Privacy & Cookie Policy – Mapit

Last updated: October 4, 2025

This document is a Privacy & Cookie Policy. By visiting the Website or using the Platform, you agree to this Privacy & Cookie Policy and our Terms of Service (see Article 1).

1. Who We Are & Roles
   Mapit B.V. (“Mapit,” “we,” “us,” or “our”) is registered in The Netherlands and acts as data controller for Website data and most Platform account data. For enterprise customers, we may act as data processor under a separate Data Processing Agreement (DPA). Enterprise customers may request our DPA.
   Contact: privacy@mapit.to
   Address: Ferdinand Bolstraat 101, 1072 LE Amsterdam, The Netherlands

2. Scope
   This Policy applies to:
   • Visitors to our Website; and
   • Registered Platform users (e.g., admins, finance professionals, and invited teammates).

3. Data We Collect
   We may collect and process:
   • Account and identity data: name, email, job title, password hash;
   • Company and subscription data: vendors, plans, invoices, spend details;
   • Billing information: billing contact, VAT number, payment status;
   • Usage and technical data: IP address, browser, device type, log events;
   • Support and communications: emails, chat messages, support tickets;
   • Marketing preferences: newsletter sign-ups, campaign tracking;
   • Integration data from systems you connect (e.g., Google Workspace).

4. How We Collect Data
   We collect data:
   • Directly from you when you register, contact us, or use the Platform;
   • Automatically through cookies and analytics tools;
   • From integrations you connect and authorize.

5. Purposes & Legal Bases (GDPR)
   We process personal data for:
   • Providing and maintaining the Platform — performance of a contract (Art. 6(1)(b));
   • Account management and support — performance of a contract and our legitimate interest in service quality (Art. 6(1)(b), (f));
   • Billing, invoicing, and tax compliance — legal obligation (Art. 6(1)(c));
   • Product improvement and analytics — legitimate interest in usability and performance (Art. 6(1)(f));
   • Marketing communications — consent or legitimate interest for existing customers (Art. 6(1)(a) or (f));
   • Security, fraud prevention, and compliance — legitimate interest or legal obligation (Art. 6(1)(f)/(c)).

6. Sharing & Disclosure
   We share personal data only where necessary and under strict agreements with:
   • Service providers (e.g., hosting, analytics, CRM, payments);
   • Professional advisors and auditors bound by confidentiality;
   • Competent authorities when required by law or to protect legal rights.
   All processors operate under GDPR-compliant Data Processing Agreements (DPAs).

7. International Transfers
   If data is transferred outside the EU/EEA, we implement Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure adequate protection.

8. Retention
   We keep data only as long as needed:
   • Account data — subscription term plus 30 days;
   • Billing records — 7 years (legal requirement);
   • Logs — 90 to 365 days (security);
   • Marketing data — until consent is withdrawn.
   After these periods, data is deleted or anonymized.

9. Cookies & Similar Technologies
   9.1 What Are Cookies
   Cookies are small text files stored on your device to operate the site, remember preferences, and improve performance.
   9.2 Types We Use
   • Essential cookies — necessary for website security and basic operation (login, session, load balancing). These cannot be disabled.
   • Functional cookies — remember user choices (e.g., language preference or login status).
   • Analytics cookies — collect anonymized usage data to understand traffic and improve performance (e.g., Google Analytics with IP anonymization).
   • Marketing cookies — track visits across websites to deliver relevant content or ads (e.g., LinkedIn Insight Tag, Meta Pixel). Used only with your consent.
   9.3 Legal Basis & Consent
   • Essential cookies: legitimate interest (necessary for the site to function).
   • Analytics and marketing cookies: used only with your explicit consent, which you can withdraw at any time through our cookie banner or browser settings.
   9.4 Managing Cookies
   You can change or withdraw consent at any time via the cookie banner “Cookie Settings” link or browser settings. Withdrawing consent does not affect essential cookies. Blocking essential cookies may limit functionality.

10. Your Rights
    You may request access, correction, deletion, restriction, or portability of your data; object to processing; or withdraw consent. You can also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
    Contact: privacy@mapit.to

11. Security
    We apply appropriate technical and organizational measures (including encryption, access controls, monitoring, and regular updates) to protect data. While no system is completely secure, Mapit continually improves its safeguards.

12. Children
    Our services are for business use and are not directed to children under 16. We do not knowingly collect data from minors.

13. Third-Party Links
    Our Website may link to third-party sites or services. Mapit is not responsible for their privacy practices or content.

14. Updates to This Policy
    We may update this Policy from time to time. The “Last updated” date reflects the latest version. Material changes will be communicated on the Website or within the Platform.

15. Contact
    Mapit B.V.
    Ferdinand Bolstraat 101, 1072 LE Amsterdam, The Netherlands

    BTWnr. NL 866148097B01. KVKnr. 92708714

    BTW
    Privacy: privacy@mapit.to
    General: hello@mapit.to]