Privacy Notice

1. Controller

The controller for data processing on mdedit.io is:

Matthias Hertel
Operator of mdedit.io
Dresden, Germany
Email: matthias.hertel@gmail.com

2. Browser storage and technically required cookies

mdedit.io uses technically required browser storage so the editor can function and keep your work state available. This includes a session cookie for session assignment, localStorage for settings, local workspace mappings, and AI chat sessions, plus sessionStorage for certain integrations.

These operations are carried out to provide the functionality you request and to keep the application stable and usable. The legal basis is Art. 6(1)(b) GDPR for requested functionality and Art. 6(1)(f) GDPR for technically necessary operating and security purposes.

3. Server-side document storage

When you use mdedit.io, information is processed and stored on our server. This includes session-related identifiers, document titles, Markdown content, uploads such as images, timestamps, and sharing or collaboration information when you use those features.

Purpose

This storage is required to create, reopen, keep stable across tabs or devices, share, collaboratively edit, preview, and export documents.

Sharing

Documents are session-bound by default. If you explicitly enable sharing, the document can be accessed by other people through its link. Do not share confidential content through public or semi-public share links.

Retention

Inactive sessions and linked content are regularly removed by technical cleanup processes. You can also delete documents yourself and clear local browser data from the settings area.

The legal basis is Art. 6(1)(b) GDPR for the editor, sharing, collaboration, preview, and export functions you actively request, plus Art. 6(1)(f) GDPR for secure and resource-conscious operation of the service.

4. AI assistant and external AI providers

If you actively use the AI assistant, the data required to handle your request is sent to our server and then forwarded to the AI provider you selected.

This can include

• your prompt or instruction
• the current document content
• the chat history in the AI panel
• the selected provider and model
• your own API key if you choose not to use a server default

Possible recipients

Depending on your settings and the currently active configuration, recipients may include Groq, Google Gemini, OpenAI, and Anthropic.

Legal basis

This processing happens because you explicitly request the AI assistant feature. The legal basis is Art. 6(1)(b) GDPR. Additional processing by the selected AI provider is governed by that provider's own privacy and service terms.

International transfers

Depending on the provider, processing may take place outside the EU or EEA. When you use the AI assistant, the transfer takes place because you intentionally trigger that exact feature.

5. External bibliography and reference services

If you use DOI lookup, OpenAlex, or Zotero features, search terms or credentials required for the request are forwarded through our server to the selected external service. This happens only when you actively trigger the relevant lookup function.

The legal basis is Art. 6(1)(b) GDPR.

6. Internal product and traffic signals

We may process session-related events such as page visits, CTA clicks, referrer information, and UTM parameters for our own product analysis, reach evaluation, and service improvement where this is necessary for operating and developing mdedit.io.

The legal basis is Art. 6(1)(f) GDPR.

7. Your rights

Subject to the legal requirements, you have the right of access, rectification, erasure, restriction of processing, data portability, and objection to processing based on Art. 6(1)(f) GDPR. You also have the right to lodge a complaint with a data protection supervisory authority.

For privacy-related requests, contact matthias.hertel@gmail.com.