Last updated: 7/9/2026
1. Data Controller
GenMapAI (hereinafter "we", "our", "us") is committed to protecting your personal data. For the purposes of the General Data Protection Regulation (GDPR), the Data Controller is GenMapAI. For any privacy-related questions, you can contact us at: support@genmapai.com.
2. Data Collected and Purposes of Processing
We collect and process your personal data to provide you with our AI-powered map generation services. The data collected includes:
- Account and Contact Data: Email address, name, and basic details provided during registration (managed via Supabase Auth). Purpose: account creation, service provision, and essential transactional communications (such as email verification and password reset).
- Image Data: Images and map coordinates that you upload to our servers to generate the illustrations. Purpose: execution of the contract (delivery of the illustrated map).
- Payment Data: Processed directly by our provider Stripe. We do not store your full credit card details. Purpose: compliance with tax obligations and execution of the contract.
- Browsing Data and Cookies: Anonymized analytical data via Simple Analytics, only with your consent. Purpose: service improvement (legitimate interest / consent).
3. Data Sharing with Third Parties (Data Processors)
To provide our service, we rely on trusted, GDPR-compliant third-party providers:
- Supabase: For database storage, uploaded images, and authentication.
- Resend: For delivering essential transactional emails related to your account (such as email verification and password reset). We do not use Resend to send marketing or promotional emails.
- Stripe: For secure payment processing.
- Replicate: For processing AI models. Images sent to Replicate are processed solely for the requested generation.
- Simple Analytics: For privacy-friendly traffic statistics.
4. Transactional Communications
We may send you service-related emails that are necessary to operate your account and provide GenMapAI securely. These transactional messages include, for example, email address confirmation, password reset instructions, and security-related account notifications.
These communications are sent based on the performance of our service and/or our legitimate interest in maintaining account security. They are not marketing messages and do not require a separate marketing consent.
If you have an account, certain transactional emails cannot be opted out of while your account remains active, because they are required for authentication and security.
5. Data Retention
We retain your personal data only for as long as strictly necessary to provide the services and fulfill our legal and tax obligations. Uploaded and generated images are stored on Supabase buckets and associated with your account, but you can request their deletion at any time by deleting your account or contacting us.
6. Your Rights (GDPR)
If you are a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:
- Right of Access: You can request a copy of the data we hold about you.
- Right to Rectification: You can ask us to correct inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): You can request the deletion of your data.
- Right to Data Portability: You can receive your data in a structured, commonly used format.
- Right to Withdraw Consent: You can withdraw your consent for non-essential cookies at any time.
To exercise these rights, please contact us at support@genmapai.com.
7. Changes to the Privacy Policy
We reserve the right to update this Privacy Policy. Substantial changes will be communicated to you via the email associated with your account.