams with optional AI features. When you use it, we process in particular the following data:

• Account data when you register and sign in (email address, password in encrypted form, plan status)
• Content you create and save in the editor (diagrams, titles, diagram code)
• Input to the AI features (prompts and diagram content), which is transmitted to our AI service provider to generate the result
• Payment and billing data when you purchase a paid subscription (processed by Stripe; we do not store full payment details)
• Technical connection data and necessary server logs

Content in the playground without an account remains local in your browser and is not stored on our servers, unless you actively save it or submit it to the AI features.

• Providing the editor, your account, and your saved diagrams
• Performing AI-assisted diagram generation
• Handling paid subscriptions and billing
• Technical provision, stability, and security of the application
• Handling contact requests and communicating with users

• Art. 6(1)(b) GDPR, insofar as processing is necessary to perform the user agreement (account, saved diagrams, AI features, subscription) or to take pre-contractual steps
• Art. 6(1)(f) GDPR for the secure and efficient operation of the website and its technical provision
• Art. 6(1)(a) GDPR, insofar as you have given consent (e.g. optional analytics)
• Art. 6(1)(c) GDPR, insofar as legal obligations must be fulfilled (in particular commercial and tax retention duties)

• Vercel for hosting and technical delivery, and — only with your consent — Vercel Web Analytics
• Supabase for authentication and database (accounts, saved diagrams)
• Anthropic for AI-assisted diagram generation
• Stripe for payment processing and subscription management

These service providers process data only to the extent necessary to provide and perform the respective functions.

We do not use marketing cookies.

Technically necessary cookies and comparable storage are used where required for operation, security, login, dashboard features, or sessions you explicitly request (e.g. the session cookie after signing in). No consent is required for these.

Optional analytics via Vercel Web Analytics are only loaded after you consent. You can change or withdraw your consent at any time via the cookie settings in the footer.

With the same consent, we also record a small set of first-party product events (e.g. which template page was opened or which export format was used) together with a random identifier stored in your browser. These events are stored in our own database (Supabase), are not shared with third parties, and are used solely to understand and improve how the product is used. Without consent, only events tied to actions of your account (e.g. creating a diagram) are recorded as part of providing the service.

Account data and saved diagrams are stored for as long as your account exists and are removed when the account is deleted.

Input to the AI features is used solely to produce the requested generation and not for other purposes.

Technical log data may be processed for a short period where necessary to ensure security, error analysis, and operation. Where statutory retention obligations exist (for example for invoice data), storage is limited to the extent required.

When Vercel, Supabase, Anthropic, and Stripe are used, processing in the USA cannot be ruled out. Such transfers only take place on the basis of suitable safeguards, in particular standard contractual clauses and supplementary protective measures where required.

• Right of access to the personal data processed about you
• Right to rectification of inaccurate or incomplete data
• Right to erasure pursuant to Art. 17 GDPR
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent you have given, with effect for the future
• Right not to be subject to a decision based solely on automated processing, where the legal requirements are met

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

For access, erasure, or any other privacy request, you can write to us directly at any time: mrcl@mrclhnz.com.