Privacy Policy

1. Scope

This Privacy Policy explains how RadMaps Studio ("RadMaps," "we," "us," and "our") collects, uses, shares, and protects information when you use radmaps.studio, create an account, import routes, design maps, place orders, contact support, or use related features.

2. Information We Collect

The information we collect depends on how you use RadMaps:

• Account and contact information: email address, name, authentication provider details, profile metadata, and login/session information.
• Route and map content: GPX files, GeoJSON, route geometry, Strava activity metadata you authorize, elevation and distance stats, map titles, labels, poster text, style settings, print size, colors, fonts, uploaded logos or images, generated previews, public-share settings, and rendered proof or final artwork.
• Order and fulfillment information: products, quantities, prices, discounts, shipping quotes, tax amounts, currency, recipient name, email, shipping address, phone number if provided, delivery estimates, tracking details, Gelato fulfillment IDs, Stripe customer/session/payment identifiers, receipt URLs, refund records, dispute records, and fraud or manual-review signals.
• Support and administration information: messages you send us, order lookup details, staff notes, timeline events, support actions, refund or replacement decisions, and email delivery logs.
• Technical information: IP address, browser and device details, pages or API routes requested, timestamps, error logs, security events, feature-flag state, rendering diagnostics, and operational logs from hosting, database, queue, email, and fulfillment providers.
• Local device information: saved theme preferences, temporary editor state, and session-related data stored in cookies or local storage when needed for authentication, preferences, checkout, feature flags, and app operation.

3. Information From Connected Services

If you sign in with Google or connect Strava, those services provide information according to your authorization and their own policies. For Strava, we request activity-read permission by default and request private activity access only if you choose the private-activity connection option. We may receive your Strava athlete ID, name, activity list, activity name, sport type, distance, elevation, date, moving time, summary route data, photos thumbnails, and detailed streams for the specific activity you choose to import.

Map and tile providers may receive tile requests from your browser or from our rendering workers, including IP address, browser information, and map tile or viewport coordinates. We do not intentionally send your complete GPX file to tile providers, but tile requests can reveal the approximate area being viewed or rendered.

4. How We Use Information

We use information to:

• create and manage accounts, sessions, saved maps, and order history;
• import, parse, validate, display, style, render, and share maps at your direction;
• quote shipping, calculate order totals, process payments, collect tax where configured, issue receipts, refunds, and dispute records;
• print, fulfill, ship, track, replace, or refund orders;
• send transactional emails, order updates, support responses, and security notices;
• operate support tools, staff timelines, manual review, fraud prevention, and abuse detection;
• debug errors, improve reliability, protect RadMaps and customers, and comply with legal, accounting, tax, security, and provider obligations;
• provide optional experimental or AI-assisted features when you use them.

5. When We Share Information

We share information only as needed for RadMaps to work, for you to direct a public share or checkout, or for legal and security reasons:

• Service providers: hosting, database, storage, authentication, payment, tax, print fulfillment, shipping, rendering, map/tile, email, security, logging, and support providers may process information for us.
• Checkout and fulfillment partners: Stripe receives payment, customer, tax, receipt, and checkout information; Gelato receives order, product, shipping, recipient, and print-file information needed to produce and ship orders.
• Connected services: Strava and Google process your data according to the permissions you grant them and their policies. Strava may monitor and use data related to our API access as described in Strava's API terms.
• Public sharing: if you make a map public, people with the link may see the public title, route, preview, style, and related metadata.
• Legal and safety: we may disclose information to comply with law, enforce our terms, respond to lawful requests, prevent fraud or abuse, protect rights and safety, or handle business transfers such as a merger, acquisition, financing, or sale of assets.

6. Strava Data

Strava connection is optional. We use Strava data only to authenticate your Strava-linked account, show your authorized activities, import the activity you choose, create map artwork, provide support, and maintain service security. We do not sell Strava data, use Strava data for targeted advertising, disclose Strava data to other users without your direction, or use Strava data for AI or machine-learning model training.

Strava access and refresh tokens are stored encrypted. You can disconnect Strava from RadMaps in the create flow, which attempts to deauthorize RadMaps with Strava and deletes local Strava tokens. You can also revoke access from your Strava connected apps settings. Disconnecting Strava stops future imports but does not automatically delete maps, proof images, final renders, orders, or accounting records already created from imported activity data. You can delete eligible draft maps in your account or contact us to request deletion.

7. Cookies, Local Storage, and Analytics

We use cookies and local storage for authentication, session security, redirect handling, saved design preferences, feature flags, checkout flow, and app reliability. We do not currently use third-party advertising cookies or sell/share personal information for cross-context behavioral advertising. If we add analytics, advertising, or marketing cookies later, we will update this Policy and provide any consent or opt-out controls required by law.

8. Retention

We keep information for as long as needed to provide RadMaps, maintain your account and maps, fulfill orders, provide support, protect the service, comply with legal, tax, accounting, chargeback, fraud-prevention, and provider obligations, and resolve disputes. Draft maps can generally be deleted from your account. Ordered maps, immutable order snapshots, proof and final renders, transaction records, refunds, disputes, shipment records, and support notes may be retained longer because they are tied to production, payment, tax, audit, and customer-support obligations.

Backup copies and logs may persist for a limited period after deletion before they are overwritten or expire. We may retain de-identified or aggregated information that no longer identifies you.

9. Your Choices and Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain personal information. You may also have the right to appeal a privacy-rights decision or lodge a complaint with a privacy regulator. To make a request, email support@radmaps.studio.

We may need to verify your identity before acting on a request. Some requests may be limited by law, security, fraud prevention, other people's privacy, payment and tax records, active disputes, fulfillment obligations, backups, or the need to complete a transaction you requested.

10. California and Other U.S. State Privacy Rights

We do not sell personal information and do not share personal information for cross-context behavioral advertising. If applicable state privacy laws give you rights to know, access, correct, delete, obtain a portable copy, opt out of sale/share/targeted advertising, limit certain sensitive-personal- information uses, or avoid discrimination for exercising rights, you can contact us at support@radmaps.studio.

Route geometry and shipping addresses can be sensitive because they may reveal location information. We use that information to provide RadMaps, fulfill orders, secure the service, and support you, not to infer unrelated characteristics or target ads.

11. EEA, UK, and Swiss Users

If European, UK, or Swiss data protection laws apply, our legal bases may include performance of a contract, legitimate interests, consent, and legal obligations. Examples include providing accounts and orders, processing payments and fulfillment, securing the service, preventing fraud, responding to support requests, complying with tax and accounting requirements, and processing Strava data when you authorize it.

RadMaps is operated from the United States, and our providers may process information in the United States and other countries. Where required, we use appropriate transfer mechanisms or rely on provider safeguards.

12. Security

We use administrative, technical, and organizational measures designed to protect personal information, including HTTPS, limited staff access, authentication controls, signed render payloads, webhook verification, encrypted Strava token storage, provider security controls, and operational monitoring. No system is perfectly secure, so we cannot guarantee absolute security.

13. Children

RadMaps is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 provided information to RadMaps, contact us and we will take appropriate steps to delete it.

14. Changes

We may update this Privacy Policy as RadMaps changes or legal requirements evolve. The "Last updated" date shows when this Policy was last revised. Material changes will be handled with additional notice or consent where required by law.

15. Contact

For privacy questions or requests, email support@radmaps.studio.