MapMedic

Legal

Privacy Policy

Effective May 28, 2026. Contact: g.luismazda@gmail.com

Short version: We collect the minimum data needed to run the service. We don't sell your data. We don't store raw payment cards. We don't train public AI models on your datalogs without consent. You can request deletion at any time using the form at the bottom of this page.

1. Who we are

MapMedic is operated by an individual developer based in the United States. For privacy questions, data access requests, or deletion requests, contact: g.luismazda@gmail.com

2. What data we collect and why

DataWhy we collect itWho provides it
Email address Account creation, passwordless sign-in, order confirmations, service notices You (during sign-in)
Pilot application details (name, role, vehicle, ECU platform, current issue, buying intent, consent timestamp) Determining qualified pilot participants; contacting applicants who consented You (apply form) — no payment required
Datalog content (KTuner CSV) Generating your diagnosis report You (file upload)
Datalog hash (SHA-256) Deduplication, idempotent report replay, before/after proof comparison Derived from your upload
Report content (vehicle description, safety status, finding, next action, confidence level) Delivering and storing your diagnosis; admin quality review; outcome tracking Generated by MapMedic from your datalog
Proof comparison data (before/after log hashes, improvement metrics, customer note) Validating real-world diagnosis outcomes; product improvement You (proof comparison submission, optional)
Payment identifiers (Stripe payment intent ID, subscription ID, invoice ID) Credit grant, refund reconciliation, chargeback defense Stripe (via webhook)
Session token hash (HMAC-SHA-256) Maintaining your signed-in session for 30 days Derived server-side at sign-in
Rate-limit hashes (salted SHA-256 / HMAC-SHA-256 of IP and email) Preventing abuse of sign-in codes, pilot intake, and privacy request forms; raw IP addresses are not stored Derived from your request
Billing review records (incident type, credits granted/consumed, Stripe payment reference) Fraud prevention, chargeback defense, legal compliance Derived from refund/dispute events
Anonymous browser identifier (mmu_… stored in your browser's localStorage) Per-browser usage analytics, AI request rate limiting, and saved diagnosis history Generated client-side on first visit; never tied to your name

We do not collect: raw IP addresses in any stored record (only salted hashes), payment card numbers (handled entirely by Stripe), names or personal details from datalogs beyond what you provide in the vehicle/issue fields, or location data beyond what Cloudflare derives from network routing.

3. How we use your data

We do not use your datalogs or report content to train publicly available AI models. We do not sell, rent, or share your personal data with advertisers or data brokers.

4. Data retention

Data typeRetention period
Pilot application recordsUp to 90 days from submission (automatically purged)
Rate-limit hashes (sign-in, intake, privacy requests)7 days
Sign-in codes (login challenges)10 minutes (expires unused), cleaned up daily
Session tokens30 days from sign-in, or until revoked
Privacy request recordsUp to 180 days to process and document the request
Account records (email, role, status)Until account deletion is requested and completed
Diagnosis reports and uploadsUntil account deletion is requested and completed
Credit ledger and grant records7 years (financial records required for tax and dispute compliance)
Stripe payment identifiers7 years (financial compliance)
Billing incident records7 years (fraud and dispute defense)

Pilot application records and anti-abuse records are purged automatically by a scheduled cleanup worker. Financial records cannot be deleted on request due to tax and chargeback compliance requirements, but are retained internally and not shared.

5. Third-party services

Stripe

All payments are processed by Stripe, Inc. Stripe receives your email address (for checkout), payment card data, and billing address. MapMedic receives only payment identifiers (no card numbers). Stripe is a PCI-DSS Level 1 certified processor. See Stripe's Privacy Policy.

Resend

Transactional emails (sign-in codes, order confirmations) are delivered via Resend, Inc. Resend receives your email address and the email content. See Resend's Privacy Policy.

Cloudflare

MapMedic is hosted on Cloudflare Pages and Workers. Cloudflare processes all web traffic and may log request metadata (IP addresses, timestamps, error codes) for security and performance purposes under their own data processing agreement. Diagnosis data is stored in Cloudflare D1 (US region). See Cloudflare's Privacy Policy.

Cloudflare Turnstile

Public forms use Cloudflare Turnstile for bot protection. Turnstile may collect browser signals to determine if a request is human. No personal data beyond what Cloudflare processes as the network host is sent to Turnstile.

Self-hosted Ollama (operator infrastructure)

When hosted AI is active, your datalog summary and report context are processed by a self-hosted Ollama instance running on operator-controlled infrastructure. The inference server is gated by a bearer token and is not shared with any third-party AI vendor. The operator never sells, shares, or uses your data to train any public model.

OpenAI (only when you provide your own API key)

If you choose to enter your own OpenAI API key in MapMedic settings, your messages are routed through the MapMedic proxy server to api.openai.com using that key. Your key is held only in your browser's localStorage and forwarded with the request; MapMedic does not store, log, or reuse it. While the request is in transit through our proxy, the message content and your key are visible to our infrastructure for the duration of the request. By providing your key you consent to OpenAI's data processing under OpenAI's Privacy Policy and Terms of Use.

Operator log archive (anonymous)

Diagnosis report metadata (vehicle profile, tune target, fuel-state summary, anonymous user key) is archived to the operator's controlled infrastructure for service-quality review and future model improvement. Raw datalog CSV content is not archived by default. Only an anonymous browser-derived user key is associated with archived records; your real-world identity is not linked. Archived content is not shared with third parties.

6. Your rights

Depending on where you live, you may have the following rights. Use the request form at the bottom of this page or email g.luismazda@gmail.com.

California residents (CCPA): You have the right to know what personal information is collected, the right to delete personal information (subject to financial record exceptions), and the right to opt out of the sale of personal information. We do not sell personal information.

EEA/UK residents (GDPR): Our legal basis for processing is contract performance (account and payment data), legitimate interest (security and fraud prevention), and consent (pilot follow-up communications). You may lodge a complaint with your local supervisory authority.

We aim to respond to verifiable requests within 30 days. Some requests may take up to 90 days where legally permitted.

7. Cookies and local storage

MapMedic uses an HttpOnly, SameSite=Strict, Secure session cookie (mm_session) to maintain your signed-in state. It contains only an opaque token and expires after 30 days. No third-party advertising cookies are set by MapMedic. Cloudflare may set its own security cookies.

MapMedic also stores the following in your browser's localStorage (not transmitted as cookies):

You can clear any of these at any time using your browser's site-data tools; signing out clears the session cookie.

8. Data security

We use industry-standard practices: HTTPS for all traffic, HMAC-signed session tokens, hashed and salted rate-limit identifiers, separated secrets (Stripe keys, auth secrets) stored in Cloudflare's encrypted secret store, and access controls on admin endpoints. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

9. Children

MapMedic is not directed at children under 13 and we do not knowingly collect personal data from children under 13. If you believe a child's data has been submitted, contact us for immediate deletion.

10. Changes to this policy

We may update this policy. The effective date at the top of this page reflects the latest revision. Material changes will be communicated by email to account holders before taking effect.

Request deletion, correction, or data access

Use the same email address associated with your pilot application or account. Requests are reviewed manually; submission does not automatically delete records without verification.