Privacy Policy

We respect your right to privacy and will only process your personal information in accordance with applicable data protection and privacy laws.

In this Privacy Policy, "we," "us," "its" and "our" refer to Mapillary AB ("Mapillary"), organized under the laws of Sweden. Please read carefully this Privacy Policy ("Policy") relating to your submission of Content (as defined in Mapillary’s Terms of Use) to and use of Mapillary applications, services and websites. Other terms used with a capital initial letter are defined in the associated Terms of Use or the associated Mapillary Marketplace Terms.

A. Introduction

This Policy explains how Mapillary collects, stores, uses and discloses information from you when you submit Content to and use Mapillary products, services, mobile applications and websites. This Policy applies to users of the Mapillary "Service", defined as the services, APIs, and functionality we make available either through our website at www.mapillary.com and related site pages, including https://www.mapillary.com/app (the "Website"), via private sites or repositories, or through third party sites that utilize our services and functionality, as well as through our mobile application (the "App").

This Policy does not apply to websites, applications, or services that do not display or link to this Policy or that display or link to different privacy statements; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage.

It may be possible for you to browse certain parts of the Website without telling us who you are or revealing any information that enables us to directly identify you as an individual. However, you may lose anonymity once you give us personal information about you. In particular and as applicable, this applies to any personal data you voluntarily submit in your bio/profile page and the geolocation data indexed to photos submitted.

B. Information Collected

We collect information in various ways when you use our Service and as set forth in the Terms of Use. Some of this information may be Personal Data attributable to you. As used in this Policy, "Personal Data" means any information (either alone or in combination with other information we hold) that directly or indirectly may be used to identify or identifies you as an individual, such as your name, address and physical location, account numbers, email addresses, or telephone numbers. If there is data that could be understood as Personal Data included in Content, e.g. faces of individuals or license plates of vehicles, we use automatic blurring of faces and plates to avoid any identification of individuals before posting on the Website. As this is an automated process, we welcome any requests or comments if there is something we missed, by e-mail to support@mapillary.com.

As well as Personal Data, we also collect some information that is not personally identifying, including aggregate information, which is data we collect about use of the Service or about a group or category of users from which it is not possible to identify you (“Nonpersonal Data”; together with Personal Data, collectively "Information").

Personal Data

When you register for an account, and in the course of your use of the Service, we collect and process the following Personal Data attributable to you as a user:

  1. your sign-on credentials (email and hashed password);
  2. email address;
  3. username;
  4. any profile or biographical information you elect to provide;
  5. any Personal Data revealed in your Content;
  6. IP-address and cookies;
  7. data regarding your usage of the Website or the App;
  8. statistics of activities like number of images uploaded or edited;
  9. geolocation data included in Content that you have submitted;
  10. if applicable, financial information, including credit card and/or bank account numbers, that you provide to us in exchange for your commercial use of the Service as agreed in writing separately between us; and
  11. live geolocation data (within the scope of the Mapillary Marketplace or Capture Projects).

If you visit our website without being a registered user of the Service, we collect and process the following Personal Data attributable to you:

  1. geolocation data (where permitted by browser);
  2. pixel tags and web beacons; and
  3. IP-address and cookies.

Nonpersonal Data

When you use our Service, we automatically collect Nonpersonal Data sent to us by your computer, mobile device or other access device, such as a device ID or unique identifier, device type, model and brand, geo-location information, computer, network and connection information, access times, operating system and browser version, type and language, and the website you visited before our Website. We also collect Nonpersonal Data about your usage and activity on the Service, and in the form of Metadata (as that term is defined in the Mapillary Terms of Use). This Policy does not restrict or limit our collection and use of Nonpersonal Data.

Cookie Policy

The Service may utilize "cookies", which are small text files placed on your computer or device. We may also use pixel tags, web beacons and other similar technologies. Such devices are used to help analyze our web page flow, customize our services, optimize our user interfaces, measure promotional effectiveness, and promote trust and safety. With these devices, we collect data such as the identity of the applicable internet service provider, the user's IP address of his or her terminal device, the type of browser software and operating system in use, the date and time of site access, the website address, if any, from which the user linked to the Website, and other similar traffic-related information. We may also aggregate such information with similar data collected from other users and disclose such aggregate information to third parties. Certain features are only available through the use of cookies, and generally we need to use cookies to help identify and maintain your signed-in status. You are always free to decline Mapillary cookies via your browser settings, although doing so may interfere with your use of the Service. You may encounter cookies from non-affiliated third parties on certain pages of the service. To learn more about cookies, please visit allaboutcookies.org.

Here is a list of the cookies that will be used and installed as essential, as well as those that may be used and installed on your computer or device with your consent (optional).

Purpose Source Type
User authentication Mapillary Essential
Site analytics Google Optional
Site analytics Mixpanel Optional

User authentication—these cookies allow us to customize the Website based on your login status (i.e. whether you're signed in or signed out of your Mapillary account).

Site analytics—these cookies help us to understand how visitors use our Website, so we can improve how the Website works.

C. Our Use of Information

We use Information collected through our Service for the purposes and as described in this Policy, as disclosed to you on our App and as set forth in the Terms of Use.We process the Personal Data listed in section B (d) - (k) and (l) – (n) to operate, maintain, customize, measure and improve our Service (including to train the face and plate blurring algorithm) and to fulfill the purposes disclosed when you provided your information to us. This processing is done on the basis of our legitimate interest of properly providing and improving our Service.

We process the Personal Data listed in section B (a) to make sure that only registered users have access to our Service. This processing is done on the basis of that it is necessary for us to fulfil our obligations to you in our Terms of Use.

We also process the Personal Data listed in section B (a) and (b) in order to connect you with other users that are interested in purchasing Content from you, or that you are interested in purchasing Content from. This processing is done on the basis of that it is necessary for us to fulfil our obligations to you in our Terms of Use.

Furthermore, we process the Personal Data listed in section B (a) and (b) to respond to your comments and questions and provide the customer support you request. This processing is done on the basis of that it is necessary for us to fulfil our obligations to you in our Terms of Use.

We process the Personal Data listed in section B (a), (b) and (j) to resolve disputes, collect fees and enforce our terms and policies. This processing is done on the basis of our legitimate interest of overseeing, monitoring and properly policing our Service.

We process the Personal Data listed in section B (e) - (i) to analyze user behavior in order to understand user preferences, for product development and training purposes, to troubleshoot problems and to enhance your experience and enjoyment using our Service and Website. This processing is done on the basis of our legitimate interest of improving and developing our Service.

We process the Personal Data listed in section B (a) and (b) to communicate with you about new events, offers and other news about our products and services offered by us and, as applicable, our selected partners and send you Service-related information, including confirmations, invoices (as applicable), technical notices, updates, security alerts and support and administrative messages. This processing is done on the basis of that it is necessary for us to fulfil our obligations to you in our Terms of Use, and, in regard to direct marketing, our legitimate interest of providing you with such communication.

Within the scope of Capture Projects and the Mapillary Marketplace, we process your live geolocation data (section B (k)), whilst you are collecting images for a Requester/Organization. This live geolocation data is only processed to provide our Services within Capture Projects and the Mapillary Marketplace, and to facilitate the Requester’s/Organization’s supervision of the task they have assigned to you. Such processing is done on the basis of your explicit consent.

If you visit our Website we process the Personal Data listed in section B (l) - (n) to analyze the flow of visitors to our Website, to customize our Service, optimize user interfaces and to measure promotional effectiveness. This processing is done on the basis of our legitimate interest of developing and improving our Website and Service.

Face and plates included in submitted Content

If any Personal Data attributable to you is included in submitted Content, we will process such Personal Data in order to properly provide our Service. This processing is done on the basis of our legitimate interest of providing our Service. In order to protect your personal integrity, we automatically blur any faces and vehicle license plates in any submitted Content before it is posted to the Website.

Retention policy

We only store your Personal Data as long as it is needed for the purpose for which it was collected. In relation to our registered users we will keep the Personal Data listed in section B (a) - (j) only as long as you are registered as a user. However, after you de-register as a user we may process such Personal Data as is necessary for us to fulfill an agreement with you, or such Personal Data as we are required to keep by law.

In order for us to provide our Service and for the purposes described in this policy, we will keep any submitted Content, as well as data and statistics regarding your use of the Service and geolocational data included in the Content, indefinitely. However, we will remove all information in relation to such Content, data and/or statistics, which connects it to you as a user. Furthermore, we do not store the live geolocational data in section B (k) after the completion of the project or Task to which the live geolocational data pertains in any other form than the metadata accompanying any images contributed.

In relation to visitors of our Website, all Personal Data that we process is connected to cookies, and are thus stored in accordance with our cookie policy (see section B above).

Personal faces and vehicle license plates in all submitted Content are automatically blurred before being posted to the Website, in order to respect and protect the personal integrity of any persons pictured. However, we will always keep a clean master version of the Content for 6 months after the Content was submitted, and for so long as permitted by applicable law. This is done for the purpose of product development, including training and improving the blurring algorithm, and in case the Content would contain important information to us, you, or our customers, that our algorithm accidentally blurred. In order to protect the personal integrity of any persons pictured, the master version of the Content is stored as strictly controlled confidential information in such a way that only a select number of Mapillary employees and authorized persons have access to it. We also employ strict guidelines for our moderators regarding what Content, and what Personal Data included in such Content, that we are allowed to keep and post to the Website.

General

We may use and provide data and information to our partners and customers for commercial purposes after we have removed your name or any other personally identifying information from it, or have combined it with other people's data in a way that it is no longer associated with you.

We also may combine your Information with information we collect from other sources to improve our products and services. Content (as defined in the Terms of Use) may be exposed to public search engines and publicly available search results and via third party sites and applications that access the Service. Nothing in this Privacy Policy should be construed to prevent us from charging a fee to parties who wish to access Content or to use the Service (although access to the Service for Non-Commercial Use, as defined in the Terms of Use, is free of charge).

You have the option of submitting Content and using the Service anonymously as the user name and e-mail address you submit may certainly be created specifically to avoid identifying you as an individual. If you do not submit a valid e-mail address however, this may interfere with your use of the Service through i.a. loss of relevant notifications. However, we cannot guarantee absolute anonymity and make no guarantee that other users will never be able to determine your identity, such as (without limitation) by observations of your activity, the manner in which you express yourself, and other patterns of conduct or behavior. Moreover, all of your activities on the Service will be traceable to your username, from which your actual identity may be known. Notices may be sent to other users regarding suspicious activity and policy violations and refer to usernames and specific items. Please understand that if you link your name with your username or e-mail address, others will be able to personally identify your activities.

Further, we may use Personal Data to respond to legal requirements, in connection with a merger, sale of assets, or other similar corporate transactions, to respond to claims that Content violates the rights of others, or to protect the rights, property, or safety or any person.

Your choices regarding our use of your Personal Information for marketing purposes

If you no longer wish to receive marketing-related emails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by following the unsubscribe instructions in any such message, or by emailing us at support@mapillary.com. We aim to comply with such request(s) as soon as reasonably practicable. Please note that if you do opt-out of receiving marketing-related emails from us, we may still send you administrative messages; you cannot opt-out from receiving administrative messages.

D. Personal data within Capture Projects and the Mapillary Marketplace

This Policy applies to such processing of Personal Data over which Mapillary is the data controller pursuant to the GDPR. However, for Marketplace or Capture Projects, Mapillary, and the Organization/Requester for which images are collected, will be joint controllers in relation to the processing of personal data within the scope of such Services.

When two or more parties are joint controllers in regard to processing of personal data, as in the case of personal data processed within the scope of Capture Projects or the Mapillary Marketplace, the joint controllers are to determine their respective responsibilities according to the GDPR. This determination is made through an internal arrangement between the joint controllers. The internal arrangement in force between Mapillary and the Organization/Requester that you collect images for can be found in Mapillary’s Terms of Use.

Mapillary processes personal data under this joint controllership for the purposes and on such legal basis as set out in section C above, and as otherwise stipulated in this Policy. You can always contact Mapillary at support@mapillary.com if you have any questions regarding your personal data processed under joint controllership, or if you wish to exercise any of your rights under this Policy or the GDPR. For the purposes and legal basis of the Requester/Organization, we refer you to their respective privacy policy.

If the Requester/Organization is a private individual acting in their private capacity, Mapillary is instead the sole data controller of personal data processed within the scope of the Mapillary Marketplace or Capture Projects, and this Policy (except for this section D) applies to that processing.

E. Sharing Information

We do not disclose, sell or rent your Personal Data to third parties for their marketing purposes without your prior consent. If you do consent but later change your mind, you may contact us and we will cease any such activity. We only share your Personal Data as follows:

(i) at your direction and control via your normal and intended operation of the Service, or with your consent, for example, when you agree to our sharing your Personal Data with other selected third parties for their own marketing purposes subject to their separate privacy policies;

(ii) with service providers, consultants or similar contractors, Requesters/Organizations (within the scope of Capture Projects or the Mapillary Marketplace), or third parties who provide services or content in connection with our Service in order to support or enhance our or such parties’ products and services or our or such parties’ business operations, or to make available and consummate initiated transactions;

(iii) to comply with laws or respond to lawful requests and legal process or to enforce or apply our terms of use/service, license terms, or other agreements between us, and to protect the rights, safety and property of Mapillary, our agents, employees, customers, members, and others; and

(iv) under written obligations of confidentiality, in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company.

We may also share and disclose Nonpersonal Data for the same purposes as described above.

When other companies, e.g. our service providers, process your Personal Data on our behalf, we always enter into binding data processing agreements that ensure that your Personal Data always enjoys the same level of protection as under this Policy.

F. No Guarantee of Security

We apply appropriate technical and organizational safeguards and take all reasonable steps to help protect your Personal Data in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. However, no one can create a completely secure website, app or service and third parties may unlawfully intercept, steal or access transmissions or private communications. Therefore, we cannot guarantee that your Information or private communications that you transfer over the internet to us will always be secure or remain confidential.

G. Password

Your password deserves careful thought and protection. Use unique numbers, letters, and special characters and do not disclose your password to anyone. You shall not share your password or your personal sign-in credentials with others, and please remember that you are responsible for all actions taken in the name of your account. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf. If your password has been compromised for any reason, you should immediately access your profile to change your password and notify us immediately at support@mapillary.com.

H. International Transfers

We may process Information on servers located in a number of countries. Accordingly, we may share Information with our service providers and affiliated companies for such companies to carry out any of the activities specified in this Policy. We may also subcontract processing to or share Information with third parties located in countries other than your home country. Information collected within the European Economic Area, for example, be transferred to, and processed by our affiliates or other third parties identified above that are located in, a country outside of the EEA. However, regardless of country, we will always process Information in accordance with this Policy. In respect to our service providers, we will always enter into a data processing agreement that ensure that their processing gives the same level of protection to your Personal Data as this Policy.

In addition to the above, any transfer of Personal Data from the EEA to a third country outside the EEA, will only be made if permitted by the applicable EU data protection regulation. This means that we will only initiate such transfer of Personal Data if the receiving country outside the EEA has been deemed by the EU Commission to ensure an appropriate level of protection, if we have entered into the Commission’s standard data protection clauses with the receiving company, or if there are other safeguards in place that permits such a transfer. You can receive a copy of such safeguards by e-mailing support@mapillary.com.

I. Children

The Services are not directed at or intended for children under sixteen (16) years of age, and we do not knowingly collect Personal Data from such children. If you believe that we might have any Personal Data from a child under 16 years of age, please contact us at support@mapillary.com.

J. Policy Changes

We may amend this Policy from time to time. If we make any changes to this Policy, we will post the amended terms on Mapillary.com, change the "Last Updated" date above, and where appropriate, notify you by email or via our other notification mechanisms.

K. Your Information, Rights and Choices

You have the right to ask us not to process your Personal Data for marketing or promotional purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may also opt out of receiving promotional emails from us by following the instructions in the emails themselves or by emailing support@mapillary.com. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.

You can see, review and change your personal information by logging into the Service or by contacting us at support@mapillary.com. You should promptly update your personal information if it changes or is inaccurate.

You have the right to receive confirmation on whether or not we process Personal Data concerning you, and in such cases get access to such personal data and also information regarding the personal data and how we process it.

You have the right to have inaccurate Personal Data concerning you rectified without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data about you completed.

You have, under certain circumstances, the right to have Personal Data concerning you erased, for example if the Personal Data are no longer necessary in relation to the purposes for which they were collected or if the personal data have been unlawfully processed.

You have the right to withdraw a consent provided by you at any time by contacting us. If your consent is withdrawn, we will no longer process your personal data for the purpose that you had given your consent to.

In some circumstances you have the right to obtain restriction of the processing of your Personal Data. For example if you contest the accuracy of the Personal Data, you can also require that we restrict the processing of your Personal Data for such a period that enables us to verify the accuracy of the Personal Data.

You have the right to object to processing of your Personal data that is based on our legitimate interests. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, in order to proceed with the processing of your Personal Data.

You have the right to receive the Personal Data relating to you and that you have provided to us, in a commonly used electronic format. You have the right to transmit that data to another controller (data portability).

You may always contact Mapillary at support@mapillary.com if you have any questions or comments regarding our processing of your Personal Data. You also have the right to complain about the processing of your Personal Data by lodging a complaint to the relevant data protection authority.

You may delete your account any time by emailing support@mapillary.com. Deletion is your sole means of terminating your account. We will in our own discretion keep Nonpersonal Data and explicitly the images submitted and the associated geolocation data which is required, if any, to maintain the uninterrupted and intended Mapillary Solution functionality. This Nonpersonal Data may be stored under a new username not attributable to you.

In addition to the above, you may opt-out of providing information via the App to Mapillary at any time by uninstalling the App using the standard uninstall process available on your mobile device or via the mobile application marketplace or store.

Please note that once you make a public posting, you may not be able to change or remove it.

L. Questions

If you have any questions about this Policy, please contact us and our data protection officer at support@mapillary.com.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, California law may provide you with certain rights regarding our use of your personal information.

A. “Do Not Track” under the California Online Privacy Protection Act. We support “do not track” (a preference you may be able to set in your web browser to inform websites that you do not want to be tracked). We are not aware of any processes for others collecting personal information about your activities on our websites over time and across third party websites, apps, or other online services, nor do we knowingly collect information about your activities over time across third party sites and services.

B. California's "Shine the Light" law (Civil Code Section § 1798.83). This law permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to us at privacy@mapillary.com.

C. California Consumer Privacy Act (CCPA). This part (C) serves as a privacy notice for California residents and applies solely to residents of California. This part is effective upon the effective date of enforcement of the CCPA. We adopt this policy to comply with the CCPA as of the effective date of this policy, and any terms defined in the CCPA have the same meaning when used in this notice. Note that provision of this CCPA notice is not an admission on our part that we are a “business” within the meaning of the CCPA, and nothing in this policy may be construed as such an admission.

Personal information we collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person (“personal information”) that falls within the following categories of personal information, and have done so within the last 12 months:

Category Information Collected
Identifiers A real name, postal address, unique identifier, online identifier, Internet Protocol address, email address, and account name.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, address, telephone number; identification numbers; financial details
Commercial information Records of services purchased, obtained, or considered, or other transaction histories
Internet or other similar network activity A consumer’s interaction with a website; browsing and search history.

Personal information does not include: (a) publicly available information from government records; (b) deidentified information or aggregate consumer information; (c) information excluded from the CCPA’s scope; and (d) personal information covered by certain sector-specific privacy laws.

We obtain the categories of personal information listed above from the following categories of sources:

Our use of personal information

We may use or disclose the personal information we collect for the purposes set forth in this policy, and one or more of the following business purposes:

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

We do not sell personal information of consumers to businesses or third parties (as the terms “sell”, “consumers”, “businesses” and “third parties” are defined in the CCPA).

Sharing personal information

We may disclose any or all of the categories above of your personal information to a third party for a business purpose, as set forth in this policy, and we have done so in the last 12 months. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.

We disclose your personal information for a business purpose to the following categories of third parties:

Your rights and choices

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you (unless an exception applies):

We do not provide these access and data portability rights for B2B personal information to the extent such an exception remains in effect under the CCPA.

Deletion request rights

California residents have the right under the CCPA to request that we delete any of their personal information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request (see below), we will delete (and direct our service providers to delete) relevant personal information from our records, unless an exception applies (such as the B2B exception referenced above).

We may deny California residents’ deletion request if doing so is permitted or required by applicable law, or if retaining the information is necessary for us or our service provider(s) to:

Verifiable consumer request

To exercise the access, data portability, and deletion rights under the CCPA described above, please submit to us a verifiable consumer request as set forth above.

Only a California resident, or a person registered with the California Secretary of State that a California resident has authorized to act on their behalf, may make a verifiable consumer request related to their personal information. A California resident may also make a verifiable consumer request on behalf of their minor child.

A verifiable consumer request for access or data portability can only be made twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify the California resident about whom we collected personal information or an authorized representative, and contain sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account on our website. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

We will endeavour to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. Except as permitted by the CCPA, we will not:

(Effective Date: 12 March 2020)

Mapillary uses cookies. Some of them are essential for running the site. Others help us improve the site and we ask for your consent to use those. Learn more
I consent