Privacy Policy

Effective Date: March 23, 2026

Welcome to MapMyMemories. This Privacy Policy describes how we collect, use, and share your information when you visit our website. By using our Service, you consent to the data practices described in this policy. This policy also serves to fulfill the requirements of the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Data Controller

The Data Controller is Federico Garzia, located in Bolzano, Italy. For privacy concerns or to exercise your rights, please contact the Data Controller at support@mapmymemories.xyz.

2. Information We Collect and Legal Basis

  • Device Information: We automatically collect information about your device, web browser, IP address, and time zone via Cookies and Google Analytics. The legal basis is our legitimate interest (for technical operations) and your explicit consent (for analytics).
  • Map Data: We process the location data (cities, routes) you enter strictly to generate your map. This data is processed temporarily in your browser and via our mapping provider (Mapbox). The legal basis is the performance of a contract or steps at your request to provide the map rendering service.

3. How We Use Your Data

We use the collected data to:

  • Provide and maintain the Service (generating and displaying maps).
  • Analyze usage trends to improve the user experience (via Google Analytics).
  • Ensure the security and proper functioning of our website.

4. Third-Party Sharing

We do not sell your data. We share data only with the following technical partners as strictly necessary:

  • Vercel: For website hosting and server infrastructure.
  • Mapbox: To render map tiles and provide geocoding (finding locations).
  • Google Analytics: To anonymously track website traffic and user behavior.
  • Paddle: To process payments as our Merchant of Record. Paddle handles billing, invoicing, and tax compliance. (UK — EU adequacy decision).
  • EmailJS: To deliver contact form submissions to our support email. (USA — Standard Contractual Clauses).
  • OpenAI: To generate travel itinerary suggestions based on your text descriptions. Your input prompts are sent to OpenAI's API (USA). OpenAI may retain data as described in their privacy policy (openai.com/privacy). The legal basis is the performance of the contract.
  • Firebase (Google): For user authentication. Login data is processed by Google under Google Cloud terms.
  • Upstash: For server-side rate limiting and job queue management. Data processed is limited to anonymous IP addresses.
  • Wikimedia Commons / Openverse: To retrieve openly-licensed images for travel brochures. Searches are performed using location data (city names).

5. Data Retention

We retain data for the minimum period necessary:

  • Server logs (Vercel): Depends on hosting plan (Hobby: 1 hour, Pro: 1 day). No long-term log storage unless explicitly configured.
  • Analytics data (Google Analytics): 14 months, configurable in GA4 settings.
  • Payment transactions: Minimum data (transaction ID, product, amount, timestamp) retained for 10 years as required by Italian tax law.
  • Contact form messages (EmailJS): 12 months, then deleted.
  • Cookie consent preferences: 12 months (stored locally in your browser via localStorage).
  • Map data: Processed in-session only. No persistent storage of your routes or locations.

6. User Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the right to access the personal information we hold about you and to ask that your personal information be corrected, updated, or deleted (Articles 15-22 GDPR). You also have the right to restrict processing, object to processing, and data portability. As we do not collect accounts or logged data, applying these rights is limited to identifying your IP or cookies. Please email us to make such requests or to withdraw consent.

7. Contact Us

For privacy concerns, please contact us at support@mapmymemories.xyz, or file a complaint with your local Data Protection Authority.