Privacy Policy
Last updated: July 4, 2026
This policy explains what personal data Mapteek (“we”, “us”) collects when you use our website and editor or place an order, why we collect it, who processes it for us, and the rights you have over it. The short version: we collect what an order needs, analytics run only if you opt in, and we never sell personal data or use it for third-party advertising. Mapteek is the data controller for the processing described here; contact us anytime at orders@mapteek.com.
1. What we collect
- Identity & contact data — your name, email address, and shipping address, collected when you order or contact us.
- Order & design data — the poster you created: the place, map area and coordinates, theme, size, framing, and any custom text, plus your order history and delivery status.
- Payment data — processed entirely by Stripe on Stripe-hosted pages. We never receive or store your card number; we receive a payment confirmation and the billing name/email Stripe shares to fulfill the order.
- Communications — emails you send us and our replies, kept to handle support and disputes.
- Usage data (only with consent) — pages visited and in-editor events (such as generating a preview or starting checkout) via Google Analytics, only after you accept the cookie banner. We configure analytics without advertising features.
- Approximate location (not stored) — on your first visit, your browser asks GeoJS which city your IP address suggests so the landing animation can open on your own city. The lookup runs in your browser; we do not receive, log, or store your IP address or the result, and it is never linked to you.
- Feature inputs sent to providers — city searches go from your browser to OpenStreetMap’s Nominatim to find places, map tiles load from OpenFreeMap, and the “Suggest a look” feature sends the city name and our theme list to Google’s Gemini model via Firebase. None of these include your name, email, or order details.
2. Why we process it (and our legal bases)
Where GDPR or similar laws apply, we rely on the following bases:
- Performing our contract with you — producing, shipping, and supporting your order; sending order confirmations and delivery updates.
- Legal obligation — keeping transaction records for tax and accounting, and handling consumer-rights requests.
- Legitimate interests — preventing fraud and abuse, securing the Service, and improving it based on aggregate, de-identified information. We balance these interests against your rights.
- Consent — analytics cookies (the banner), and any marketing email if you ever explicitly opt in. You can withdraw consent at any time; withdrawal doesn’t affect processing that already happened.
3. Cookies & similar technologies
On our own pages we use exactly two kinds of browser storage:
- mapteek-consent (localStorage, ours, persists until you clear it) — remembers your cookie-banner choice. Contains only “granted” or “denied”. Set regardless of your choice; strictly functional.
- _ga and _ga_* cookies (Google Analytics, up to 24 months) — set only after you choose “Allow analytics”. Used to distinguish visitors and sessions so we can see which pages, cities, and themes people engage with. Google advertising signals are disabled.
Stripe’s hosted checkout sets its own strictly-necessary cookies under Stripe’s privacy policy. To withdraw analytics consent, clear this site’s data in your browser (the banner will ask again) or use Google’s opt-out add-on. Because analytics only run after opt-in, browser “Do Not Track” and Global Privacy Control signals are effectively honored: without your explicit consent, no tracking occurs.
4. Who processes data for us
We share personal data only with processors that need it to run the Service, under contracts that restrict them to processing on our instructions:
- Stripe (payments) — billing details you enter on their pages. Policy
- Gelato (print & delivery) — your name, shipping address, and the poster file. Policy
- Resend (transactional email) — your email address and order summaries. Policy
- Google Cloud / Firebase (hosting, database, storage, AI suggestions) — order records and poster files live on Google Cloud infrastructure. Policy
- Google Analytics (usage statistics) — only with your consent, as described above.
We do not sell or rent personal data, we do not share it with data brokers or advertisers, and we do not send marketing email unless you explicitly opt in. We may disclose data if the law requires it, to protect our rights or users’ safety, or as part of a business transfer — in which case this policy continues to apply to it.
5. International transfers
Our providers operate globally; data may be processed in the United States and the European Union. Where data of EU/EEA, UK, or Swiss residents is transferred internationally, our providers rely on recognized safeguards — such as the EU–US Data Privacy Framework and Standard Contractual Clauses — as described in their policies linked above.
6. How long we keep it
- Order records (design, shipping, invoices) — kept for as long as needed for accounting, warranty, and reprints; transaction records are typically retained 7 years to meet tax obligations.
- Poster previews that never become orders — cleaned up periodically.
- Support emails — kept while relevant to the relationship, then deleted.
- Analytics data — retained in Google Analytics for at most 14 months, in aggregate form.
7. Security
All traffic to the Service is encrypted in transit (TLS). Order data is stored on Google Cloud infrastructure with access controls, and payment credentials never touch our systems. No internet service can promise absolute security, but if a breach ever affects your personal data we will notify you and the relevant authorities as the law requires.
8. Your rights
Wherever you live, email orders@mapteek.com to exercise your rights and we will respond within 30 days. We may ask you to verify ownership of the email address associated with the data.
- EU/EEA & UK (GDPR) — you can request access to your data, correction, deletion, restriction of processing, a portable copy, or object to processing based on legitimate interests; you can withdraw consent at any time; and you can lodge a complaint with your local supervisory authority.
- California (CCPA/CPRA) — you can request to know, correct, or delete the personal information we hold about you, and you will never be discriminated against for exercising these rights. We do not “sell” or “share” personal information as those terms are defined in the CCPA, and we do not use sensitive personal information beyond what the law permits without consent.
- Everywhere else — we honor the same requests (access, correction, deletion) as a matter of policy, subject to records we must keep by law (for example, tax records of completed transactions).
9. Children
The Service is not directed at children under 16 and we do not knowingly collect their data. If you believe a child has provided us personal data, contact us and we will delete it.
10. Changes to this policy
When we change this policy we update the date above; for material changes we will post a notice on the site. Earlier versions are available on request. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy — but we will always ask again before any new kind of tracking.
11. Contact
Privacy questions, requests, or complaints: orders@mapteek.com · contact page.