Protecting data privacy is core to our platform. This privacy notice discloses the privacy practices for mapbox.com and all Mapbox services.
We collect very little personally identifiable information about you and store it securely. We share analytic data with service providers and partners, but this never includes personal information about your identity, like your name, email or phone number.
Information Collection, Use, and Sharing
We do not collect or store any personal information about you, except what you voluntarily provide through mapbox.com or other direct contact. We use third-party services like Google Analytics to help us provide and improve our service. We transfer personal information about users to third parties only if they provide a level of protection at least equivalent to the former U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.
We do collect IP addresses of devices accessing our services in our server logs, as well as information like internet domains, the date and time of a visit, and the pages accessed on mapbox.com. This information is used solely for diagnostic and analytic purposes in order to improve the services we provide.
Payment information is required for some Mapbox services, and may include your name, address, and credit card information. This information is used solely for billing purposes by our PCI-certified payment provider, Stripe. Your credit card information is encrypted and transmitted to Stripe securely via HTTPS. You can learn more about Stripe's security practices here.
Your credit card details are never stored on Mapbox systems, and no one at Mapbox can access them. A few privileged members of the Mapbox team have access to your credit card's expiration date to ensure your payment information remains valid.
Mobile Location Information
When a mobile application uses Mapbox technology, it may send Mapbox location and usage data, such as search requests, along with an ephemeral ID. We use this data to improve and provide our maps and other services. We do not connect this data to personal information about you, such as your name, email address or phone number.
We may share aggregated location data with developers building on Mapbox technology. Your personal information is not used or otherwise involved in either of these scenarios.
You can find more information about how we secure and use location data on our telemetry page.
Law Enforcement and Transparency
We require a subpoena or court order to provide non-content user information to law enforcement, like your name, means of payment, and length of service. We will only disclose user content, including maps or data stored, or location information, in response to a probable cause search warrant. If we have a good faith belief that there is an emergency involving the danger of death or severe physical injury, we may also provide the limited information necessary to prevent that harm, if we have it.
If we are ever forced to share your information, we'll notify you with the full details of the request before we disclose it unless legally prohibited by law or court order.
We post anonymized information about all law enforcement requests in our transparency report. Mapbox has never received a national security letter, FISA court order, or any other classified request for user information. If we ever receive such a request, we will review it carefully and make sure it follows the law (including the Fourth Amendment). If we believe a request is overly broad, we will seek to narrow it.
Finally, while we acknowledge that government sometimes must act to protect citizens' safety and security, we strongly believe that current laws regulating surveillance of individuals and access to user information need to be reformed. Mapbox has signed the Stop Watching Us petition and supports the principles of the Reform Government Surveillance open letter to Congress.
Children Under 13
Mapbox is not directed to children under the age of 13. If we learn a child under 13 is using our service, we'll terminate the child's account.
EU Data Protection
Mapbox certified with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Although the European Court of Justice struck down the safe harbor in October 2015, Mapbox continues to abide by the processes and practices that we implemented under the safe harbors, and we stand ready to rapidly implement new data transfer framework to replace Safe Harbor processes and practices, as European authorities provide further guidance.
- January 20, 2016: Updated to reflect EU Safe Harbor invalidation.
- July 24, 2015: We now participate in the EU Safe Harbor program.
- July 6, 2015: Added clarification regarding third party services, mobile data collection and user age requirements.
- March 27, 2015: Added guarantee that we will require a warrant for access to location information. Added exception to legal process requirements for life-threatening or similarly dire emergencies.