Back to home

Privacy Policy

Last updated: 2026-05-14

1. Introduction

Mapping Travel ("Company", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise handle personal information in connection with our website, dashboard, and hotel property matching API (collectively, the "Service").

This Privacy Policy applies to information we collect through the Service and supplements any privacy notice provided to you in a specific context.

2. Information We Collect

We collect information that you provide directly, information collected automatically when you use the Service, and information from third parties.

  • Account information: name, email, password (hashed), organization name, role.
  • Billing information: company name, billing address, VAT/tax ID, payment method details handled by our payment processor (Stripe). We do not store full card numbers.
  • Customer Data: hotel inventory files, identifiers, and metadata you submit to the Service.
  • Usage data: API calls, dashboard interactions, IP address, device and browser information, log timestamps, referring URLs.
  • Support communications: messages you send through email, in-product chat (Intercom), or contact forms.
  • Cookies and similar technologies: see our Cookie Policy.

3. How We Use Your Information

We process personal information to:

  • Provide, operate, secure, and improve the Service.
  • Process payments, manage subscriptions, and send transactional communications such as receipts and service notices.
  • Respond to support requests and communicate with you about updates and changes.
  • Detect, prevent, and respond to fraud, abuse, security incidents, and other malicious activity.
  • Comply with legal obligations, enforce our Terms, and protect our rights and the rights of others.
  • With your consent, send marketing communications you can unsubscribe from at any time.

4. Legal Bases for Processing

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar requirements, we rely on the following legal bases:

  • Performance of a contract: to provide the Service you have subscribed to.
  • Legitimate interests: to operate, secure, and improve the Service, and to communicate with customers.
  • Consent: where required, for example for marketing emails or non-essential cookies.
  • Legal obligation: to comply with applicable laws and regulatory requests.

5. How We Share Information

We do not sell personal information. We share information only in the following circumstances:

  • Sub-processors and service providers who help us operate the Service, including infrastructure (AWS), payments (Stripe), authentication (Clerk), error monitoring (Sentry), analytics (PostHog), and customer support (Intercom). These providers are bound by contractual confidentiality and data protection obligations.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
  • Legal requirements: to comply with applicable law, valid legal process, or government requests, or to protect our rights and the safety of others.
  • With your consent or at your direction.

6. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained according to your subscription and the data retention configuration of your plan, and we may delete or anonymize data after termination subject to legal retention requirements (for example, invoicing records).

7. International Transfers

Personal information may be processed in countries other than your country of residence, including the United States. When we transfer personal information across borders, we use appropriate safeguards such as standard contractual clauses where required by law.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include:

  • TLS encryption for data in transit.
  • Encryption at rest for sensitive data and backups.
  • Access controls, least-privilege provisioning, and audit logging for production systems.
  • Regular security reviews, dependency scanning, and incident-response procedures.

9. Your Rights

Depending on where you live, you may have rights regarding your personal information, including the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your personal information.
  • Restrict or object to certain processing.
  • Receive your information in a portable, machine-readable format.
  • Withdraw consent, where processing is based on consent.

10. Children

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact privacy@mapping.travel.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, regulatory, or operational reasons. We will update the "Last updated" date and, for material changes, provide additional notice (such as an email or in-product banner).

12. Contact

If you have questions about this Privacy Policy or our practices, contact us at privacy@mapping.travel.

Questions?

Reach out to our team at legal@mapping.travel

Back to Home