Legal
Privacy Policy
Effective May 28, 2026. Contact: g.luismazda@gmail.com
Short version: We collect the minimum data needed to run the service. We don't sell your data. We don't store raw payment cards. We don't train public AI models on your datalogs without consent. You can request deletion at any time using the form at the bottom of this page.
1. Who we are
MapMedic is operated by an individual developer based in the United States. For privacy questions, data access requests, or deletion requests, contact: g.luismazda@gmail.com
2. What data we collect and why
| Data | Why we collect it | Who provides it |
|---|---|---|
| Email address | Account creation, passwordless sign-in, order confirmations, service notices | You (during sign-in) |
| Pilot application details (name, role, vehicle, ECU platform, current issue, buying intent, consent timestamp) | Determining qualified pilot participants; contacting applicants who consented | You (apply form) — no payment required |
| Datalog content (KTuner CSV) | Generating your diagnosis report | You (file upload) |
| Datalog hash (SHA-256) | Deduplication, idempotent report replay, before/after proof comparison | Derived from your upload |
| Report content (vehicle description, safety status, finding, next action, confidence level) | Delivering and storing your diagnosis; admin quality review; outcome tracking | Generated by MapMedic from your datalog |
| Proof comparison data (before/after log hashes, improvement metrics, customer note) | Validating real-world diagnosis outcomes; product improvement | You (proof comparison submission, optional) |
| Payment identifiers (Stripe payment intent ID, subscription ID, invoice ID) | Credit grant, refund reconciliation, chargeback defense | Stripe (via webhook) |
| Session token hash (HMAC-SHA-256) | Maintaining your signed-in session for 30 days | Derived server-side at sign-in |
| Rate-limit hashes (salted SHA-256 / HMAC-SHA-256 of IP and email) | Preventing abuse of sign-in codes, pilot intake, and privacy request forms; raw IP addresses are not stored | Derived from your request |
| Billing review records (incident type, credits granted/consumed, Stripe payment reference) | Fraud prevention, chargeback defense, legal compliance | Derived from refund/dispute events |
Anonymous browser identifier (mmu_… stored in your browser's localStorage) |
Per-browser usage analytics, AI request rate limiting, and saved diagnosis history | Generated client-side on first visit; never tied to your name |
We do not collect: raw IP addresses in any stored record (only salted hashes), payment card numbers (handled entirely by Stripe), names or personal details from datalogs beyond what you provide in the vehicle/issue fields, or location data beyond what Cloudflare derives from network routing.
3. How we use your data
- Delivering diagnosis reports and managing your credit balance
- Authenticating your account and maintaining your session
- Processing payments and reconciling refunds through Stripe
- Contacting you about your pilot application if you gave consent
- Sending order confirmation emails when credits are fulfilled
- Reviewing report quality and flagging unsafe AI output
- Preventing fraud, abuse, and unauthorized credit consumption
- Complying with legal obligations (dispute documentation, law enforcement requests with valid legal process)
We do not use your datalogs or report content to train publicly available AI models. We do not sell, rent, or share your personal data with advertisers or data brokers.
4. Data retention
| Data type | Retention period |
|---|---|
| Pilot application records | Up to 90 days from submission (automatically purged) |
| Rate-limit hashes (sign-in, intake, privacy requests) | 7 days |
| Sign-in codes (login challenges) | 10 minutes (expires unused), cleaned up daily |
| Session tokens | 30 days from sign-in, or until revoked |
| Privacy request records | Up to 180 days to process and document the request |
| Account records (email, role, status) | Until account deletion is requested and completed |
| Diagnosis reports and uploads | Until account deletion is requested and completed |
| Credit ledger and grant records | 7 years (financial records required for tax and dispute compliance) |
| Stripe payment identifiers | 7 years (financial compliance) |
| Billing incident records | 7 years (fraud and dispute defense) |
Pilot application records and anti-abuse records are purged automatically by a scheduled cleanup worker. Financial records cannot be deleted on request due to tax and chargeback compliance requirements, but are retained internally and not shared.
5. Third-party services
Stripe
All payments are processed by Stripe, Inc. Stripe receives your email address (for checkout), payment card data, and billing address. MapMedic receives only payment identifiers (no card numbers). Stripe is a PCI-DSS Level 1 certified processor. See Stripe's Privacy Policy.
Resend
Transactional emails (sign-in codes, order confirmations) are delivered via Resend, Inc. Resend receives your email address and the email content. See Resend's Privacy Policy.
Cloudflare
MapMedic is hosted on Cloudflare Pages and Workers. Cloudflare processes all web traffic and may log request metadata (IP addresses, timestamps, error codes) for security and performance purposes under their own data processing agreement. Diagnosis data is stored in Cloudflare D1 (US region). See Cloudflare's Privacy Policy.
Cloudflare Turnstile
Public forms use Cloudflare Turnstile for bot protection. Turnstile may collect browser signals to determine if a request is human. No personal data beyond what Cloudflare processes as the network host is sent to Turnstile.
Self-hosted Ollama (operator infrastructure)
When hosted AI is active, your datalog summary and report context are processed by a self-hosted Ollama instance running on operator-controlled infrastructure. The inference server is gated by a bearer token and is not shared with any third-party AI vendor. The operator never sells, shares, or uses your data to train any public model.
OpenAI (only when you provide your own API key)
If you choose to enter your own OpenAI API key in MapMedic settings, your messages are routed through the MapMedic proxy server to api.openai.com using that key. Your key is held only in your browser's localStorage and forwarded with the request; MapMedic does not store, log, or reuse it. While the request is in transit through our proxy, the message content and your key are visible to our infrastructure for the duration of the request. By providing your key you consent to OpenAI's data processing under OpenAI's Privacy Policy and Terms of Use.
Operator log archive (anonymous)
Diagnosis report metadata (vehicle profile, tune target, fuel-state summary, anonymous user key) is archived to the operator's controlled infrastructure for service-quality review and future model improvement. Raw datalog CSV content is not archived by default. Only an anonymous browser-derived user key is associated with archived records; your real-world identity is not linked. Archived content is not shared with third parties.
6. Your rights
Depending on where you live, you may have the following rights. Use the request form at the bottom of this page or email g.luismazda@gmail.com.
- Access: Request a summary of the personal data we hold about you
- Correction: Request correction of inaccurate data in your pilot application or account
- Deletion: Request deletion of your pilot application data, account, and associated reports (financial records are retained as described in Section 4)
- Objection: Object to processing your data for pilot follow-up communications
- Portability: Request a copy of your diagnosis reports in JSON format
California residents (CCPA): You have the right to know what personal information is collected, the right to delete personal information (subject to financial record exceptions), and the right to opt out of the sale of personal information. We do not sell personal information.
EEA/UK residents (GDPR): Our legal basis for processing is contract performance (account and payment data), legitimate interest (security and fraud prevention), and consent (pilot follow-up communications). You may lodge a complaint with your local supervisory authority.
We aim to respond to verifiable requests within 30 days. Some requests may take up to 90 days where legally permitted.
7. Cookies and local storage
MapMedic uses an HttpOnly, SameSite=Strict, Secure session cookie (mm_session) to maintain your signed-in state. It contains only an opaque token and expires after 30 days. No third-party advertising cookies are set by MapMedic. Cloudflare may set its own security cookies.
MapMedic also stores the following in your browser's localStorage (not transmitted as cookies):
mmu_…— anonymous per-browser identifier used for usage analytics and AI rate limiting- Diagnosis history — your past report metadata so you can reopen earlier diagnoses (never sent to the server)
- Optional OpenAI API key — if you choose to bring your own key, it is held only in your browser (and transmitted only when you actively request AI inference)
You can clear any of these at any time using your browser's site-data tools; signing out clears the session cookie.
8. Data security
We use industry-standard practices: HTTPS for all traffic, HMAC-signed session tokens, hashed and salted rate-limit identifiers, separated secrets (Stripe keys, auth secrets) stored in Cloudflare's encrypted secret store, and access controls on admin endpoints. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.
9. Children
MapMedic is not directed at children under 13 and we do not knowingly collect personal data from children under 13. If you believe a child's data has been submitted, contact us for immediate deletion.
10. Changes to this policy
We may update this policy. The effective date at the top of this page reflects the latest revision. Material changes will be communicated by email to account holders before taking effect.
Request deletion, correction, or data access
Use the same email address associated with your pilot application or account. Requests are reviewed manually; submission does not automatically delete records without verification.