Privacy Policy

Last updated: March 20, 2026

1. Introduction

At Mapfolio, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our spatial data platform. Please read this policy carefully. By using the Service, you consent to the practices described in this policy.

2. Data We Collect

We collect the following types of information:

  • Account information: Your name, email address, and hashed password when you register.
  • Map data: Layers, polygons, markers, labels, descriptions, and file attachments you create within the Service.
  • Payment information: Your Stripe customer ID for subscription management. We do not store credit card numbers — all payment processing is handled securely by Stripe.
  • Server logs: IP addresses, browser type, access times, and pages viewed for security and performance monitoring.
  • Organization data: Organization name, member lists, roles, and invitation records when you use team features.

3. How We Use Your Data

We use the information we collect to: provide, maintain, and improve the Service; process your subscription and payments; send you important account notifications; respond to your support requests; monitor and analyze usage patterns to improve user experience; and detect, prevent, and address technical issues or security threats.

We do not use your data for advertising, profiling, or any purpose beyond operating the Service.

4. Data Storage and Security

All data is stored on EU-hosted infrastructure. We employ industry-standard security measures including AES-256 encryption at rest, HTTPS/TLS encryption in transit, and regular security audits. Access to user data is restricted to authorized personnel on a need-to-know basis.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practical standards.

5. Third-Party Services

We use the following third-party services:

  • Stripe: For payment processing and subscription management. Stripe's privacy policy governs how they handle your payment data.
  • Google Maps Platform: For map rendering and location search. Google's privacy policy applies to the use of their mapping services.

We do not use any advertising networks, analytics trackers, or data brokers. Your data is never sold to third parties.

6. Cookies

We use only essential cookies required for the Service to function. These include session cookies for authentication and security. We do not use tracking cookies, advertising cookies, or any non-essential cookies. No consent banner is required as we only use strictly necessary cookies.

7. Your Rights under GDPR

As a user in the European Union, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of all personal data we hold about you.
  • Right to rectification: You can request correction of inaccurate or incomplete data.
  • Right to erasure: You can request deletion of your personal data, subject to legal obligations.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to certain types of processing of your personal data.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, all associated personal data, map data, and file attachments will be permanently removed from our systems within 30 days. Server logs are retained for a maximum of 90 days for security purposes.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending an email notification. We encourage you to review this policy periodically.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].