Good Enough Maps Legal
Privacy Policy.
This policy explains what Good Enough Maps collects, why it is collected, and the services used to operate the website, dashboard, billing flow, and Places API.
1. Information we collect
Good Enough Maps may collect:
- account details such as name, email address, verification state, and authentication session metadata;
- API key metadata such as label, prefix, status, creation time, last-used time, and last-used IP address;
- billing identifiers and subscription state received from Stripe, but not full payment card numbers;
- API usage records such as request ID, status code, charge status, mode, radius, query text, and rounded coordinates;
- layer, preset, import, grant, and place-submission content you add to your account;
- operational logs, diagnostics, browser errors, server errors, and security events.
2. How we use information
We use information to provide the service, authenticate users, issue and revoke API keys, enforce quota, process billing, send transactional email, debug failures, prevent abuse, improve reliability, comply with law, and communicate about account or service matters.
3. API request data
Public Places API requests are logged for quota enforcement, abuse prevention, reliability, and support. Good Enough Maps stores request metadata and rounded latitude/longitude values rather than exact full request URLs in usage records. API key secrets are not stored in plaintext and should not be sent to Good Enough Maps except as bearer credentials for API calls.
4. Cookies and sessions
The dashboard uses authentication cookies or similar session technology to keep users signed in and protect account access. The marketing site is designed to function without behavioral advertising cookies.
5. Service providers
Good Enough Maps uses service providers to operate the product, including:
- Cloudflare for website, dashboard, worker, DNS, edge, and related infrastructure;
- PlanetScale Postgres for control-plane account, key, quota, billing, and usage records;
- Hetzner for the Places API origin server;
- Stripe for checkout, subscriptions, invoices, tax or payment workflows, and billing portal access;
- Resend for transactional email such as verification and password-reset messages;
- Sentry for error reporting, operational diagnostics, and alert routing.
These providers process information as needed to provide their services. Their processing may involve transfers to countries other than yours.
6. Legal bases and rights
Where privacy law requires a legal basis, Good Enough Maps processes information to perform a contract, pursue legitimate interests in operating and securing the service, comply with legal obligations, or with consent where required. Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal information.
7. Retention
Account, billing, quota, and usage information is retained while needed to provide the service, resolve disputes, comply with law, prevent abuse, and maintain financial or security records. Diagnostic logs and Sentry events are retained for a limited operational period according to configured provider retention settings.
8. Security
Good Enough Maps uses technical and organizational safeguards such as hashed API keys, scoped access, TLS, database access controls, and operational monitoring. No internet service can guarantee perfect security, and you are responsible for protecting your account credentials and API keys.
9. Changes
This policy may be updated as the product, providers, or legal requirements change. The effective date will be updated when material changes are published.
10. Contact
Privacy requests can be sent to privacy@goodenoughmaps.com.