Privacy Policy

Introduction

MapHighlight ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our map generation API service.

We are based in the European Union and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Password (encrypted)
• Billing information (processed securely by Stripe)

Usage Data

When you use our API, we collect:

• API requests (endpoints, parameters, timestamps)
• IP addresses
• Response times and success/error rates
• Usage statistics for billing and analytics

Technical Data

We automatically collect:

• Browser type and version
• Device information
• Cookies and similar tracking technologies

How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide and maintain our API service
• Account Management: To manage your account and authentication
• Billing: To process payments and manage subscriptions
• Analytics: To monitor usage and improve our service
• Support: To respond to your inquiries and provide customer support
• Security: To detect and prevent fraud, abuse, and security incidents
• Legal Compliance: To comply with legal obligations

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interest: Analytics, security, and service improvement
• Legal Obligation: Compliance with tax and financial regulations
• Consent: Marketing communications (you can opt-out anytime)

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Service Providers: Stripe (payments), Supabase (database hosting), Vercel (hosting)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger, acquisition, or sale of assets

Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain certain data for up to 90 days for legal and security purposes, then permanently delete it.

Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at maximilian.braun@posteo.de

Cookies

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Analytics (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

Data Security

We implement industry-standard security measures including encryption (TLS/SSL), secure authentication, regular security audits, and access controls. However, no method of transmission over the internet is 100% secure.

International Data Transfers

Your data may be transferred to and processed in countries outside the EU. We ensure adequate safeguards through Standard Contractual Clauses (SCCs) and service providers that comply with GDPR.

Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal data from children.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. Continued use after changes constitutes acceptance.

Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us: