This article will describe what minimal data is collected, and how personal data are processed, stored, and handled in MapTiler Cloud. You will learn what we store, where, for how long, and how to request deletion.
Important notice
Our business is built around selling map products, not customers' private data. We collect only the minimum information needed for running our services.
In general, we do not collect any personal data on you or your clients. Our maps contain no spy code, and we do not track end-user activities on the maps. No data is sold to any third-party advertisers, period.
We do track some anonymized customer behavior with Google Analytics, Hubspot, and Mautic for analytical purposes.
What personal data is collected
On our webs, we set cookies solely to save customer preferences and login information. Depending on how you access the Cloud service, we save emails, Facebook, Twitter, or Github identifiers. If your browser has the “do not track signal” turned on, we do not set any cookies.
Email logins and passwords are stored in Google Firebase, which has a secured frontend and backend and uses HTTPS encryption for transferring data. Our team doesn’t have access to any saved passwords.
We use a third-party service for payment processing. Our team has no access to your card details. Our payment provider, FastSpring, adheres to all payment card industry standards like PCI-DDS and GDPR.
Our content delivery network, Cloudflare, stores IP addresses of users are stored in memory for a limited time (maximum 20 minutes), after which they are automatically destroyed. This is required for security checks and logging malicious activities on the infrastructure, however, MapTiler does not handle visitor IP addresses at any time.
How personal data is handled
Our software and services are designed with privacy and security in mind. We use encryption everywhere that personal data is stored and conduct regular internal security audits. All team members undergo security and privacy training.
We maintain a completely different infrastructure for handling map data and personal data.
All customers' personal data (login information, billing info, names, etc.) and map data are kept on fully redundant servers, both located in France. The data centers we use have strict security policies allowing physical access to servers only to authorized persons and our infrastructure providers are certified to ISO/IEC 27001 standard.
Only our standardized base map layers are stored and cached on a global infrastructure powered by Cloudflare. While absolutely no personal data is stored on this infrastructure, CloudFlare also maintains GDRP protocols. Customer data layers that are shown on the maps are stored on the MapTiler’s own servers.
Communication and requesting a deletion
In case of any security incident which may affect you or your clients, we will contact you via email within 72 hours. If we planned any changes to the security policy, we would inform you via email.
We recognize the importance of an easy personal data deletion process. To request for your personal data to be deleted, please contact us. We will inform you when your request is fulfilled.
Conclusion
We make our livings by selling map products, not your personal data. With the core data centers in the EU, secure infrastructure, and a transparent business model, you can trust MapTiler Cloud as a GDPR-compliant map hosting partner.
Useful links
MapTiler Privacy Policy
MapTiler Blog: Maps and GDPR
Google Firebase GDPR Policy
FastSpring GDPR Policy
Cloudflare GDPR Policy
Contact us to request personal data deletion