We want all our events to offer a positive and safe environment for all attendees. Just like we believe that more diverse teams build better products, we know that diverse representation at events ultimately creates a stronger community.
We follow a Code of Conduct for all our events in order to create the best experience possible for all attendees. Before you participate in a Mapbox event, please review the Code of Conduct below.
Mapbox also supports the Diversity Charter , a commitment to our best faith effort to make all our events diverse.
All attendees, speakers, sponsors, vendors, partners and volunteers at our conferences/events are required to adhere to the following Code of Conduct. Mapbox event organizers will enforce this Code throughout the event.
Our aim in hosting events is to build community. To that end, our goal is to create an environment where everyone feels welcome to participate, speak up, ask questions, and engage in conversation. We invite all those who participate in this event to help us create safe and positive experiences for everyone.
Every Mapbox event/conference is dedicated to providing a harassment-free environment for everyone, regardless of gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, or religion (or lack thereof). We do not tolerate harassment of participants in any form. Sexual language and imagery is not appropriate during any aspect of the event/conference, including talks, workshops, parties, social media such as Twitter, or other online media.
Conference participants violating these rules may be sanctioned or expelled from the event/conference without a refund at the discretion of the organizers. Participants asked to stop any harassing behavior are expected to comply immediately.
Events at Mapbox Offices
When attending an event at a Mapbox office, we ask that you stay within the designated event area and do not enter any conference rooms or other facilities unless they have been clearly identified as part of the event. Our employees may be working in non-event parts of the office, and we ask that you respect the space and their work while you are visiting.
Reporting an Incident
If you see, overhear or experience a violation of the Code of Conduct during an event, please seek out the nearest Mapbox team member to escalate your complaint. If you cannot find a team members, or would like to report a violation after an event, you may email firstname.lastname@example.org.
When we host events, we often have a photographer or videographer capturing the event. By attending you agree to be photographed or recorded, and you agree that Mapbox will be the sole copyright owner of such media. Mapbox reserves the right to use any media taken at any event hosted by Mapbox without the express written permission of those included within the media, and you waive any rights therein. Mapbox may use the photo or recording in publications or other media material produced, used or contracted by Mapbox including but not limited to: brochures, invitations, books, newspapers, magazines, television, websites, etc. We do attempt to respect each individual’s preferences for privacy — please feel free to speak with our photographers/videographers if for any reason you would rather not be filmed or photographed.
Please refer to our Media Guidelines for using Mapbox-provided media assets.
This Code of Conduct was adapted from the following open resources:
This Code of Conduct is available under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.
Last Updated: December 2022
No. Mapbox is an API and SDK platform company. Mapbox customer end user applications send structured requests to Mapbox and then receive (from Mapbox) the requested information (e.g., a specific map tile or route from A to B).
No. However, some customers do choose to upload map data to Mapbox for distribution to their end users. Customers may elect to use Mapbox Upload APIs (currently, Uploads, Tilesets and Datasets), although customers may also technically restrict their developers from using the Upload APIs through token scoping.
Data Processor. Mapbox’s Data Processing Addendum (“DPA”) is incorporated into any applicable agreement with its customers and scoped broadly enough to encompass many global privacy laws. Mapbox's goal is to provide transparency about the data entrusted to it, how such data is used, and the technical and organizational measures designed to protect such data.
Yes. Mapbox is SOC2 Type 2 certified and its summary SOC3 report is available for customer review. Upon request and execution of an NDA, Mapbox may share a copy of its latest SOC2 report.
Mapbox takes privacy and data security very seriously and implements processes designed to operate in compliance with: VCDPA (Virginia, USA), UK-GDPR (UK), GDPR (Europe), CTDPA (Connecticut, USA), CCPA and its implementing regulations including CPRA (California, USA, and APPI (Japan), among many other important jurisdictions.
Mapbox runs a global data protection program, based on privacy by design, which includes monitoring for upcoming privacy laws and regulations to assess whether its practices may need to be adjusted to maintain compliance; product/service privacy reviews; data breach response processes; and operationalized technical and organizational measures designed to ensure the security of the personal data it receives including: security audits and SOC2 certification; encryption of IP addresses in transit and at rest; pseudonymization of personal data (where applicable); strict access control with logging; limited data retention periods.
In some jurisdictions consent from the end user may be required to collect and process location based data (e.g., Virginia and Connecticut). To the extent customer’s end users are in such locations and customer’s application is implicated by these laws, customer shall obtain end users' affirmative express consent before making available to such end users Mapbox products/services within the customer’s licensed application that collects or processes location data. Additionally, customers shall at all times allow end users to opt out of location data sharing using one of the methods described in Mapbox’s developer documentation.
Please see Mapbox DPA, Schedule B to learn what personal data may be collected and how it is used. Mapbox applies the principle of data minimization to product development and operations in an effort to ensure the least amount of personal data is collected from the outset. Regarding the limited personal dataset that Mapbox processes, it has implemented a number of technical and organization measures designed to ensure data protection, including prompt deletion of raw log files that contain IP addresses and billing IDs. For billing IDs, which need to be retained for accounting and billing purposes, Mapbox deploys regular ID rotation and 1-way hashing to minimize the ability to track user requests over time. In addition, Mapbox operates strict de-identification procedures, such as clipping traces, for telemetry events that send location data.
Transmission of information across the Internet requires the presence of IP addresses, which define where information will be sent and where such data is coming from. When end users engage with applications that access Mapbox products/services over the Internet, the end user necessarily discloses their current IP address to one or more Mapbox servers.
The United States. However, for performance purposes, Mapbox regularly caches content on its AWS CDN network located in various regions. When content is unavailable in the CDN cache or where the API service requires custom calculations, the requests are routed to the US for processing. Mapbox also utilizes the services of employees who work for Mapbox wholly-owned subsidiaries in order to support, develop and provide its products/services.
No. Mapbox’s products/services store and serve source data from an AWS primary region in the US. Data is sometimes cached and served out of various regions outside the US for performance reasons, as described in the questions/response above, but Mapbox cannot serve its data from one limited geographic region. To safeguard such transfers to the US and other regions, please see Mapbox's DPA, Schedule C, which includes the Standard Contractual Clauses released in 2021 by the European Commission.
No. Mapbox does not sell personal data or build targeted profiles with personal data processed through its products/services.
No. For customers on a monthly active user (“MAU”) billing model, Mapbox maintains counts of such MAUs for billing purposes only. Mapbox does not (and cannot) track an end user’s activity across such 30 day billing cycles.
Mapbox welcomes any further questions you may have regarding its ongoing commitment to privacy and data security. Please contact Mapbox’s privacy office at email@example.com.
Please subscribe below: