Mapbox Legal Portal

Terms of ServicePrivacy PolicySupport Services

Support Services Agreement

(last updated June 5, 2023)

Enterprise Support Services

If you are on an Enterprise plan and your Order specifies one of the following support levels–Developer, Essential, Business or Premium–we will provide the corresponding services listed below.

Developer

  • Community resources- Access to our publicly available community forums and FAQs
  • API status notifications- Subscribe to text / email / Twitter updates: http://status.mapbox.com/

Essential (Everything listed above including)

  • Email support- Talk to one of our support engineers via help@mapbox.com
  • Response time for P3 Issues- 3 business days

Business (Everything listed above including)

  • Response time for P2 Issues- 1 business day
  • Response time for P1 Issues- 4 hours

Premium (Everything listed above including)

  • Response time for P0 Issues- 30 minutes
  • Collaborator Access- Access to a shared collaboration and communications space to improve communications and access to relevant Mapbox teams
  • Dedicated support engineer- A named engineer for support and implementation questions
  • Solutions guidance- Solution architecture review by in-house expert; Guided evaluation for new solution; Technical roadmap review
  • Proactive programs- Business and operations reviews; Access to private betas, product and engineering experts

Terminology

  • “Business day” is a full business day on Monday through Friday, 6:00 a.m. to 6:00 p.m. Pacific Time, excluding major U.S. holidays. A business day does not include a partial business day. Our team triages requests that come in outside of business hours on the following business day.
  • “P0 Issue” means a Service defect causing an outage for an in-production Licensed Application that you have confirmed, after your reasonable internal review, has resulted in a complete loss of service with no available workaround.
  • “P1 Issue” means a Service defect that materially impairs global functionality or results in regional outage, in each case for an in-production Licensed Application, where the workaround is difficult and/or not obvious.
  • “P2 Issue” means any defect with the Service that is impacting your Licensed Application that is not a P0 Issue or P1 Issue.
  • “P3 Issue” means a request that does not relate to a Service defect.
  • “Response Time” refers to the amount of time between your initial notification to us (by the authorized means described above) for an individual or series of related P0, P1, P2 or P3 Issues with the Services to when we provide our first response to your initial notification, each as determined by our systems and records.. Response time does not mean resolution of the issue and we provide no guarantee with respect to issue resolution. We retain the right, in our reasonable discretion, to reclassify the priority of any issue.

Response Time Guarantee

To receive a credit, you must contact us within 30 days after the end of the calendar month via email at info@mapbox.com and include the relevant information about any response time violations. If you are on a paid Support Services plan and we confirm that our average response time as specified herein for your Support Services plan failed to meet the average response time guarantee for the Support Services for any calendar month, we will provide you with the following Support Service credits, as a percentage of monthly Support Services fees:

Response Time Percentage

> 100% to 110% = 5% Support Service Credit

>110% to 150% = 15% Support Service Credit

>150% = 50% Support Service Credit

For example, you are a Premium customer and submitted 10 tickets in a calendar month with a target average response time of 4 hours, and the actual average response time was 4.2 hours, then the Response Time Percentage would be 105% (4.2 / 4.0), which would result in a Support Service credit of 5% of the Support Service fees owed for the month.

Support Service credits may not be exchanged for, or converted to, monetary compensation, and may only be used in connection with a purchase of Support Services for a Renewal Term. The maximum Support Services credit is 50% of the Support Service fees owed for the applicable calendar month.

Support Service credits are calculated as a percentage of the total charges you owe us for Support Services each month (e.g., your annual fee for Support Services divided by 12).

This Support Services Agreement is your sole and exclusive remedy (and our sole liability) for our Support Services.

Limitations

A response time is excluded from the response time guarantee, and will not count towards average response time calculations for purposes of Support Service credits, if:

  • the unavailability is due to scheduled downtime, provided we notify you at least 48 hours in advance;
  • you are in breach of the Agreement (including your payment obligations to us), or the unavailability is otherwise due to your actions; or
  • the unavailability is covered by force majeure provisions of the Agreement.

Privacy & Security FAQ

Last Updated:  December 2022

1. Is Mapbox a Software-as-a-Service (SaaS) company?

No. Mapbox is an API and SDK platform company. Mapbox customer end user applications send structured requests to Mapbox and then receive (from Mapbox) the requested information (e.g., a specific map tile or route from A to B).

2. Is Mapbox a hosting company?

No. However, some customers do choose to upload map data to Mapbox for distribution to their end users. Customers may elect to use Mapbox Upload APIs (currently, Uploads, Tilesets and Datasets), although customers may also technically restrict their developers from using the Upload APIs through token scoping.

3. Is Mapbox a Data Controller or a Data Processor?

Data Processor. Mapbox’s Data Processing Addendum (“DPA”) is incorporated into any applicable agreement with its customers and scoped broadly enough to encompass many global privacy laws. Mapbox's goal is to provide transparency about the data entrusted to it, how such data is used, and the technical and organizational measures designed to protect such data.

4. Does Mapbox have information security credentials?

Yes. Mapbox is SOC2 Type 2 certified and its summary SOC3 report is available for customer review. Upon request and execution of an NDA, Mapbox may share a copy of its latest SOC2 report.

5. How does Mapbox comply with privacy laws?

Mapbox takes privacy and data security very seriously and implements processes designed to operate in compliance with: VCDPA (Virginia, USA), UK-GDPR (UK), GDPR (Europe), CTDPA (Connecticut, USA), CCPA and its implementing regulations including CPRA (California, USA, and APPI (Japan), among many other important jurisdictions.

6. How does Mapbox manage compliance with global privacy laws?

Mapbox runs a global data protection program, based on privacy by design, which includes monitoring for upcoming privacy laws and regulations to assess whether its practices may need to be adjusted to maintain compliance; product/service privacy reviews; data breach response processes; and operationalized technical and organizational measures designed to ensure the security of the personal data it receives including: security audits and SOC2 certification; encryption of IP addresses in transit and at rest; pseudonymization of personal data (where applicable); strict access control with logging; limited data retention periods.

7. Is consent required to collect and process location data?

In some jurisdictions consent from the end user may be required to collect and process location based data (e.g., Virginia and Connecticut). To the extent customer’s end users are in such locations and customer’s application is implicated by these laws, customer shall obtain end users' affirmative express consent before making available to such end users Mapbox products/services within the customer’s licensed application that collects or processes location data. Additionally, customers shall at all times allow end users to opt out of location data sharing using one of the methods described in Mapbox’s developer documentation.

8. What types of personal data does Mapbox collect from end users and why?

Please see Mapbox DPA, Schedule B to learn what personal data may be collected and how it is used. Mapbox applies the principle of data minimization to product development and operations in an effort to ensure the least amount of personal data is collected from the outset. Regarding the limited personal dataset that Mapbox processes, it has implemented a number of technical and organization measures designed to ensure data protection, including prompt deletion of raw log files that contain IP addresses and billing IDs. For billing IDs, which need to be retained for accounting and billing purposes, Mapbox deploys regular ID rotation and 1-way hashing to minimize the ability to track user requests over time. In addition, Mapbox operates strict de-identification procedures, such as clipping traces, for telemetry events that send location data.

9. Why do Mapbox products/services collect the end users’ IP address?

Transmission of information across the Internet requires the presence of IP addresses, which define where information will be sent  and where such data is coming from. When end users engage with applications that access Mapbox products/services over the Internet, the end user necessarily discloses their current IP address to one or more Mapbox servers.

10. Where (geographically) is personal data that Mapbox receives processed?

The United States. However, for performance purposes, Mapbox regularly caches content on its AWS CDN network located in various regions. When content is unavailable in the CDN cache or where the API service requires custom calculations, the requests are routed to the US for processing. Mapbox also utilizes the services of employees who work for Mapbox wholly-owned subsidiaries in order  to support, develop and provide its products/services.

11. Can Mapbox limit its geographic processing to Europe (or another specific region)?

No. Mapbox’s products/services store and serve source data from an AWS primary region in the US. Data is sometimes cached and served out of various regions outside the US for performance reasons, as described in the questions/response above, but Mapbox cannot serve its data from one limited geographic region. To safeguard such transfers to the US and other regions, please see Mapbox's DPA, Schedule C, which includes the Standard Contractual Clauses released in 2021 by the European Commission.

12. Does Mapbox sell personal data?

No. Mapbox does not sell personal data or build targeted profiles with personal data processed through its products/services.

13. Does Mapbox track end users or build end user profiles?

No. For customers on a monthly active user (“MAU”) billing model, Mapbox maintains counts of such MAUs for billing purposes only. Mapbox does not (and cannot) track an end user’s activity across such 30 day billing cycles.

14. More questions?

Mapbox welcomes any further questions you may have regarding its ongoing commitment to privacy and data security. Please contact  Mapbox’s privacy office at privacy@mapbox.com.

Want to receive updates on our sub-processors?

Please subscribe below:

Stay tuned for updates!
Please enter an email address that includes @.
This is some text inside of a div block.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.