Stillmaps

Privacy Policy

Version 1.3
Effective Date: 03.02.2026

1. Overview

This Privacy Policy explains how Stillmaps ("we", "our", or "the Platform") collects, uses, and processes personal data.

Stillmaps is a web-based honor and shared history platform that allows users to create digital parks, place digital monuments, and interact through digital tributes, intended for expression, recognition, and participation.

We are committed to transparency and data minimization.

Stillmaps acts as the data controller for personal data processed through the Platform.

2. Data We Collect

2.1 Account Data (Google Sign-In)

When you sign in using Google, we collect and store:

  • name
  • email address
  • profile image (avatar)
  • technical Google account identifier

Google acts as an independent data controller for the Google account itself. We do not receive access to your Google password or other Google account data beyond the basic profile information described above. Authentication via Google Sign-In is optional and users may choose alternative sign-in methods where available.

This data is used solely for authentication, account management, and communication related to the platform.

2.2 User-Generated Content

Users may voluntarily create and submit content, including:

  • park maps and layouts
  • monument data (names, dates, biographies)
  • images uploaded to monuments
  • genealogical or relational connections

Some of this content is intended to be publicly visible by design when a park is published.

2.3 Technical and Usage Data

We may collect limited technical data necessary for platform operation, security, and performance, including:

  • device and browser information
  • IP address (processed in a limited and security-related manner)
  • basic usage events

3. Public Content Clarification

Published parks and monuments may include names, dates, images, and biographical information provided voluntarily by users. Such content is created for commemorative purposes and may be visible to other users or visitors, depending on the park's visibility settings.

Users should ensure they have the right to publish any information they submit.

4. Local Storage and Cookies

4.1 Local Storage

The Platform uses local storage in the user's browser to:

  • cache content
  • improve performance
  • preserve interface state

No sensitive personal data is permanently stored in local storage.

4.2 Cookies

We use cookies for the following purposes:

  • essential cookies for authentication and security (including authorization tokens)
  • analytics cookies to understand how the Platform is used and to improve functionality
  • attribution cookies to remember referral or partner click identifiers and campaign parameters when you arrive via a partner link (for performance measurement, fraud prevention, and reconciliation)

We do not use cookies for third-party advertising targeting or behavioral profiling across unrelated websites. Attribution cookies (if present) are used only to attribute referrals and measure marketing performance.

4.3 Affiliate / Partner Attribution

If you arrive at the Platform through a Partner link, we may collect attribution parameters from the URL (such as UTM parameters and/or a partner click identifier) and store them in first-party cookies and/or local storage. We use this information to (a) understand how users discover the Platform, (b) measure campaign effectiveness, and (c) prevent fraud and abuse.

We may share with the referring Partner limited conversion information tied to the Partner's click identifier (for example: event type such as sign-up, activation, purchase, and associated value). We do not share park content or your account credentials with Partners.

Internal referral features (such as inviting friends directly within the Platform) are handled separately from affiliate or partner attribution. Such internal referrals do not involve third-party networks and do not result in the sharing of personal data with external partners.

4.4 Consent-Based Cookies and Analytics

The Platform displays a consent prompt only when optional cookies or technologies (such as analytics or marketing-related tracking) are used. If the Platform operates without such optional tracking, no consent prompt is shown, and only essential cookies necessary for core functionality are used.

5. Analytics

We may use analytics tools to collect aggregated and anonymized usage data.

Analytics are used solely to understand platform performance and improve user experience. Individual users are not tracked for advertising purposes. Analytics, if used, are configured to avoid the collection of unnecessary personal data and are not used for cross-site advertising profiling.

6. Legal Basis for Processing (GDPR)

We process personal data based on one or more of the following legal grounds:

  • user consent
  • performance of a contract
  • legitimate interests related to operating and securing the Platform
  • compliance with legal obligations

This policy applies to users in the European Union in accordance with the GDPR.

7. Data Retention

We retain personal data only as long as necessary to operate the Platform and fulfill its purposes.

Attribution identifiers (e.g., partner click IDs and campaign parameters) are typically retained for a limited period (for example, up to 30-90 days) or longer if needed for fraud prevention, accounting, dispute resolution, or legal obligations.

Retention depends on the nature of the data and the status of the associated content.

8. Right to Deletion and Data Removal

Users may request deletion of their account and associated personal data at any time.

Upon a deletion request:

  • account data (name, email, profile image) will be deleted or anonymized
  • private and unpublished park content will be removed
  • authorship attribution may be removed from published public parks

Important Limitation

Published park maps that are public and include monuments or slots purchased by other users may be retained. This is necessary to protect:

  • the rights of other users
  • the integrity of purchased content
  • the legitimate interests of the Platform

In such cases, personal identifiers linking the content to the requesting user will be removed where possible. This retention is based on the legitimate interests of other users and the Platform under Article 6(1)(f) GDPR.

9. Data Transfers

Data may be processed outside the European Union using appropriate safeguards, including secure infrastructure and contractual protections. Such safeguards may include Standard Contractual Clauses (SCC) approved by the European Commission.

10. Data Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

No system can be guaranteed 100% secure, but we strive to apply industry-standard safeguards.

11. Third-Party Services and Data Processors

We rely on trusted third-party service providers to operate and secure the Platform.

These providers process personal data on our behalf under applicable data protection agreements.

Our key service providers include:

  • Supabase Inc. — database services, authentication, and file storage
  • Fly.io, Inc. — cloud infrastructure and application hosting
  • Google LLC — authentication via Google Sign-In (independent data controller)
  • Payment service providers — payment processing and fraud prevention (under their own privacy policies)

All data processors acting on our behalf are bound by contractual obligations, including Data Processing Agreements (DPA), where required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be reflected by updating the effective date. Continued use of the Platform constitutes acceptance of the updated policy.

13. Contact

If you have questions or requests related to privacy or data protection, please contact: privacy@stillmaps.com