Personal data in MapTiler Cloud
This article describes what minimal data is collected, and how personal data is processed, stored, and handled in MapTiler Cloud. You will learn what we store, where, for how long, and how to request deletion.
Our business is built around selling map products, not customers’ private data. We collect only the minimum information needed for running our services.
In general, we do not collect any personal data on you or your clients. Our maps contain no spy code, and we do not track end-user activities on the maps. No data is sold to any third-party advertisers, period.
We do track some anonymized customer behavior with Google Analytics, Hubspot, and Mautic. All this is done solely for analytical purposes.
What personal data is collected
On our webs, we set cookies solely to save customer preferences and login information. Depending on how you access the Cloud service, we save emails, Facebook, Twitter, or GitHub identifiers. If your browser has the “do not track signal” turned on, we do not set any cookies.
Email logins and passwords are stored in Google Firebase, which has a secured frontend and backend and uses HTTPS encryption for transferring data. Our team doesn’t have access to any saved passwords.
We use a third-party service for payment processing. Our team has no access to your card details. Our payment provider, FastSpring, adheres to all payment card industry standards like PCI-DDS and GDPR.
Our content delivery network, Cloudflare, stores the IP addresses of users are stored in memory for a limited time (maximum 20 minutes), after which they are automatically destroyed. This is required for security checks and logging malicious activities on the infrastructure, however, MapTiler does not handle visitor IP addresses at any time.
How personal data is handled
Our software and services are designed with privacy and security in mind. We use encryption everywhere that personal data is stored and conduct regular internal security audits. All team members undergo security and privacy training.
We maintain a completely different infrastructure for handling map data and personal data.
All customers’ personal data (login information, billing info, names, etc.) and map data are kept on fully redundant servers, both located in France. The data centers we use have strict security policies allowing physical access to servers only to authorized persons and our infrastructure providers are certified to ISO/IEC 27001 standards.
Only our standardized base map layers are stored and cached on a global infrastructure powered by Cloudflare. While absolutely no personal data is stored on this infrastructure, CloudFlare also maintains GDRP protocols. Customer data layers that are shown on the maps are stored on the MapTiler’s own servers.
Communication and requesting an account deletion
In case of any security incident which may affect you or your clients, we will contact you via email within 72 hours. If we planned any changes to the security policy, we would inform you via email.
We recognize the importance of an easy personal data deletion process. To request for your personal data to be deleted, please contact MapTiler Support. We will inform you when your request is fulfilled.
If you would (for some reason) use your past credentials (from the deleted account) again, in order to log into your (now deleted) MapTiler Cloud account - a new empty MapTiler Cloud account would be created for you. That might look like your previous account was never deleted, however, it is not the case. We handle account deletion requests with the highest priority and we always perform account deletions as our customers require.
How to login to your MapTiler Cloud account
The login process for your MapTiler Cloud account is fairly simple. You just chose one of the two available methods: “Sign in with email” or “Sign in with Google”. Keep in mind that once you select one of these options, you will have to use it every time when logging into your account in the future. The other thing that you have to keep in mind is that you shall not use a Gmail address for the “Sign in with email” option.
Conclusion
We make our livings by selling map products, not your personal data. With the core data centers in the EU, secure infrastructure, and a transparent business model, you can trust MapTiler Cloud as a GDPR-compliant map hosting partner.
Useful links
MapTiler Privacy Policy
MapTiler Blog: Maps and GDPR
Google Firebase GDPR Policy
FastSpring GDPR Policy
Cloudflare GDPR Policy
Contact us to request personal data deletion
Related guides
- Automatically created API key
- Check if MapLibre GL JS is supported
- Coordinates API
- Dataset upload - formats and limits
- Difference between 256x256, 512x512, and HiDPI/Retina rasterized tiles
- Disputed borders on your maps
- Exported Tiles Multiplier
- Generalization in maps
- How are the tile requests cached in web browser?
- How MapTiler map tiles are Generated and Delivered