Privacy Policy

MapState Inc. ("MapState", "we", "us") is committed to protecting the privacy of our customers and their end users. This Privacy Policy explains how we collect, use, store, and share information when you use the MapState platform and services.

1. Information we collect

Account information

When you sign up, we collect your name, email address, and password (stored as a bcrypt hash). We also collect your workspace name and billing information (processed by Stripe — we do not store card numbers).

Property data

MapState processes property listings that you import or sync from your data sources. This data is stored on your behalf and used solely to power your map. We do not index, resell, or use your property data for any purpose other than delivering the MapState service to you.

Usage data

We collect logs of API requests, sync runs, and map embed views for debugging, performance monitoring, and billing purposes. These logs are retained for 90 days.

Browser data

We use cookies to maintain your session. We do not use third-party advertising cookies. Analytics (if enabled) is performed using privacy-preserving first-party analytics.

2. How we use your information

• To provide and operate the MapState service
• To sync and display your property data on maps
• To send transactional emails (sync alerts, billing receipts)
• To provide customer support
• To improve the platform (aggregated, anonymized usage patterns only)

We do not sell your data. We do not use your data to train AI models.

3. Data sharing

We share data with the following sub-processors to operate our service:

• Mapbox — for map tile rendering (tile requests include viewport coordinates only)
• Stripe — for payment processing
• Amazon Web Services (AWS) — for infrastructure hosting in the EU West region
• Postmark — for transactional email delivery

We will notify you within 72 hours of discovering a security breach that affects your data.

4. Data retention

Your property data is retained as long as your account is active. If you close your account, all workspace data is deleted within 30 days. Request data deletion at any time by emailing privacy@mapstate.com.

5. Your rights (GDPR)

If you are in the European Economic Area, you have the right to access, correct, export, or delete your personal data. Contact us at privacy@mapstate.com to exercise any of these rights. We respond within 30 days.

Our legal basis for processing your data is contract performance (to provide the service) and legitimate interest (to improve service reliability).

6. Security

MapState uses TLS 1.3 for all data in transit. Data at rest is encrypted using AES-256. We perform regular security reviews and penetration tests. Access to production infrastructure is restricted to core engineering staff via key-based authentication.

7. Cookies

We use a single session cookie (ms_session) to keep you logged in. This cookie is HttpOnly, Secure, and SameSite=Lax. It expires after 30 days of inactivity. We do not use advertising or tracking cookies.

8. Children

MapState is not intended for use by children under 16. We do not knowingly collect personal information from children.

9. Changes to this policy

We may update this policy periodically. Material changes will be communicated by email at least 14 days before taking effect. Continued use of MapState after that date constitutes acceptance.

10. Contact

Questions about this policy: privacy@mapstate.com
MapState Inc., 42 Avenue de l'Opéra, 75002 Paris, France