Privacy Policy

Effective date: May 21, 2026

Minimal collection

Only the information required for security, account access, and core service operation is collected.

Your assets are private

Files, projects, and exports belong to you. They are never shared or made accessible to anyone else.

Analytics stay internal

Usage metrics are collected for internal improvement only and never leave the platform's infrastructure.

No trackers or data brokers

No third-party trackers, ad-tech, or external analytics pipelines. Limited providers are used only where account access or transactional delivery requires it.

No AI training. Ever.

User data is never used to train, fine-tune, or inform any AI or machine learning model. No exceptions.

Questions?

contact@maptoplay.com

Full policy

Overview

MapToPlay (“the platform”) is built on a simple principle: your work belongs to you, and your data stays private. This policy explains what the platform collects, why, and what will never be done with it.

Information Collected

Access logs. When you connect to MapToPlay, the servers record basic access information — including your IP address, request timestamp, and the resource requested. This data is retained solely for security purposes: detecting abuse, preventing unauthorized access, and diagnosing infrastructure issues. It is not used for any other purpose.

Account information. If you register, the platform stores the credentials you provide (e-mail address and a hashed password). No payment data, real names, or any information beyond what is strictly required to identify your account is collected.

Google sign-in data. If the end-user chooses the optional Google sign-in flow, the platform receives only the basic profile information returned by Google’s standard authentication scopes: name, e-mail address, and profile image. No additional Google data is requested.

Google User Data

MapToPlay supports Google OAuth as an optional authentication method. When that method is used, the platform receives only the Google account data required to authenticate the end-user and link or create the corresponding MapToPlay account: the end-user’s name, e-mail address, and Google profile image URL.

That Google-provided data is used solely for sign-in, account creation, account access, and basic account presentation within the platform. No custom Google scopes are requested. The platform does not request, access, read, or store Google Drive, Gmail, Calendar, Contacts, or any other Google service data.

To complete authentication, MapToPlay validates the Google ID token presented by the end-user and then stores only the account fields needed to operate the MapToPlay account: e-mail address, display name information, and profile image URL if provided by Google. MapToPlay does not store Google passwords, Google refresh tokens, or ongoing access to Google APIs.

The stored Google-derived account fields remain associated with the MapToPlay account until the account data is changed or the account is deleted. Access granted through Google may be revoked by the end-user at any time through the Google Account permissions settings.

Usage Analytics

To understand how the platform is being used and where to improve it, internal usage metrics are collected — such as which features are accessed, how often, and general patterns of interaction. This data is aggregated and anonymized wherever possible and is processed entirely within the platform’s own infrastructure.

Your Content & Assets

Everything you create on MapToPlay — project files, exported maps, uploaded assets, configurations — belongs to you. The platform stores it to provide the service and for no other reason. No user content is shared, sold, licensed, or made accessible to any other user, organization, or third-party service, except where you explicitly choose to share it yourself.

Third-Party Services

MapToPlay does not embed third-party trackers, advertising SDKs, data brokers, or external analytics pipelines. However, limited third-party services may be used where strictly necessary to operate the platform’s core account functions.

This includes Google as an optional identity provider when the end-user chooses Google sign-in, and e-mail delivery providers when the platform sends transactional account messages such as verification or password reset e-mails. Those services are used only for the specific operational purpose required and not for unrelated data exploitation.

AI & Machine Learning

MapToPlay is a tool for creators, not a data harvesting operation. Your projects, maps, assets, and any other content you produce or upload will never be used to train, fine-tune, evaluate, or otherwise inform any artificial intelligence or machine learning model — by the platform or by any third party. No exceptions.

Data Security

Standard security practices are applied to protect data in transit and at rest, including encrypted connections and access controls. No system is perfectly invulnerable, but reasonable and proportionate steps are taken to keep your information safe.

Account Deletion

A user may permanently delete their MapToPlay account at any time through the account settings interface available within the platform.

Once confirmed by the user in the interface, the account and its associated data are permanently removed from MapToPlay systems, except where limited retention is strictly required for security, fraud prevention, legal compliance, or technical backup rotation. This deletion is irreversible and the removed account and data cannot be restored.

Changes to This Policy

If material changes are made to this policy, the effective date above will be updated and, where appropriate, registered users will be notified. Continued use of the platform after any change constitutes acceptance of the revised policy.

Contact

Questions about this policy or how the platform handles your data can be sent to contact@maptoplay.com.