Mapbox Legal Portal
Japan-Specific Legal Terms
Last updated May 8, 2024
1. Exclusion of Anti-Social Forces
1.1. Each party represents and warrants the following items to the other party.
(a) The party is not an organized crime group, an organized crime-related corporation, corporate racketeer or any person equivalent thereto or any member thereof (“Anti-Social Forces”);
(b) Any of its officers (meaning members who execute the businesses, directors, auditors, executive managers or persons equivalent thereto), employees, counsels or other advisers does not fall under Anti-Social Forces or have any socially criticized relationship with Anti-Social Forces;
(c) The party does not have any of the following relationships with Anti-Social Forces;
(i) relationship where it is deemed that the party uses Anti-Social Forces for the purpose of acquiring a wrongful gain for itself or a third party or for the purpose of causing damages to a third party; or
(ii) relationship under which the party is deemed to be involved in the management or operation of Anti-Social Forces through providing funds or the like or affording benefits to Anti-Social Forces
(d) The party does not allow Anti-Social Forces to use its name to conclude this Agreement; or
(e) The party does not, by itself or by using a third party, conduct any act using threatening language or violence in relation to this Agreement, or any act obstructing the business of the other party or damaging the credibility of the other party by spreading false rumors or by using fraudulent means or force, or any other unreasonable acts, each in violation of applicable law.
1.2. Either party terminate this Agreement and any Order without any demand by giving written notice to the other party if such other party falls under any of the preceding items. Such termination shall not preclude the terminating party from making a claim for damages against such other party.
1.3. If this Agreement is terminated under the preceding paragraph, the terminated party shall not make any claim for damages incurred by it as a result of such termination against the other party.
第1条(反社会的勢力の排除)
第1.1条
本契約当事者は、相手方に対し、次の各号の事項を表明し保証します。
(a) 自らが、暴力団、暴力団関係企業、総会屋もしくはこれらに準ずる者もしくはその構成員(以下「反社会的勢力」という。)ではないこと。
(b) 自らの役員(業務を執行する社員、取締役、監査役、執行役またはこれらに準ずる者をいう。)、従業員および顧問その他のアドバイザーが、反社会的勢力ではないこと、および反社会的勢力と社会的に非難される関係を有していないこと。
(c) 自ら反社会的勢力と次のいずれかの関係を有していないこと。
(i) 自らもしくは第三者の不正の利益を図る目的、または第三者に損害を与える目的をもって反社会的勢力を利用していると認められる関係
(ii) 反社会的勢力に対して資金等を提供し、または便宜を供与するなどして反社会的勢力の維持または運営に協力していると認められる関係
(d) 反社会的勢力に自己の名義を利用させ、本契約を締結するものでないこと。
(e) 自らまたは第三者を利用して、適用法令に違反して、本契約に関して、脅迫的な言動もしくは暴力を用いる行為、風説を流布し、または偽計もしくは威力を用いて、相手方の業務を妨害する行為、信用を毀損する行為その他不法な行為をしないこと。
第1.2条
本契約当事者は、相手方が前条各号のいずれかに該当した場合には、催告を要することなく当該相手方に書面で通知することにより、本契約及び注文書を解除することができます。当該解除は、解除した者による当該相手方に対する損害賠償請求を妨げません。
第1.3条
前条の規定により本契約が解除された場合には、解除をされた本契約当事者は、解除により生じた自己の損害について相手方に対して一切の請求を行わないものとします。
Privacy & Security FAQ
Last Updated: Aug 22, 2023
Mapbox provides a location data platform that powers maps and location services. Mapbox provides SDKs (software development kits) and APIs (application programming interfaces), which businesses and developers use to incorporate Mapbox mapping and navigation technologies into the licensed applications and websites they make. The SDKs contain libraries of software code which are incorporated into a customer’s licensed application or website. These libraries of software code facilitate API requests to Mapbox’s location data platform (which is a backend data server, hosted in the cloud (AWS-US)) which then responds with map and location content to the customer’s application or website.
In addition, Mapbox offers an on-premise version of its location data services, called Atlas.
No. Mapbox does not sell personal data.
No. For customers on a monthly active user (“MAU”) billing model, Mapbox maintains counts of MAUs for billing purposes only. Mapbox does not (and cannot) track an end user’s activity across billing cycles and does not build targeted profiles with the data processed through its products/services.
Mapbox applies the principle of data minimization to product development and operations in an effort to collect only limited data from the outset. Mapbox operates a number of technical and organization measures regarding the limited personal dataset that we process, such as strict access controls and prompt deletion of raw log files that contain IP addresses and billing IDs. Mapbox deploys regular ID rotation and 1-way hashing for billing IDs, which must be retained for accounting and billing purposes, to minimize the ability to track user requests over time. Billing IDs are not transmitted with unrelated events, further reducing the feasibility of correlating a user’s activities over time. In addition, Mapbox operates strict anonymization procedures, such as clipping traces, for telemetry events that send location data.
Communication through the Internet requires the presence of IP addresses, which specify each transmission’s origin and destination. When end users engage with applications that access Mapbox products/services through the Internet, the end user necessarily discloses their current IP address to one or more Mapbox servers. IP addresses are retained in cloudfront logs for 30 days for billing and customer usage reporting, unless involved in an ongoing security, anti-fraud, or misuse investigation.
Mapbox receives location data when a Mapbox customer’s end users uses a licensed application that incorporates Mapbox mobile SDKs and the end user has authorized the licensed application’s use of the end user’s device location via their mobile phone or device operating system.
Location data includes fields such as latitude and longitude, altitude, horizontal and vertical accuracy, a session ID rotating every 24 hours, and origin IP address (as would any Internet communication). The IP address that accompanies location data is retained at the load balancer (where it is used for security and PUBLISHED: Aug 22, 2023https://www.mapbox.com/legal/legal-faq Mapbox Customer FAQ, Page 3billing purposes and discarded after 30 days). This IP address is not forwarded to the location telemetry processing pipeline. Location data is encrypted in transit and at rest, and is subject to the principle of least access, with the minimal number of personnel and processes having access to it in its pre-aggregated form.
In the location data anonymization pipeline, the location data is then anonymized by clipping off the origin and destination of the trip and further dividing the trip into segments, which cannot be reassembled. The anonymized location data is then used to improve Mapbox mapping products, including the Traffic and Movement data products.
In AWS in the United States. However, for performance purposes, Mapbox regularly caches content on its AWS content delivery network (“CDN”) located in various regions. Mapbox employees who work for Mapbox wholly-owned subsidiaries may access personal data from the countries where they work in order to support, develop and provide Mapbox products/services.
No. Mapbox’s products/services store and serve source data from an AWS primary region in the US. As noted above, data is cached and served out of various regions outside the US for performance reasons, however Mapbox cannot serve its data from one limited geographic region. To comply with GDPR and safeguard transfers to the US and other countries, please see Mapbox's DPA, Schedule C, which includes the Standard Contractual Clauses released in 2021 by the European Commission.
Yes. Mapbox carefully scrutinizes the personal data it processes within its engineering lifecycle, which includes conducting a privacy review for new (or changed) processing activities. Mapbox follows privacy-by-design principles and works diligently to limit the personal data it processes from the outset. A DPIA is conducted in any situation in which processing of personal data may be considered high risk and not able to be accomplished in a lower risk manner.
Mapbox runs a global data protection program designed to operate in compliance with applicable global privacy laws, including: VCDPA (Virginia, USA), UCPA (Utah, USA), UK-GDPR (UK), TIPA (Tennessee, USA), TDPSA (Texas, USA),PIPEDA (Canada), MTCDPA (Montana, USA), LGPD (Brazil),IDPL (Iowa, USA), ICDPA(Indianna, USA), GDPR (Europe), CTDPA (Connecticut, USA), CCPA and its implementing regulations including CPRA (California, USA), CPA (Colorado, USA), and APPI (Japan), among many other important jurisdictions.
Mapbox’s privacy program is based on privacy by design, which includes monitoring for upcoming privacy laws and regulations to assess whether its practices may need to be adjusted to maintain compliance; product/service privacy reviews; data breach response processes; and operationalized technical and organizational measures designed to ensure the security of the personal data it receives including: security audits and SOC2 certification; anonymization & pseudonymization of personal data (where applicable); strict access control with logging; limited data retention periods.
Yes. Mapbox is SOC2 Type 2 certified with a summary SOC3 report available for customer review. In addition, Mapbox earned and maintains Trusted Information Security Assessment Exchange (“TISAX”) and ISO 9001 certifications. Upon request and execution of an NDA, Mapbox may share a copy of its latest SOC2 report.
Mapbox welcomes any further questions you may have regarding its ongoing commitment to privacy and data security. Please contact Mapbox’s privacy office at privacy@mapbox.com.
Want to receive updates on our sub-processors?
Please subscribe below: