Privacy Policy

1. Who we are

OpenMaps is operated by Brthrs Agency, based in the Netherlands. Brthrs Agency is the data controller for the personal data described in this policy. You can reach us at [email protected] for any privacy question or request.

2. What data we collect

We only collect what we need to run the service:

• Account data — your email address, and your name and avatar if you sign in with Google or Microsoft.
• Content you create — your maps, layers, markers, pages and project settings.
• Chat messages — the prompts you type to build maps, and the responses generated for you.
• Technical data — IP address, browser type and timestamps in server logs, used for security and abuse prevention.
• Functional cookies — a session cookie to keep you signed in and a language preference cookie. We do not use tracking or advertising cookies.

3. Why we process it

We process this data to:

• provide the service — creating, saving and publishing your maps (performance of a contract);
• sign you in securely and send you sign-in links and account emails (performance of a contract);
• keep the platform safe — rate limiting, abuse and fraud prevention (legitimate interest);
• comply with legal obligations where they apply to us.

4. AI processing

When you build a map through chat, your messages are sent to an AI model provider to generate the map. Depending on the model you pick this is Anthropic or GreenPT. We only send what is needed to answer your request; your messages are not used by us to train models.

5. Third parties and processors

We use a small number of service providers to run OpenMaps, under data-processing agreements where required:

• Hosting within the EU (our servers run in European data centres).
• Cloudflare — content delivery and protection of our domain.
• Resend — sending transactional email such as sign-in links.
• Anthropic and GreenPT — AI model providers for the chat (see above).
• Open-data providers (such as PDOK, KNMI and OpenStreetMap) — when a map needs their data, we request it on your behalf; these requests can include the search terms or locations from your prompt, never your account details.

6. Published maps are public

When you publish a map, it becomes accessible to anyone with the link, and — unless you opt out — it may be listed in the public map library. Anything you put in a published map (titles, descriptions, markers, pages) is public. Unpublish a map at any time to take it offline.

7. Retention

We keep your account data and content for as long as you have an account. If you delete your account, your personal data and projects are deleted. Server logs are kept for a short, limited period for security purposes and then removed.

8. Your rights

Under the GDPR you have the right to access, correct, delete and export your personal data, to restrict or object to processing, and to withdraw consent where processing is based on consent. Email [email protected] and we will respond within the statutory period. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9. Security

All traffic is encrypted (HTTPS). Sessions use secure, httpOnly cookies, accounts support two-factor authentication, and access to production systems is restricted. No method of transmission or storage is 100% secure, but we follow current good practice (including the OWASP guidelines) to protect your data.

10. Changes to this policy

We may update this policy as the service evolves. The date at the top tells you when it was last revised; significant changes will be announced in the app. Questions? Contact us at [email protected].