LEGAL HUB TERMS PRIVACY DPA REFUNDS COOKIES AVISO LEGAL
LEGAL · PRIVACY POLICY

Privacy
Policy

Last updated: April 10, 2026
Mapalyze
info@mapalyze.com

1. Introduction

Mapalyze is the commercial name under which Francisco Javier Rivera Suárez, self-employed professional (trabajador autónomo) with Spanish tax ID (NIF) 49058861-E and professional address at Calle Badajoz 9, 21600 Valverde del Camino, Huelva, Spain, operates. Francisco Javier Rivera Suárez, trading as Mapalyze, is the data controller for the purposes of the EU General Data Protection Regulation (GDPR) and Spanish data protection law (Organic Law 3/2018, LOPDGDD).

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, your rights, and the measures we take to keep your information safe.

2. When This Policy Applies

This Privacy Policy applies to all Services offered by Mapalyze, including www.mapalyze.com, our mobile applications for iOS and Android, and APIs. It does not apply to third-party services linked from our platform — those have their own privacy policies.

We process your personal data only when we have a valid legal basis:

  • Consent — where you have given clear consent for a specific purpose (e.g., marketing, optional analytics)
  • Contractual necessity — where processing is necessary to provide the Services you have subscribed to
  • Legal obligation — where processing is required to comply with applicable law (e.g., tax reporting)
  • Legitimate interest — where processing is necessary for our legitimate interests, such as fraud prevention, security, and improving our Services

4. Information We Collect

4.1 Information You Provide

When registering, subscribing, requesting a demo, or contacting us: your name, email address, company name, phone number, billing address, job title, and other information you choose to share. Payment information (card number, bank details) is collected and processed directly by Paddle as our Merchant of Record and is not stored by Mapalyze; we only receive billing metadata such as billing country, last four digits of the card, and transaction identifiers required for account reconciliation and tax reporting.

4.2 Information Collected Automatically

When you use our Services: IP address, device type and identifiers, operating system, browser type, pages visited, time and date of visits, referring URL, and interaction data. On mobile apps: hardware model, OS version, and unique device identifiers.

4.3 Geospatial and Location Data

As a mapping and field data collection platform, our Services collect and process location data including GPS coordinates, geographic boundaries, map annotations, GIS layer data, and address information. Where you search for addresses or request geocoding, routing, or reverse-geocoding, your query and approximate IP address are processed by our mapping service providers HERE Global B.V. (Netherlands) and MapTiler AG (Switzerland) solely for the purpose of returning the requested result. The full list of sub-processors, including those handling location data, is maintained in Section 8 of our Data Processing Agreement. Location data is processed only as necessary to provide the Services and is subject to the same protections as other Personal Data.

4.4 Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies. We obtain your consent before placing non-essential cookies. See our Cookie Policy for full details.

4.5 Information from Third Parties

We may receive personal data from Paddle (our Merchant of Record for paid subscriptions, providing billing country, transaction identifiers, and limited payment metadata), business partners, public databases, and referral partners to the extent permitted by applicable law.

5. How We Use Your Information

  • To provide, operate, maintain, and improve the Services
  • To create and manage your account and authenticate your identity
  • To process payments and manage billing
  • To send service-related notices, updates, and support messages
  • To send marketing communications where consented (opt out anytime)
  • To analyze usage patterns and improve the Services
  • To detect, prevent, and address fraud, abuse, and security risks
  • To comply with legal obligations and enforce our Terms of Service
  • To generate aggregated or anonymized data for lawful purposes

6. Information We Share

We do not sell your personal data. We share personal data only in the following circumstances:

6.1 Service Providers

We share data with third-party service providers (including cloud hosting, database storage, email delivery, payment processing, analytics, and customer support) who are contractually obligated to process data only as instructed and in accordance with applicable data protection law. Our current principal service providers and sub-processors — including Paddle.com Market Ltd (United Kingdom) as Merchant of Record for all paid subscriptions — are listed in Section 8 of our Data Processing Agreement. Web analytics on the public marketing website is provided by Google LLC (United States) via Google Analytics 4, subject to your prior cookie consent; see our Cookie Policy for details and how to withdraw consent.

6.2 Business Accounts

If your employer provided access to Mapalyze, we may share your personal data and usage information with them to administer the account.

6.3 Legal Requirements

We may disclose personal data if required by law, regulation, legal process, or governmental request, or to protect our rights, your safety, or the safety of others.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of business assets. We will notify you of any such change.

6.5 With Your Consent

We may share personal data for other purposes with your explicit consent.

7. International Data Transfers

Mapalyze is based in Spain (EU). Your personal data may be transferred to countries outside the European Economic Area (EEA) where some of our service providers operate. When we transfer personal data outside the EEA, we ensure appropriate safeguards including:

  • Transfers to countries with an EU adequacy decision, including the United Kingdom (adopted 28 June 2021) where Paddle is established as our Merchant of Record, and the United States under the EU-U.S. Data Privacy Framework where the recipient is certified
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other legally recognized transfer mechanisms under Article 46 GDPR

You may request a copy of the safeguards we use by contacting info@mapalyze.com.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected:

  • Account data — retained for the duration of your account and 5 years after closure, as required by Spanish commercial and tax law
  • Geospatial and field data — retained for the duration of your subscription; you have 90 days after termination to export before deletion, consistent with the retention commitment on our Pricing page
  • Billing and invoice data — retained by Paddle as Merchant of Record in accordance with Paddle's retention policy and applicable tax law; retained by Mapalyze for 6 years where required by Spanish tax and commercial regulations (Ley 58/2003 General Tributaria, Real Decreto 1619/2012)
  • Marketing data — retained until you withdraw consent or opt out
  • Technical logs — retained for up to 12 months for security and troubleshooting

9. Your Privacy Rights

Under GDPR and the LOPDGDD, you have the following rights. To exercise any of them, contact us at info@mapalyze.com. You may also lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es.

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete data
  • Right to Erasure — request deletion when data is no longer necessary or you withdraw consent
  • Right to Restriction — request restriction of processing in certain circumstances
  • Right to Data Portability — receive your data in a structured, machine-readable format
  • Right to Object — object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent — withdraw consent at any time without affecting prior lawful processing

Spanish residents also have rights established in Title X of the LOPDGDD, including the right to digital disconnection in employment contexts.

California Residents (CCPA/CPRA)

California Residents (CCPA/CPRA). Mapalyze does not sell personal information. If you are a California resident, you have the right to know what personal data we collect, request deletion of your data, and opt out of any sharing of personal information. To exercise these rights, contact us at info@mapalyze.com.

Brazilian Residents (LGPD)

Brazilian Residents (LGPD). If you are a resident of Brazil, you have equivalent rights to EU data subjects under the GDPR, as provided by the Lei Geral de Proteção de Dados (LGPD). To exercise your rights, contact us at info@mapalyze.com.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, regular security testing, and access logging and monitoring. In the event of a personal data breach, we will notify you without undue delay in accordance with GDPR Article 33.

11. Children

Our Services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child under 16 has provided us with personal data, please contact us at info@mapalyze.com and we will take steps to delete such data.

12. Contact and Updates

We may update this Privacy Policy from time to time. Material changes will be communicated by email or prominent notice in the Services. We encourage you to review this policy periodically.

info@mapalyze.com

Open the Web App