Mapka
Features Pricing
Sign In

Privacy Policy

Last updated: 16.10.2025

1. Who we are

This privacy policy explains how Mapka P.S.A ('we', 'us', 'our') processes personal data when you:

  • visit our public landing website (the 'Website'), and
  • register for and use our application (the 'App').

Data controller

  • Company name: Mapka P.S.A
  • Registered address: ul. Hermanowska 6A, 54-314 Wrocław, Poland
  • Email for privacy matters: privacy@mapka.dev

Mapka P.S.A is established in Poland and subject to the EU General Data Protection Regulation (GDPR) and Polish data protection laws.

2. Scope of this policy

This policy applies to:

  • Website visitors – people who browse our public Website without creating an account.
  • App users – people who register for and use the App.
  • People who contact us – for example by email or via in-App support.

It does not apply to third-party websites or services that we do not control, even if we link to them.

3. Personal data we collect

3.1 When you visit the Website (no account)

When you browse the Website, we process:

Technical and usage data (via PostHog in cookieless mode)

  • IP address
  • Browser type and version
  • Device and operating system information
  • Referrer URL and pages viewed
  • Date and time of access
  • Basic interaction events (e.g. page views, clicks, form submissions)
  • Error events (e.g. JavaScript exceptions)

We collect this using PostHog configured with cookieless_mode: 'always'. We do not use cookies or local/session storage for analytics on the public Website.

3.2 When you register and use the App

When you create and use an account in the App, we process:

Account and profile data

  • Name, username or handle
  • Email address
  • Password (stored in hashed form) or other login data
  • Any other account details you choose to provide

Usage and event data in the App (via PostHog)

  • Pages and screens you visit
  • Clicks, form submissions, and certain UI interactions
  • Features you use and how often
  • Technical data (IP address, browser, device, OS)
  • Error and exception data (error messages, stack traces, URLs)

Support and communication data

  • Content of your messages (support tickets, bug reports, feedback, emails)
  • Contact details you use (e.g. email address)
  • Any other information you choose to share with us

3.3 Data from third parties

We may receive limited personal data from:

  • Authentication services – (if enabled, e.g. 'Sign in with…') – basic identity data.
  • Payment providers – (if/when integrated) – such as billing details and transaction metadata.

4. Purposes and legal bases of processing

Under GDPR, we must have a lawful basis for each processing purpose.

4.1 Operating and securing the Website

Delivering content, ensuring security, measuring usage.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

4.2 Creating and managing your App account

Registration, authentication, access management.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

4.3 App analytics and product improvement

Understanding usage, improving reliability, debugging.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

4.4 Support and communication

Responding to enquiries, managing relationships.

Legal basis: Legitimate interests & Contract performance

4.5 Legal compliance and protecting our rights

Complying with legal obligations, defending legal claims, preventing fraud.

Legal basis: Legal obligation (Art. 6(1)(c) GDPR) & Legitimate interests

5. Cookies and similar technologies

5.1 Website – Cookieless analytics

On the public Website, PostHog does not store or read any data from cookies or local/session storage.

We count visitors using a privacy-preserving hash created on PostHog's servers from daily salt, IP, user agent, and hostname.

5.2 App – Cookies and local storage

In the App, PostHog uses first-party cookies and/or local storage for analytics accuracy and session management.

Strictly necessary technologies do not require consent. Where required by law, we obtain consent for non-essential analytics.

6. Our data processors

We use the following third-party services as data processors:

PostHog – Analytics & Error Tracking

Service: Product and web analytics, error tracking

Provider: PostHog Inc.

Hosting region: PostHog Cloud EU (Frankfurt, Germany)

More info: posthog.com/privacy

We have concluded a Data Processing Agreement (DPA) with PostHog. PostHog processes personal data only on our instructions and does not use this data for its own marketing or third-party advertising.

Stripe – Payment Processing

Service: Payment processing, billing, invoicing

Provider: Stripe, Inc.

Data processed: Billing details, payment card info, transaction data

More info: stripe.com/privacy

Stripe processes payment data as a data processor on our behalf. Stripe is PCI DSS Level 1 certified. We do not store your full payment card details on our servers – these are handled directly by Stripe.

PayPal – Payment Processing (optional)

Service: Payment processing (when selected by user)

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A.

Data processed: Billing details, PayPal account info, transaction data

More info: paypal.com/privacy

PayPal is only used when you choose PayPal as your payment method. In that case, PayPal processes your payment data as a data processor. We do not receive or store your full PayPal credentials – the transaction is handled directly by PayPal.

HubSpot – CRM & Communications

Service: CRM, email communications, customer support

Provider: HubSpot, Inc.

Data processed: Contact details, communication history, support tickets

More info: legal.hubspot.com/privacy-policy

HubSpot processes contact and communication data as a data processor on our behalf. We use HubSpot to manage customer relationships and provide support. HubSpot is certified under the EU-US Data Privacy Framework.

7. Recipients of personal data

We share personal data only when necessary and under appropriate safeguards:

  • 1
    Service providers

    Hosting, infrastructure, PostHog (analytics), email delivery, customer support tools.

  • 2
    Professional advisers

    Lawyers, accountants, auditors, insurers – under confidentiality.

  • 3
    Public authorities and courts

    Where required by law or to establish, exercise or defend legal claims.

We do not sell your personal data.

8. International data transfers

Mapka P.S.A is based in Poland and uses EU-based hosting for core services where possible, including PostHog Cloud EU.

If we transfer personal data outside the EEA or UK, we ensure appropriate safeguards:

  • An adequacy decision by the European Commission, or
  • Standard Contractual Clauses (SCCs) approved by the European Commission

Contact us at privacy@mapka.dev for more information about international transfers.

9. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy.

General retention period: 90 days

Unless a longer period is required by law or necessary for legal claims.

Analytics data

Up to 90 days, then deleted or anonymised

Account data

While account is active + 90 days after deletion

Support data

Up to 90 days after resolution

Legal/financial records

As required by Polish law (several years)

10. Your rights under GDPR

1

Right of access

Get a copy of your personal data

2

Right to rectification

Correct inaccurate data

3

Right to erasure

Request deletion of your data

4

Right to restriction

Limit how we process your data

5

Right to data portability

Receive data in machine-readable format

6

Right to object

Object to processing based on legitimate interests

7

Right to withdraw consent

Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at: privacy@mapka.dev

You also have the right to lodge a complaint with a data protection authority. In Poland: Prezes Urzędu Ochrony Danych Osobowych (PUODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl

11. Children's data

Our Website and App are not intended for children under 16, and we do not knowingly collect personal data from them.

If you believe that a child has provided us with personal data, please contact us so that we can delete such data without undue delay.

12. Changes to this privacy policy

We may update this privacy policy from time to time, for example if we change our services or if legal requirements change.

We will publish the updated policy on this page and update the 'Last updated' date. If the changes are significant, we may also inform you by email or through the App.