Privacy Policy

Last updated: 12 May 2025

This Privacy Policy explains how Mappii (“Mappii,” “we,” “our” or “us”) collects, uses, discloses, and safeguards personal data when you (“you” or “User”) access or use the Mappii platform (“Service”). We comply with the California Privacy Rights Act (CPRA), Illinois privacy law, the EU General Data Protection Regulation (GDPR), and other applicable regulations.

1. Information We Collect

  • Account Data – name, email address, username, and authentication credentials.
  • User Content – pins, photos, videos, captions, and location data you choose to post.
  • Device & Usage Data – IP address, browser type, referring URLs, device identifiers, and interaction data collected via cookies or similar technologies.
  • Payment Data – last four digits of card and billing ZIP/postal code (processed by Stripe; we do not store full card numbers).

2. How We Use Information

  • Provide, operate, and maintain the Service.
  • Personalize content and remember preferences.
  • Detect, prevent, and address fraud or security issues.
  • Communicate with you about updates, security alerts, or support messages.
  • Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases for Processing (GDPR Users)

We process personal data under one or more of the following bases: (i) consent, (ii) performance of a contract, (iii) legitimate interests (e.g., security, analytics), and (iv) legal obligation.

4. Cookies & Similar Technologies

We use cookies and local storage to keep you signed in, remember settings, and understand how the Service is used. You can manage cookies in your browser settings. For analytics we use Plausible Analytics (EU-hosted, no personal identifiers) and Google Analytics with IP anonymization.

5. Sharing & Disclosure

  • Service Providers – cloud hosting, payment processing (Stripe), email delivery, and analytics vendors who process data on our behalf under strict data-processing agreements.
  • Legal Requests – when required to comply with subpoenas, court orders, or other lawful requests.
  • Business Transfers – in connection with a merger, acquisition, or sale of assets. You will be notified before data is transferred and becomes subject to a new policy.

6. International Data Transfers

We host data in the United States. When personal data of EU/EEA residents is transferred to the U.S., we rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses to ensure equivalent protection.

7. Data Retention

We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy, comply with legal obligations, or resolve disputes. You may request deletion at any time (see Section 9).

8. Security

We employ industry-standard safeguards such as encryption in transit, least-privilege access controls, and regular security audits. Nevertheless, no online service is 100% secure.

9. Your Rights

  • GDPR (EEA Users) – right to access, rectify, erase, restrict, object, and data portability.
  • CPRA (California Residents) – right to know, delete, correct, and opt-out of the sale or sharing of personal information. We do not sell personal information.
  • Illinois Users – we do not collect biometric data; if this changes we will comply with the Illinois Biometric Information Privacy Act (BIPA).

To exercise any of these rights, email support@mappii.com. We will respond within the timeframe required by applicable law.

10. Children’s Privacy

Mappii is not directed to children under 13. We do not knowingly collect personal data from children. Parents who believe their child has provided us data may request deletion via support@mappii.com.

11. Changes to This Policy

We may update this Policy periodically. Material changes will be announced via in-app notice or email. The “Last updated” date reflects the current version.

12. Contact

Questions about this Privacy Policy? Email support@mappii.com.