GDPR Compliance

FollowerMap ("we", "our", or "us") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) for users in the European Union (EU) and European Economic Area (EEA). This page explains how we collect, process, and protect your data when you use our platform to create polls, share links with followers, and map their locations anonymously.

Our privacy-first approach ensures minimal data collection, secure processing, and transparency. For full details, see our Privacy Policy.

FollowerMap, registered in Delaware, USA, is the data controller responsible for your personal data. You can contact us at:

Email: contact@mappbook.com

We collect minimal data to provide our Services, with clear lawful bases under GDPR:

• Creators:
  • Data: Name, email address, optional profile information, poll creation data.
  • Purpose: Account management, poll creation, customer support.
  • Lawful Basis: Consent (via account registration) and contract (to provide Services).
• Followers:
  • Data: Anonymized city/region (from IP geolocation), optional demographics (e.g., age, gender), response timestamps.
  • Purpose: Map visualization, deduplication (one response per user), aggregated insights.
  • Lawful Basis: Legitimate interest (to provide accurate mapping while minimizing data).
• Usage Data:
  • Data: Device/browser information, platform interactions.
  • Purpose: Improve Services, monitor performance.
  • Lawful Basis: Legitimate interest (to enhance user experience).

We do not store raw IP addresses or precise location data. Follower responses are anonymized to protect privacy.

To ensure one response per follower per poll, we use a GDPR-compliant deduplication process:

• Upon poll response, we generate a temporary, anonymized identifier using a secure, poll-specific code (salt).
• These identifiers are stored only for the poll's duration (e.g., 7 days) and deleted afterward.
• No raw IP addresses or personal identifiers are stored.
• Post-poll, we retain only aggregated, non-identifiable data (e.g., "Berlin: 50 responses, 60% female").

This minimizes data collection and ensures follower privacy, per GDPR's data minimization principle.

We retain data only as long as necessary:

• Creator Data: Retained while your account is active or as needed to provide Services, unless you request deletion.
• Follower Data: Temporary identifiers are deleted after the poll ends (e.g., 7 days). Aggregated data (city/region counts, demographics) is retained for creators' maps.
• Usage Data: Retained for up to 12 months for analytics, then anonymized or deleted.

You can request deletion of your data at any time (see "Your GDPR Rights" below).

We share data only in limited, GDPR-compliant cases:

• Service Providers: Trusted partners (e.g., analytics, hosting) process data under strict data protection agreements.
• Aggregated Data: Anonymized poll results may be shared publicly or with creators.
• Legal Obligations: To comply with legal requests, while respecting your rights.

As a US-based company, we may transfer data outside the EEA. We use safeguards like Standard Contractual Clauses (SCCs) to ensure GDPR-level protection.

We implement robust security measures to protect your data, per GDPR Article 32:

• Encryption of data in transit (HTTPS) and at rest.
• Secure hashing for deduplication (SHA-256 with poll-specific salts).
• Regular security audits and vulnerability assessments.
• Role-based access controls to limit data access.
• Secure authentication for creator accounts.

While we strive for maximum security, no online platform is 100% secure. We promptly address any breaches per GDPR requirements.

As an EU/EEA user, you have the following GDPR rights:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data (e.g., account, poll data).
• Restriction: Limit processing in certain cases (e.g., while verifying data accuracy).
• Objection: Object to processing based on legitimate interest (e.g., usage analytics).
• Data Portability: Receive your data in a structured, machine-readable format.
• Withdraw Consent: Revoke consent for data processing (e.g., creator account data), where applicable.
• Complaint: Lodge a complaint with your local data protection authority.

Note: Follower responses are anonymized and not linked to individuals, limiting some rights (e.g., access) for poll respondents.

To exercise your rights, contact us at: contact@mappbook.com. We will respond within one month, per GDPR.

For GDPR-related questions or to exercise your rights, contact our Data Protection Officer at:

Email: contact@mappbook.com

If you're unsatisfied with our response, you may contact your local data protection authority. A list of EU authorities is available at: edpb.europa.eu.