Privacy Notice

Who we are & how to reach us

MAPTHOS is the data controller for the personal data described below.

Contact the privacy team at privacy@mapthos.org.

Personal data we collect

Why we process personal data

• Provide core services such as account creation, authentication, billing, and contract execution.
• Maintain security, monitor uptime, investigate abuse, and meet legal obligations.
• Improve our products through aggregated analytics, A/B testing, and UX research.
• Send service announcements, onboarding tips, and marketing updates (with consent where required).
• Comply with EU/EEA, UK, and US regulatory reporting and audit requirements.

Legal bases under GDPR

• Contract necessity – creating and managing customer workspaces, processing payments, and providing support.
• Legitimate interest – securing infrastructure, preventing fraud, and improving MAPTHOS products.
• Consent – sending marketing communications and setting optional cookies or similar technologies.
• Legal obligation – accounting, tax filings, and responding to lawful requests from public authorities.

Cookies & similar technologies

We use essential cookies that are required to operate the site, plus optional analytics cookies that help us understand engagement and improve performance. You can manage these preferences in the cookie banner displayed on every MAPTHOS page or by emailing us at any time. Clearing your browser cookies will remove your saved preferences.

• Essential: authentication tokens, load balancer routing, fraud prevention. These are always active.
• Analytics: page view telemetry (for example, Plausible) collected only after consent.
• Marketing: disabled by default; we do not run third-party advertising trackers.

How we share data

We share personal data only with vetted subprocessors that help us deliver the MAPTHOS platform (for example, cloud hosting, email delivery, analytics, and incident response). All subprocessors sign data processing agreements and are located in the EU, UK, Switzerland, or United States under Standard Contractual Clauses.

We may disclose data if required to comply with a valid legal request or to protect MAPTHOS, our users, or the public from harm.

Retention

We keep personal data for as long as necessary to provide services, comply with legal obligations, and resolve disputes. Marketing opt-in records are stored until you unsubscribe. Support tickets are retained for up to five years. Aggregated, anonymized analytics data may be retained indefinitely.

Your privacy rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data, restrict processing, or object to certain uses. You can exercise these rights by contacting us at privacy@mapthos.org. If you believe we have not addressed your concerns, you can contact the Estonian Data Protection Inspectorate or your local supervisory authority.

International transfers

When we transfer personal data outside of the EU/EEA, UK, or Switzerland, we rely on adequacy decisions, Standard Contractual Clauses, or other legally recognized safeguards. We conduct transfer impact assessments to ensure that the recipient provides a level of protection essentially equivalent to GDPR requirements.

Updates to this notice

We will post any material changes to this Privacy Notice here and update the “Last updated” date at the top of the page. For significant changes, we will provide additional notice through email or in-product alerts.