.mapp
Sign in

Privacy Policy

Last updated: June 21, 2026

This policy explains what personal data .mapp processes, why, and the rights you have under the General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for the processing of your personal data is the operator named in our Impressum.

2. What data we process

Account data: your email address and, if you sign in via Google or GitHub, the profile information those providers return (such as name and avatar).

Travel data you enter: visited countries, regions and cities, dates, notes, and home locations.

Imported data: Swarm / Foursquare export files that you choose to upload.

Technical data: your IP address and browser/device information, processed transiently during authentication and bot protection.

3. Legal bases

Art. 6(1)(b) GDPR — performance of a contract: providing the account and map features you sign up for.

Art. 6(1)(f) GDPR — legitimate interest: securing the service against automated abuse and operating error monitoring.

Art. 6(1)(a) GDPR — consent: only for optional features, and only where we ask for it.

4. Processors and third parties

Supabase — database and authentication, hosted in the EU (Frankfurt).

Vercel — web hosting.

Sentry — error monitoring, EU region.

OpenFreeMap — map tiles; no personal data is sent to it.

Google / GitHub — only if you choose OAuth sign-in.

hCaptcha — bot protection, operated by Intuition Machines, Inc. (Miami, USA). It processes minimal technical data (IP address, browser/device information) on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in preventing automated abuse. This involves a transfer to the USA, which is safeguarded by the EU Standard Contractual Clauses (SCCs) included in hCaptcha's terms.

5. International transfers

Where personal data is transferred outside the EU/EEA (for example to hCaptcha in the USA), the transfer is safeguarded by the EU Standard Contractual Clauses.

6. Retention

We keep your account data for as long as your account exists. When you delete your account, your personal data is erased immediately; only an anonymous record that a deletion occurred is retained for accountability.

7. Your rights

You have the right of access, rectification, erasure, restriction of processing, data portability, and objection regarding your personal data.

You can export all of your data and delete your account at any time under Settings → Privacy.

You also have the right to lodge a complaint with a data-protection supervisory authority.

8. Cookies

We use only essential cookies required for authentication. We do not use advertising or tracking cookies, so no consent banner with choices is required.

9. Changes to this policy

We may update this policy from time to time; the date above always reflects the current version.

Contact for privacy requests

For any data-protection request, email: privacy@stylive.com