Privacy Policy

Last updated: February 9, 2026

Overview

InsightMaps ("we", "our", or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our geospatial mapping service.

Key Points:

• We collect only the information necessary to provide and improve our service
• We do not sell your personal information
• You have rights to access, correct, and delete your data
• We use industry-standard security measures to protect your information

This policy applies to www.insightmaps.app, map.insightmaps.app, and console.insightmaps.app.

Information We Collect

Information You Provide Directly

When you create an account or use InsightMaps, you may provide:

• Account Information: Name, email address
• Authentication Data: When you sign in using OAuth providers (Google or Microsoft)
• User-Generated Content: Saved map views, bookmarks, layer configurations, uploaded shapefiles, and analysis results
• Support Communications: Messages you send to our support team

Information Collected Automatically

When you use InsightMaps, we automatically collect:

• Usage Data: Pages visited, features used, buttons clicked, time spent on platform
• Device Information: Browser type and version, operating system, screen resolution
• Log Data: IP address (anonymized), access times, error logs
• Location Data: General location (city/region level) derived from IP address - we do not collect precise GPS location
• Session Information: HTTP-only cookies for authentication and session management

Information from Third Parties

OAuth Sign-In Providers:

When you sign in with Google or Microsoft, we receive:

• Your name
• Your email address
• Profile picture (if provided)
• OAuth provider's unique identifier for your account

Note: We do not receive your Google or Microsoft password. Authentication is handled entirely by the OAuth provider.

Analytics Services:

We use the following analytics services that collect information about your use of InsightMaps:

• Microsoft Clarity: Session recordings, heatmaps, user interactions (see Microsoft Clarity Privacy Policy)
• Vercel Analytics: Page views, performance metrics (see Vercel Privacy Policy)

Note: Analytics are only active on our production websites (map.insightmaps.app and console.insightmaps.app), not in self-hosted deployments.

How We Use Your Information

We use your information to:

Service Delivery

• Provide access to mapping and analysis tools
• Save your preferences, bookmarks, and configurations
• Process uploaded geospatial data
• Maintain and improve service performance

Communication

• Send important service updates and security notices
• Respond to your support requests
• Notify you of significant changes to our Terms or Privacy Policy

Marketing Communications (Optional):

We may send occasional product updates or feature announcements if you opt in. You can:

• Opt in: Check the box during account creation or in account settings
• Opt out: Click "Unsubscribe" in any email or update account settings
• Note: Essential service notifications cannot be opted out

We will never share your email for third-party marketing.

Security and Fraud Prevention

• Protect against unauthorized access
• Detect and prevent malicious activity
• Monitor for security incidents

Service Improvement

• Analyze usage patterns to improve features
• Understand which features are most valuable
• Optimize performance and user experience
• Fix bugs and technical issues

We do not:

• Sell your personal information to third parties
• Use your data for advertising or marketing (unless you opt in)
• Share your user-generated content with others without your permission

Legal Basis for Processing

We process your personal information based on:

Consent: When you create an account or opt into analytics

Contract: To provide the services you've requested

Legitimate Interests:

• Fraud prevention and security
• Service improvement and analytics
• Responding to support requests

Legal Obligation: Complying with Australian laws and regulations

You may withdraw consent at any time by contacting us or deleting your account.

Cookies and Tracking Technologies

InsightMaps uses cookies and similar technologies to provide functionality and improve your experience.

Essential Cookies

Authentication Cookie (HTTP-only)

• Purpose: Keeps you signed in securely
• Type: Session cookie with JWT token
• Duration: 7 days (refresh token), 60 minutes (access token)
• Idle timeout: Sessions expire after 24 hours of inactivity for security
• Can be disabled? No - required for signed-in functionality

Analytics Cookies

Microsoft Clarity

• Purpose: Understand how users interact with the platform
• Data collected: Session recordings, click maps, scroll depth
• Duration: Up to 30 days
• Can be disabled? Yes - via browser settings or opt-out

Vercel Analytics

• Purpose: Monitor site performance and usage
• Data collected: Page views, load times, referrer
• Duration: Session-based
• Can be disabled? Yes - via browser settings

Local Storage

We use browser localStorage to:

• Remember your map layer preferences
• Store your last viewed map extent
• Cache interface settings for faster loading

Note: Clearing your browser's local storage will reset these preferences.

Managing Cookies

You can control cookies through your browser settings:

• Chrome: Settings > Privacy and security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Cookies and site permissions

Important: Disabling essential cookies will prevent you from signing in and using personalized features.

Data Storage and Security

Where Your Data Is Stored

Your information is stored securely in the following locations:

• Application Data: PostgreSQL database hosted by Railway (may be located outside Australia)
• API Services: DigitalOcean cloud infrastructure
• Web Hosting: Vercel global CDN
• File Uploads: Temporary processing on application servers (deleted after processing)

Cross-Border Data Transfer: Your data may be transferred to and stored on servers located outside of Australia, including in the United States. By using InsightMaps, you consent to this transfer.

How We Protect Your Data

We implement industry-standard security measures:

• Encryption in Transit: All data is transmitted over HTTPS (TLS 1.2+)
• Secure Authentication: HTTP-only cookies prevent XSS attacks
• Password Security: Passwords (if applicable) are hashed using industry-standard algorithms
• Access Controls: Strict access controls limit who can access data
• Regular Updates: We keep our software and dependencies up to date
• Security Monitoring: Automated monitoring for suspicious activity
• Rate Limiting: We implement rate limits to prevent abuse and protect service availability

Important: No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will:

1. Notify affected users via email within a reasonable timeframe (typically within 72 hours of becoming aware)
2. Report the breach to the Office of the Australian Information Commissioner (OAIC) as required by law
3. Provide information about the nature of the breach and recommended actions
4. Take immediate steps to contain and remediate the breach

You can report suspected security issues to: [email protected]

Data Sharing and Disclosure

We Do Not Sell Your Data

InsightMaps does not sell, rent, or trade your personal information to third parties.

When We Share Information

We may share your information only in the following circumstances:

Service Providers:

• Hosting providers (Vercel, DigitalOcean, Railway) - to operate the service
• Analytics providers (Microsoft Clarity, Vercel) - to improve the service
• OAuth providers (Google, Microsoft) - for authentication

These providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements:

We may disclose your information if required by law, such as:

• In response to a valid court order, subpoena, or warrant
• To comply with legal obligations
• To protect the rights, property, or safety of InsightMaps, our users, or the public
• To investigate fraud or security incidents

Business Transfers:

If InsightMaps is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

With Your Consent:

We may share your information for other purposes with your explicit consent.

Public Content

Any content you choose to share publicly (such as public map views, if this feature exists) may be visible to other users and indexed by search engines.

Data Retention

How Long We Keep Your Data

Data Type	Retention Period
Account Information	While your account is active + 90 days after deletion request
User-Generated Content	While your account is active + 30 days after deletion request
Authentication Logs	90 days
Error Logs	30 days
Analytics Data	Up to 12 months (managed by third-party providers)
Backup Data	Up to 30 days (rolling backups)

Why We Retain Data

We retain data for:

• Providing ongoing service to active users
• Complying with legal obligations (e.g., tax records)
• Resolving disputes and enforcing our Terms of Use
• Preventing fraud and abuse

Account Deletion

When you delete your account:

1. Your account is immediately disabled
2. Personal information is deleted within 30 days
3. User-generated content is deleted within 30 days
4. Some information may remain in backups for up to 30 additional days
5. Aggregated, anonymized data may be retained indefinitely

Note: We may retain certain information if required by law or for legitimate business purposes (e.g., fraud prevention).

Your Rights

Under the Australian Privacy Act 1988 and Australian Privacy Principles (APPs), you have the following rights:

For International Users:

If you are located in the European Union, United Kingdom, or other jurisdictions with data protection laws, you may have additional rights beyond those listed here. Contact us to understand what rights apply in your location.

Right to Access

You can request a copy of the personal information we hold about you.

How to request: Email [email protected] with "Access Request" in the subject line.

Right to Correction

You can request that we correct inaccurate or incomplete information.

How to request: Update your account settings or email [email protected].

Right to Deletion

You can request deletion of your personal information, subject to legal obligations.

How to request: Email [email protected] with "Deletion Request" in the subject line. We will process your request within 30 days.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

How to request: Email [email protected] with "Data Export Request" in the subject line.

Right to Object

You can object to processing of your data for certain purposes (e.g., analytics, marketing).

How to opt out:

• Analytics: Use browser settings or provider opt-out links
• Email communications: Click "Unsubscribe" in any email

Right to Complain

If you believe we have not handled your information properly, you can:

1. Contact us at [email protected] to resolve the issue
2. Lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
   • Website: oaic.gov.au
   • Phone: 1300 363 992
   • Email: [email protected]

Response Time

We will respond to your requests within 30 days. If we need additional time, we will notify you and explain the reason for the delay.

Note: We may ask you to verify your identity before processing certain requests.

Children's Privacy

Age Restrictions

InsightMaps is intended for users aged 13 and older. Users under 18 must have parental or guardian consent to use the service.

Information from Children

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

We do not knowingly collect personal information from children under 13 without parental consent.

Automated Decision-Making

InsightMaps does not currently use automated decision-making or profiling that produces legal effects or similarly significant impacts on users.

If we introduce such features in the future:

• We will notify you in advance
• We will update this Privacy Policy
• You will have the right to opt out or request human review

Third-Party Services and Links

OAuth Providers

When you sign in with Google or Microsoft, their privacy policies apply to the information they collect:

• Google Privacy Policy
• Microsoft Privacy Policy

Analytics Providers

• Microsoft Clarity Privacy
• Vercel Privacy Policy

Map Data Providers

InsightMaps displays data from third-party sources (government agencies, Esri). These providers have their own privacy policies governing their services.

Links to Other Websites

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

International Users

InsightMaps is operated from Tasmania, Australia. If you access our service from outside Australia, your information may be transferred to, stored, and processed in Australia and other countries.

By using InsightMaps, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How We Notify You

When we make significant changes:

• We will update the "Last updated" date at the top of this policy
• We will notify you via email (if you have an account)
• We will display a prominent notice on the platform

Continued use of InsightMaps after changes constitutes acceptance of the updated policy.

Reviewing Changes

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: [email protected] Privacy Contact: InsightMaps Privacy Team Address: Tasmania, Australia

Note: As a small organization, we do not have a dedicated Data Protection Officer, but all privacy inquiries are handled by senior management.

For security issues: [email protected] For data breach reports: [email protected]

We aim to respond to all inquiries within 7 business days.

---

Quick Reference

What We Collect

✅ Name, email, account info ✅ Usage data, device info ✅ OAuth sign-in data (Google/Microsoft) ✅ Cookies for authentication and analytics

What We Don't Do

❌ Sell your personal information ❌ Share your data without consent (except as legally required) ❌ Collect precise GPS location ❌ Access your files without permission

Your Control

✅ Access your data anytime ✅ Delete your account and data ✅ Opt out of analytics ✅ Complain to OAIC if dissatisfied

---

This Privacy Policy complies with the Australian Privacy Act 1988 and Australian Privacy Principles (APPs).