Your privacy is important.
We minimize the information we collect, we store it securely, and when we use third-party services, we ensure that they follow privacy best-practices.
Information We Collect
Account Information: If you sign up for a Mapbox account, we may collect information that you provide to us in connection with setting up the account, such as your username, name and email address. Further, in the course of using your account, you may provide us with additional information through your communications with us.
Hosted Data: In using your account, you may upload data to Mapbox so that Mapbox can host it for you as part of providing the Mapbox services.
Payment Information: Payment is required for some Mapbox features and services, and we may ask you to provide certain information, including your name, address, email, and credit card information, in connection with processing your transactions with Mapbox.
All of our credit card processing is handled directly by our third-party PCI-certified payment provider, Stripe, and your credit card information is encrypted and transmitted directly and securely to Stripe via HTTPS. Your credit card details are never stored on Mapbox systems, and Mapbox only retains access to credit card expiration dates to ensure that payment information remains valid.
Website Logs and Cookies: We automatically collect certain information when you access or use our website. For example, we collect IP addresses of devices accessing our website in our server logs, as well as information like internet domains, the date and time of a visit, and the pages accessed on Mapbox.com.
API Logs: We automatically collect certain technical information whenever a product or service that integrates Mapbox services makes a request to Mapbox APIs. This includes, among other things IP address, browser type, the time of the request, usage data, and operating system. A full list is available here.
Mobile Data: When a mobile application uses Mapbox SDKs, it may send to Mapbox certain limited location and usage data along with an ephemeral ID. We also use a more stable ID for the limited purpose of tracking the number of monthly active users connected to our developer customers. If we collect location data, we do not associate it with any identifying information, including names, permanent IDs, email addresses, IP addresses, or phone numbers. You can find more information about how we secure and use location data on our temetry page.
How We Use the Information We Collect
Account and Payment Information: We use the account and payment information we collect to provide our services to you, to maintain your accounts, and to process your transactions. We also may use certain information, such as your email address, to tell you about new Mapbox products or features that may be of interest to you. If you receive promotional emails from Mapbox, you can opt out by following the instructions in those emails. We use payment information solely for billing purposes by our payment provider, Stripe.
Hosted Data: We use Hosted Data to provide our services to you.
API Logs and Mobile Data: We use the data collected through our services (1) for internal diagnostic and analytic purposes (2) to improve our mapping products and services and (3) to provide our services to end users of our customers.
When We Share the Information We Collect With Third Parties
Account Information: We may share your account information with our vendors, consultants and other service providers who need access to such information to carry out work on our behalf.
Payment Information: We will not disclose payment information to any person or entity other than our payment provider, Stripe, as described above in the “Information We Collect” section.
Hosted Data: We do not disclose Hosted Data except as directed by you.
Website Logs and Cookies: We use third-party services like Google Analytics to help us collect and process website logs and cookies.
API Logs and Mobile Data: We do not share location data or usage data with third parties. We use information collected from our services to create aggregated and anonymized usage statistics that we may share with third parties.
Rare and Limited Disclosures: We may share information in our possession in response to a request if we believe disclosure is in accordance with, or required by, any applicable law, regulation or legal process. For more information, see “Law Enforcement and Transparency,” below.
We may also share the information we collect in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company. We may also share information among our current and future parents, affiliates, subsidiaries and other companies under common control and ownership.
Your Choices About What We Do With the Information We Collect
Account and Payment Information: Certain account information is optional, and you may choose not to provide it to Mapbox. Note that some of this account information is necessary for related Mapbox services or features to work – for example, if you do not provide payment information, you cannot take advantage of features that require payment.
Website Logs and Cookies: You may delete cookies from your computer, and most browsers provide the option to block cookies. Note that if you block cookies, portions of Mapbox.com may not work as intended.
API Logs and Mobile Data: If you are an end user of a product or service that integrates Mapbox services, your privacy options will be largely determined by the developer of the product or service. In addition to any privacy options that the developer may have provided you with, you may also be able to control the applications that can collect information about your precise location by using the settings available on your device.
Your Access to and Control of the Information We Collect
In General: If you believe that Mapbox holds information that would allow us to correct, amend, or delete inaccurate information about you or if you believe that information about you has been processed in violation of the EU-U.S. Privacy Shield Principles, please email us at email@example.com.
Account Information, Hosted Data and Payment Information: You may update, correct or delete information about you that you have provided to Mapbox at any time by emailing us at firstname.lastname@example.org. If you wish to delete or deactivate your account, please email us at email@example.com, but note that we may retain certain information as required by law or to protect our rights and property.
API Logs and Mobile Data: Mapbox does not retain information that identifies any end users of our developers’ applications. It is therefore generally not feasible for us to provide information that is tied to their identities.
Law Enforcement and Transparency
In General: Although we acknowledge that government sometimes must act to protect citizens' safety and security, we strongly believe that current laws regulating surveillance of individuals and access to user information need to be reformed. Mapbox has signed the Stop Watching Us petition and supports the principles of the Reform Government Surveillance open letter to Congress.
We post anonymized information about all law enforcement requests in our transparency report. Mapbox has never received a national security letter, FISA court order, or any other classified request for user information. If we ever receive such a request, we will review it carefully and make sure it follows the law (including the Fourth Amendment). If we believe a request is overly broad, we will seek to narrow it.
If we have a good faith belief that there is an emergency involving the danger of death or severe physical injury, we may disclose limited information necessary to prevent that harm.
Account Information, Hosted Data and Payment Information: We require a subpoena or court order to provide information about our developers’ accounts, such as the name associated with the account, means of payment, and length of service. If we are ever forced to share identifiable information about you, we'll notify you with the full details of the request before we disclose it unless we are legally prohibited from doing so by law or court order.
API Logs and Mobile Data: We will only disclose information collected through our services, including maps and associated data and location information, in response to a subpoena or court order.
U.S.-EU Privacy Shield and U.S.-Swiss Safe Harbor Framework
If we transfer personal data from the European Union or Switzerland to the United States, we will comply with the U.S.-EU Privacy Shield Framework Principles and the U.S.-Swiss Safe Harbor Framework, as described in our Privacy Shield certification and U.S.-Swiss Privacy Shield certification. For more information about the Principles, please visit the Department of Commerce’s Privacy Shield website.
If you have a Privacy Shield-related complaint, please contact us using the information in the “Contact Us” section below. As part of our participation in Privacy Shield, if you have a dispute with us about our adherence to the Principles, we will seek to resolve it through our internal complaint resolution process. If we do not resolve your complaint, you may submit your complaint free of charge to JAMS, Mapbox’s designated independent dispute resolution provider. Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. Mapbox is subject to the investigatory and enforcement powers of the Federal Trade Commission.
If Mapbox shares personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on Mapbox’s behalf, then Mapbox will be liable for that third party’s processing in violation of the U.S. Privacy Shield Principles, unless Mapbox can prove that it is not responsible for the event giving rise to the damage.
April 14, 2017: Re-wrote the policy for the purposes of Privacy Shield certification.
January 20, 2016: Updated to reflect EU Safe Harbor invalidation.
July 24, 2015: We now participate in the EU Safe Harbor program.
July 6, 2015: Added clarification regarding third party services, mobile data collection and user age requirements.
March 27, 2015: Added guarantee that we will require a warrant for access to location information. Added exception to legal process requirements for life-threatening or similarly dire emergencies.