MapMatiX Application & Website Privacy Policy

Last updated: 08/27/2025

MapMatiX Inc. ("MapMatiX," "we," "us," and "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use and share personal information when you use our website and our services, including the MapMatiX automation and scheduling application (collectively, the "Services"). It also describes the choices you can make about your personal data. By using the Services, you agree to the practices described in this policy. If you do not agree, you should not use the Services.

1. How We Protect Personal Information

We employ technical, administrative and physical safeguards to protect personal information from unauthorized access or use. These measures include computer safeguards and secured files, and we restrict employee access to personal information to only those who need it for their work. We also require third-party service providers to protect your information. While we strive to secure your data, no method of transmission over the internet or electronic storage is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

2. Information We Obtain

We collect personal information when you interact with the Services. This may include:

  • Identifiers such as name, postal and email address, and phone number.
  • Usage data such as the pages you view and the actions you take on our website or in the application.
  • Information you provide through customer support interactions, surveys, questionnaires or other feedback.
  • Other information you choose to provide, such as in emails, social media posts, referrals or registration forms.

If you become a MapMatiX client, we may also have access to your sensitive business data while providing services. Access to such data is governed by your client agreement and our information security policies, and we do not retain or share that data beyond what is permitted in those agreements.

3. How We Use the Information We Obtain

We may use personal information for the following purposes:

  • To provide the Services, including operating and improving the application.
  • To personalize your experience and respond to inquiries.
  • To provide member support, quality assurance and customer service training.
  • To collect fees and amounts owed in connection with your business relationship with MapMatiX.
  • To protect against, identify and prevent fraud and other illegal activities.
  • To exercise our rights and defend against legal claims.
  • To comply with applicable laws and MapMatiX policies.

We may also use the information in other ways for which we provide specific notice at the time of collection.

4. Information We Share

We may share your information as follows:

  • With our affiliates, subsidiaries and business partners for everyday business purposes and (with your consent) for marketing.
  • With third-party vendors that perform services on our behalf, such as payment processors, analytics providers and customer support tools. These vendors are permitted to use data only as needed to perform their services.
  • To comply with applicable laws and regulatory requirements or respond to legal process.
  • To enforce our agreements, policies and terms of use, or to protect the rights, property or safety of MapMatiX, our users or others.
  • In connection with a merger, acquisition or other business transaction.

We do not “sell” or “share” personal information as those terms are defined under California law (including the California Consumer Privacy Act, as amended). We also do not exchange personal information with third parties for cross-context behavioral advertising. If our practices change, we will update this Privacy Policy and provide required opt-out mechanisms.

5. Third-Party Analytics & Interest-Based Advertising

We use third-party analytics services to better understand how our Services are used. We may also allow others to serve advertisements on our behalf across the Internet. These parties may use cookies, web beacons, device identifiers and similar technologies to collect information about your use of the Services and other websites, including IP address, browser, mobile network information, pages viewed and time spent. The Services are not designed to respond to “do not track” signals. To learn how to opt out of interest-based advertising, visit www.aboutads.info/choices.

6. Your Rights & Choices

You may exercise certain rights in connection with the personal information we collect. Federal law lets you limit some sharing of data for marketing purposes, but you cannot stop the sharing that is necessary for us to run our everyday business. For example, you may instruct us not to share your personal information with business partners so that they can market to you, but we may still need to share data with service providers to operate the Services. You can update your preferences, limit marketing communications or submit a request by contacting us as described in Section 10. You can also unsubscribe from marketing emails via the link provided in those emails.

If you are a MapMatiX user, you may update, correct or delete some of your account information by emailing us at matt@mapmatix.com. You may also deactivate promotional push notifications at any time.

7. Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will delete it and terminate the child’s account (if any). Parents who believe their child provided personal information may contact us using the details in Section 10 so we can delete it.

8. Links to Third-Party Services and Features

Our Services may provide links to other online services and may include third-party features such as apps, widgets or plug-ins. These services and features may operate independently from us and their privacy practices are subject to their own policies. We are not responsible for these third parties’ information practices.

9. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the policy. Changes will be effective when posted. Your continued use of the Services after we make changes indicates your acceptance of the updated policy.

10. How to Contact MapMatiX

If you have any questions or requests relating to this Privacy Policy, or wish to exercise your rights, please email us at matt@mapmatix.com.

11. California Consumer Privacy Rights

No Sale or Sharing. We do not sell or share personal information (as “sell” and “share” are defined under California law, including for cross-context behavioral advertising).

California Rights. California residents have the rights to know, delete, correct, and limit the use/disclosure of sensitive personal information, as well as to be free from discrimination for exercising these rights.

How to Exercise Your Rights. You may submit requests using the contact methods in Section 10. If our practices ever change to include selling or sharing, we will provide a “Do Not Sell or Share My Personal Information” control and honor user-enabled opt-out preference signals (Global Privacy Control).

Verification. We will verify requests as required by law before responding.

12. Google User Data

When you choose to connect your Google account to the MapMatiX application, we will request permission to access certain types of Google data. This section describes what data we collect from Google services, how we use it, how we share it, how we protect it, and how long we retain it, as required by Google’s App Privacy Policy requirements.

12.1 Data We Collect from Google Services

Depending on the functionality you choose, we may request the following Google API scopes:

Scope: https://www.googleapis.com/auth/calendar.freebusy
API: Google Calendar API (non-sensitive)
Purpose: View your calendar availability (free/busy slots) so we can show appointment times when others try to schedule with you.

Scope: https://www.googleapis.com/auth/calendar.events
API: Google Calendar API (sensitive)
Purpose: Create, edit, and delete events on your calendars when you schedule, reschedule, or cancel appointments through our Service.

Scope: https://www.googleapis.com/auth/business.manage
API: Google Business Profile APIs (My Business Business Information API, My Business Account Management API, My Business Place Actions API)
Purpose: View and manage your Google Business Profile information including business name, address, hours, phone and description and access permissions for business locations, and manage booking/form action links on your profile.

We only request these scopes when necessary to provide features you have asked for. For example, if you only use forms and do not connect a calendar, we do not request calendar scopes. We do not request or access any other Google user data.

12.2 How We Use Google User Data

We use the data obtained from Google solely to provide and improve user-requested features:

  • Scheduling and calendar management – We read your calendar’s free/busy information to display available time slots and create or modify calendar events when appointments are booked or cancelled.
  • Business profile management – We display your business information (such as name, address and business hours) within the app and allow you to update this information. We also create or update place action links (e.g., booking or form links) on your Google Business Profile so that your customers can schedule appointments or submit forms directly from your profile.

We do not use Google user data for advertising or marketing. We do not combine Google user data with other personal data for advertising or user profiling.

12.3 How We Share Google User Data

We do not sell Google user data. We only share Google user data with:

  • Service providers that help us operate the Services (e.g., hosting providers, error monitoring, email delivery). These providers act on our behalf and are contractually obligated to use data only as necessary to provide their services.
  • Google, when we send updates back to the Google Calendar or Google Business Profile APIs as part of the functionality you requested (e.g., creating an event or updating your business information).
  • Legal or regulatory authorities, if required to comply with law, enforce our agreements, or protect the rights and safety of MapMatiX, our users or others.

We do not transfer Google user data to third parties for advertising or marketing and do not use it for the prohibited purposes listed in Google’s policies.

12.4 Data Retention and Deletion

We retain Google user data only for as long as necessary to provide the Services and comply with legal obligations. In most cases, we store tokens that grant us access to your calendar or business profile for the duration of your connection to the Services. If you disconnect your Google account, we delete the associated tokens and stop retrieving data. We also delete cached copies of your Google data when no longer needed to provide the Services. You may request deletion of your data by contacting us as described in Section 10.

12.5 Data Security and Protection Measures

We implement security measures to protect Google user data, including encryption in transit, access controls and regular security assessments. Only authorized personnel have access to Google user data, and we review access periodically. We also follow Google’s user data policy requirements, which prohibit selling or using data for advertising.

12.6 User Control and Revoking Access

You can control the Google data you share with us by granting or revoking specific API scopes when you connect your Google account. You can disconnect your Google account at any time within the MapMatiX application or through your Google account’s security settings. Disconnecting will delete our access tokens and stop any future data collection or processing. You can also contact us to request deletion of data retrieved from Google services.

12.7 Compliance with Google Policies

Our use of Google APIs complies with Google’s limited-use requirements. We only use Google user data to provide or improve user-facing features; we do not transfer it to third parties except as described in this policy; and we do not use it for advertising or marketing. We will notify users through updates to this Privacy Policy if our data handling practices change.

13. Additional Information for Users in the EEA/UK/Switzerland (GDPR/UK GDPR)

Controller. MapMatiX Inc. is the “controller” of personal data processed in connection with the Services. Contact details appear in Section 10.

Purposes & Legal Bases. We process personal data for:

Providing the Services and customer support (contract, Art. 6(1)(b) GDPR);

Improving and securing the Services (legitimate interests, Art. 6(1)(f));

Compliance with legal obligations (legal obligation, Art. 6(1)(c));

• Activities for which we ask consent (consent, Art. 6(1)(a)).

Recipients. We disclose data to service providers and as otherwise described in Sections 4–5.

International Transfers. Where applicable, we use appropriate safeguards for transfers outside the EEA/UK, such as the EU Standard Contractual Clauses (SCCs) (Commission Implementing Decision (EU) 2021/914) and UK-approved mechanisms.

Retention. We retain personal data only as long as necessary for the purposes described (see Data Retention section below).

Your Rights. You may request access, correction, deletion, restriction, portability, or objection to processing, and where processing is based on consent, withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.

Automated Decisions. We do not engage in decisions producing legal or similarly significant effects based solely on automated processing without appropriate safeguards.

14. Data Retention

We retain personal data only as long as necessary for the purposes described below or as required by law, after which we delete or irreversibly anonymize it. Time frames are maximums; shorter periods may apply. (See also 12.4 for Google user data specifics.)

Account & Profile

  • Examples: Name, contact info, authentication identifiers
  • Typical retention: Life of account + 24 months after closure
  • Reason: Support, fraud prevention, recordkeeping

Billing & Transactions

  • Examples: Invoices, payment records
  • Typical retention: 7 years
  • Reason: Tax/accounting obligations

Product Telemetry & Server Logs

  • Examples: IP, device info, event logs
  • Typical retention: 30–90 days (default 30)
  • Reason: Security, debugging, abuse prevention

Support & Communications

  • Examples: Emails, tickets, chat transcripts
  • Typical retention: 24 months
  • Reason: Service history, training, dispute resolution

Backups

  • Examples: Encrypted system backups
  • Typical retention: Up to 35 days (rotating)
  • Reason: Disaster recovery

Marketing Contacts

  • Examples: Email subscription lists
  • Typical retention: Until you unsubscribe (then a suppress list is kept indefinitely to honor opt-outs)
  • Reason: Compliance with marketing laws

Derived/Analytics Data

  • Examples: Aggregated or de-identified metrics
  • Typical retention: Indefinite (non-identifiable)
  • Reason: Trend analysis, service improvement

Google OAuth Tokens

  • Examples: Access/refresh tokens
  • Typical retention: Until you disconnect or are inactive for 6 months, then revoked and deleted
  • Reason: Provide integrations; user control (see 12.6)

We periodically review these periods and may shorten them. When a retention period ends, we delete or irreversibly anonymize the data.