TheMap

Privacy Policy

Last updated: September 10, 2025

This Privacy Policy explains how TheMap (“we,” “our,” or “us”) collects, uses, and shares your information when you use our websites, apps, and services (the “Services”). By using the Services, you agree to this Policy.

This template is provided for convenience only and does not constitute legal advice. Please consult counsel for your situation.

Information We Collect

  • Account Information: Email address and any profile details you choose to provide.
  • Content You Add: Maps, layers, features, photos, titles, descriptions, and related metadata you upload or create.
  • Device & Usage Data: Log data (pages viewed, timestamps), device type, browser, IP address, and interactions with the Services (used for security, debugging, and improving UX).
  • Location Data (Optional): If you grant permission in our mobile app or browser, we may collect precise or approximate location to place photos/points on maps or personalize features. You can disable this in your device settings.
  • Cookies & Similar Technologies: Used to keep you signed in, remember preferences, and measure performance. See “Your Choices” below to manage cookies.

How We Use Information

  • Operate, maintain, and improve the Services.
  • Authenticate users (e.g., email OTP / magic links) and prevent fraud/abuse.
  • Store and display your content (maps, layers, features, photos) per your settings.
  • Communicate with you about updates, security alerts, and support.
  • Comply with legal obligations and enforce our terms.

Legal Bases (EEA/UK Only)

Where applicable, we process personal data based on: (a) performance of a contract (providing the Services), (b) our legitimate interests (e.g., security, improvement), (c) your consent (e.g., precise location, certain cookies), or (d) compliance with legal obligations.

How We Share Information

  • Service Providers: We use trusted vendors to host, store, and process data (e.g., authentication, databases, media storage, maps/tiles, email). They process data on our behalf under appropriate safeguards.
  • Public or Shared Content: If you make a map or layer public or share a link, its content and metadata may be viewable by others.
  • Legal & Safety: We may disclose information to comply with law, respond to lawful requests, or protect rights, safety, and security.
  • Business Transfers: In a merger, acquisition, or asset sale, information may be transferred as part of that transaction.

Third-Party Providers We Commonly Use

(Customize this list to match your stack.)

  • Authentication & Database (e.g., Supabase)
  • Media Storage/Delivery (e.g., Cloudinary, Azure Blob Storage)
  • Maps & Tiles (e.g., MapTiler, MapLibre ecosystem)
  • Email/Notifications (e.g., transactional email provider)
  • Analytics/Crash Logs (if enabled)

Data Retention

We keep personal data only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion as described below.

Security

We use reasonable administrative, technical, and physical safeguards to protect personal data. No system is 100% secure; please use strong, unique credentials and keep them confidential.

Your Choices & Rights

  • Access, Update, Delete: You can request access, correction, or deletion of your personal data. We may ask to verify your identity.
  • Cookies: Most browsers let you block or delete cookies. Some features may not work without them.
  • Marketing: If we send marketing email, you can opt out via the link in the message.
  • Location: You can disable precise location in your device or browser settings.
  • EEA/UK Users: You may have additional rights, such as data portability or objection to certain processing.
  • California Residents: You may have rights to know, delete, correct, and limit use of sensitive information. We do not sell personal information as defined by California law.

Children’s Privacy

Our Services are not directed to children under 13 (or the age required by local law). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.

International Transfers

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards (e.g., contractual clauses) for cross-border transfers.

“Do Not Track”

Your browser may offer a “Do Not Track” signal. Because there is no common standard, we do not currently respond to DNT signals.

Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the new Policy with an updated “Last updated” date and, where appropriate, additional notice.

Contact Us

Questions or requests? Email us at privacy@themap.io.

If you are in the EEA/UK and believe your rights were violated, you may lodge a complaint with your local data protection authority.