← Back to CostMaps

Privacy Policy

Last Updated: January 1, 2026

Template Notice

This is a template document and must be reviewed by a qualified attorney before use in production. Do not rely on this template as legal advice.

1. Introduction

CostMaps ("we," "us," or "our") operates CostMaps (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

Contact Information:

Email: privacy@costmaps.com

Data Protection Officer: dpo@costmaps.com

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (encrypted), name (optional)
  • Billing Information: Company name, billing address
  • Payment Information: Processed by Stripe (not stored by us)
  • Communications: Support requests, feedback, surveys

2.2 Information Automatically Collected

  • Usage Data: API requests, pages visited, features used
  • Technical Data: IP address, browser type, operating system, device information
  • Performance Data: Error logs, performance metrics

3. How We Use Your Information

Service Delivery

Provide access to CostMaps, process API requests, manage subscriptions

Account Management

Authenticate identity, process payments, respond to support

Service Improvement

Analyze usage, fix bugs, develop new features

Security

Detect abuse, monitor suspicious activity, enforce Terms

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Contractual Necessity: Performance of our Terms of Service
  • Legitimate Interests: Service improvement, fraud prevention, marketing
  • Legal Obligation: Compliance with laws, tax requirements
  • Consent: Marketing communications, optional cookies

5. Data Sharing and Disclosure

We do not sell your personal information.

We share data with:

Infrastructure Providers

Cloud hosting, database hosting, CDN services

Payment Processing

Stripe (payment processing)

Analytics

Google Analytics (with IP anonymization), error tracking

6. Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days
API usage logs90 days (Enterprise: 1 year)
Payment records7 years (legal requirement)
Support tickets3 years

7. Your Rights and Choices

Access & Portability

Request a copy of your data in portable format

Email: privacy@costmaps.com

Rectification

Correct inaccurate information

Update in account settings

Erasure (Right to be Forgotten)

Request deletion of your data

Settings → Delete Account

Object to Processing

Object to marketing or automated decisions

Unsubscribe links or contact us

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. For EEA users, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Children's Privacy (COPPA)

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

10. Security Measures

Technical Measures

  • • Encryption in transit (HTTPS/TLS)
  • • Encryption at rest for sensitive data
  • • Secure password hashing (bcrypt)
  • • Regular security audits

Organizational Measures

  • • Access controls (least privilege)
  • • Employee training
  • • Confidentiality agreements
  • • Incident response procedures

11. Cookies and Tracking

We use cookies and similar technologies to remember your preferences, authenticate sessions, and analyze usage. See our Cookie Policy for detailed information.

12. California Privacy Rights (CCPA)

Your California Rights:

  • Right to Know: Request disclosure of data collected about you
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate for exercising rights

How to Exercise: Email privacy@costmaps.com (45-day response time)

13. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours (as required by GDPR) and provide information about the breach and steps to protect yourself.

14. Contact Us

Privacy Inquiries: privacy@costmaps.com

Data Protection Officer: dpo@costmaps.com

Support: support@costmaps.com

Response Time: 5-7 business days (general), 30 days (data requests)

This Privacy Policy is compliant with GDPR, CCPA, LGPD, and other major privacy regulations. For the complete policy including all sections, please contact privacy@costmaps.com.

Questions? Contact us