Privacy Policy
Last updated: March 18, 2026
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, create an account, or use our Services. This Privacy Policy is part of and subject to our Terms of Service. Capitalized terms not defined herein have the meanings set forth in the Terms of Service.
For information about how we process data on behalf of our business Customers (as a processor or sub-processor), please see our Data Processing Addendum.
1. Information We Collect
Information You Provide
We collect information you voluntarily provide, including:
- Account information: name, email address, company name, and password when you create an account
- Billing information: payment card details and billing address when you purchase services (processed by our payment provider)
- Communications: information you provide when you contact us for support or other inquiries
- Newsletter subscriptions: email address if you subscribe to our mailing list
Information Collected Automatically
When you visit our website or use our dashboard, we automatically collect:
- Usage data: pages visited, features used, and actions taken
- Device information: browser type, operating system, and device identifiers
- Log data: IP address, access times, and referring URLs
- Analytics data: aggregated information about website usage via privacy-focused analytics; IP addresses are anonymized within our analytics system and are not stored in full
Cookies
We use first-party, strictly necessary cookies on our client dashboard for authentication and session management. Our marketing website and API endpoints do not use cookies; end users of applications built with our services never receive cookies from Stadia Maps. We do not use third-party tracking cookies, advertising cookies, or cross-site tracking technologies on any of our properties.
2. How We Use Your Information
We use your information for the following purposes:
- Provide services: to create and manage your account, process payments, and deliver our services
- Communicate: to respond to inquiries, send service-related notices, and provide customer support
- Improve: to analyze usage patterns and improve our website and services
- Security: to detect, prevent, and address fraud, abuse, and security issues
- Legal compliance: to comply with applicable laws and legal obligations
- Newsletter: to send our newsletter if you subscribe
3. Legal Basis for Processing (EEA, UK, and Swiss Users)
If you are in the European Economic Area, United Kingdom, or Switzerland, our legal basis for processing your information depends on the type of data and context:
| Purpose | Legal Basis |
|---|---|
| Providing services and account management | Performance of contract |
| Processing payments | Performance of contract |
| Customer support | Performance of contract / Legitimate interest |
| Security and fraud prevention | Legitimate interest |
| Website analytics | Legitimate interest |
| Newsletter | Consent |
| Legal compliance | Legal obligation |
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share your information only with the following categories of recipients:
Service Providers
We use third-party service providers to help operate our business. Data sharing with these providers is limited and purpose-specific; not all providers receive all categories of personal data.
| Provider | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | United States |
| Fastmail Pty Ltd | Email communications | Australia |
| Pipedrive OÜ | Customer relationship management | Estonia |
| Xero Limited | Invoicing and accounting | New Zealand |
| Matomo (InnoCraft Ltd) | Website analytics (IP anonymized) | European Union |
| Sentry (Functional Software, Inc.) | Error tracking | United States |
| Mailchimp (Intuit Inc.) | Email newsletter | United States |
| Mailgun Technologies, Inc. | Transactional email | United States |
| Notion Labs, Inc. | Internal documentation | United States |
| Zulip, Inc. | Internal communication | United States |
Legal Requirements
We may disclose your information if required by law or in good faith belief that such action is necessary to:
- Comply with legal obligations or respond to lawful requests
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing
- Protect the safety of our users or the public
Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to applicable data protection laws.
5. International Data Transfers
Stadia Maps is based in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States and other countries where our service providers operate.
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Other lawful transfer mechanisms as appropriate
Some of our service providers may independently rely on the EU-US Data Privacy Framework or other adequacy mechanisms for transfers they receive.
6. Data Retention
We retain your information for as long as your account is active or as needed to provide services. After account closure, we retain information as follows:
- Account data: deleted within 30 days of account closure, except as required for legal or security purposes
- Billing records: retained as required by tax and accounting laws and our service providers' retention policies
- Server logs: approximately 7-14 days
- Analytics data: aggregated and anonymized; retained indefinitely
7. Your Rights
Depending on your location, you may have the following rights:
- Access: request a copy of the personal information we hold about you
- Correction: request correction of inaccurate information
- Deletion: request deletion of your personal information
- Portability: request your data in a portable format
- Objection: object to processing based on legitimate interests
- Restriction: request restriction of processing
- Withdraw consent: withdraw consent for processing based on consent (such as our newsletter)
To exercise these rights, contact us at legal@stadiamaps.com. We will respond within 30 days (or sooner if required by applicable law).
EEA, UK, and Swiss Residents
If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.
California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than providing our services.
Other US States
Residents of other US states may have similar rights under applicable state privacy laws. To exercise any privacy rights, contact us at legal@stadiamaps.com.
8. Children's Privacy
You must be at least 13 years old to create an account. If you are under 18, a parent or legal guardian must create the account on your behalf and agree to this Privacy Policy and our Terms of Service.
We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete it promptly. If you believe we have collected information from a child under 13, please contact us.
9. Security
We implement appropriate technical and organizational measures to protect your information, including encryption in transit and at rest, access controls, and regular security assessments. While no system is completely immune to risk, we continuously work to protect your data.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will use reasonable efforts to provide advance notice by email (using the address associated with your account) or by posting a prominent notice on our website before the change becomes effective. We will update the "Last updated" date at the top of this policy. Your continued use of our services after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Email: legal@stadiamaps.com
Mail: Stadia Maps, Inc. 1690 Watertower Place Ste 100 #216 East Lansing, MI 48823 United States
13. Data Processing for Business Customers
If you are a business customer using our APIs, we process data on your behalf as a processor or sub-processor. That relationship is governed by our Data Processing Addendum, not this Privacy Policy.