Privacy Policy
Effective date: 15 April 2026
This Privacy Policy explains what personal data MapRiot collects, how it is used, and your rights under the General Data Protection Regulation (GDPR).
Controller: Patrik Drhlík, IČO: 04472551, Ještědská 37, Liberec XIX-Horní Hanychov, 460 08 Liberec, Czech Republic — support@mapriot.com
1. What we collect
When you create an account:
- Name
- Email address
- Password (stored as a cryptographic hash — we never see your plaintext password)
When you use the Service:
- API key usage — request counts by type and timestamps, associated with your account
- Session data — a single cookie to keep you logged in
- Server logs — IP addresses, request URLs, timestamps, and HTTP headers are logged for security and debugging purposes. Logs are retained for a limited period and then deleted.
We do not collect payment card details. Payments are handled separately by invoice.
2. How we use your data
| Purpose | Legal basis |
|---|---|
| Account creation and authentication | Contract — Art. 6(1)(b) GDPR |
| Sending activation and transactional emails | Contract — Art. 6(1)(b) GDPR |
| Usage tracking and billing | Contract — Art. 6(1)(b) GDPR |
| Detecting abuse and protecting the Service | Legitimate interest — Art. 6(1)(f) GDPR |
We do not use your data for advertising. We do not sell or share your data with third parties.
3. Cookies
We use a single session cookie to keep you logged in. There are no tracking cookies or third-party advertising cookies.
Website analytics run on self-hosted Umami, which is cookieless and does not collect personally identifiable information.
4. Where your data is stored
All data is stored on servers located in the Czech Republic (EU). Your data is not transferred outside the European Economic Area.
5. Third-party services
We do not share your personal data with third parties except where required by law or a court order.
Email is sent from our own mail server. No third-party email marketing services are used.
6. Data retention
Account data is kept for as long as your account is active. If you close your account, your personal data will be deleted within 30 days, except where retention is required by law.
Usage data (request counts) may be retained in anonymized or aggregated form for longer periods for security and abuse detection purposes.
7. Your rights
Under GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your account and personal data
- Portability — receive your data in a machine-readable format
- Restriction — ask us to limit how we process your data
- Object — object to processing based on legitimate interests
Contact us at support@mapriot.com to exercise any of these rights. We will respond within 30 days.
You also have the right to lodge a complaint with the Czech data protection supervisory authority, the Office for Personal Data Protection (ÚOOÚ).
8. Security
Passwords are stored as cryptographic hashes and are never accessible in plaintext. The database is not exposed publicly. We take reasonable technical and organizational measures to protect your data, but no system is completely secure.
9. Automated decision-making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.
10. Children
The Service is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post a notice in the dashboard before significant changes take effect.
12. Contact
Patrik Drhlík, IČO: 04472551 Ještědská 37, Liberec XIX-Horní Hanychov, 460 08 Liberec, Czech Republic support@mapriot.com