At MapMatix, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business automation services, workflow optimization tools, and related software solutions.

1. Information We Collect

We collect information to provide and improve our services. The types of information we collect include:

Identifiers: Name, email address, phone number, company name, and job title when you create an account, fill out forms, or contact us.
Usage Data: Information about how you interact with our website and services, including pages visited, features used, time spent, and referring sources.
Customer Support Data: Information you provide when contacting our support team, including correspondence and issue descriptions.
CRM Access Data: When you engage our audit or optimization services, we access your CRM system with permissions you grant to perform our analysis and implementation work.
Payment Information: Billing details processed through our third-party payment processors (Stripe, QuickBooks). We do not directly store credit card information.

Sensitive Data: We do not intentionally collect sensitive personal information such as health data, biometric data, precise geolocation, or financial account credentials. If our services require access to sensitive data in your CRM, we process it only as necessary to deliver the requested services and with appropriate safeguards.

2. How We Use Your Information

We use the information we collect for the following purposes:

Delivering and personalizing our CRM audit and automation services
Providing customer support and responding to inquiries
Processing payments and collecting fees
Sending service updates and relevant communications (with your consent for marketing)
Improving our website, services, and user experience
Preventing fraud and ensuring platform security
Complying with legal obligations

3. Legal Basis for Processing (GDPR)

For users in the European Union or United Kingdom, we process personal data under the following legal bases as defined in GDPR Article 6:

Contract Performance (Art. 6(1)(b)): Processing necessary to deliver our CRM audit and optimization services you have engaged us for
Legitimate Interests (Art. 6(1)(f)): Website analytics, security monitoring, and service improvement, balanced against your rights and freedoms
Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies, which you can withdraw at any time without affecting the lawfulness of prior processing
Legal Obligation (Art. 6(1)(c)): Tax records, financial reporting, and compliance with legal requests

4. Information Sharing

We do not sell your personal information. We maintain Data Processing Agreements (DPAs) or Service Provider Agreements with all third-party vendors who process personal data on our behalf, ensuring they meet our privacy and security standards.

We may share information with the following categories of service providers:

Analytics & Advertising Partners: Services that help us understand website usage and reach potential customers, including Google Analytics and RB2B/Retention.com (B2B visitor identification). See Section 9 for opt-out options.
Infrastructure & Security: Cloudflare (hosting, CDN, security, analytics via Zaraz)
Payment Processing: Stripe (payment processing), QuickBooks (billing and invoicing)
CRM Platforms: The CRM systems you use that we access to perform our services (HubSpot, Salesforce, etc.)
Legal Authorities: When required by law, court order, or to protect our rights and safety
Business Transfers: In connection with a merger, acquisition, or sale of assets

Note on "Sharing" under CCPA: We do not sell your personal information. However, our use of certain advertising technologies (such as RB2B) may be considered "sharing" for cross-context behavioral advertising under California law. You may opt out of this sharing—see Section 7 for details.

5. Data Security

We employ technical, administrative, and physical safeguards to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and secure data storage practices. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Breach Response

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach (as required by GDPR) and within timeframes required by applicable state laws, including California's data breach notification requirements. Notifications will include the nature of the breach, types of data affected, and steps we're taking to address the situation and prevent future occurrences.

7. CRM Data Handling

When performing CRM audits and optimization work, we access your system data solely for the purpose of analysis, recommendations, and implementation. All findings and reports are delivered to you. We implement strict access controls and do not use your CRM data for any purpose other than delivering the services you've engaged us for.

8. Third-Party Integrations

When you connect third-party accounts (such as Google), we access only the data necessary to provide requested features:

Google Integration: Calendar availability, event management, and business profile data—used solely for requested features, never for advertising
CRM Platforms: Data access as required to perform audits and implement solutions

9. Analytics, Cookies & Advertising Partners

Cookie Consent: When you first visit our website, a consent banner appears. Non-essential cookies (analytics and marketing) are only activated after you provide consent. You can change your preferences at any time through the consent banner or by clearing your browser cookies.

We use cookies and similar technologies to understand how visitors use our website and to provide relevant marketing. Below are the types of cookies we use:

Essential Cookies: Required for basic website functionality (session management, security features). These cannot be disabled.
Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics, Cloudflare Web Analytics). Used to improve user experience and content.
Marketing/Advertising Cookies: Used to identify business visitors and deliver relevant marketing (RB2B/Retention.com). These may associate your website activity with other information about you.

Advertising & Data Partners Disclosure: When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. These partners may send you communications and marketing based on this data.

We use RB2B (Retention.com) to identify business visitors to our website. This service may collect and process your professional information to help us reach potential customers.

Opt-Out Options:

RB2B Opt-Out: https://app.retention.com/optout
GDPR Opt-Out (EU/UK residents): https://www.rb2b.com/rb2b-gdpr-opt-out

Managing Cookies: You can control cookie settings through your browser preferences. Most browsers allow you to refuse or delete cookies. However, disabling cookies may affect your experience on our website. We honor Global Privacy Control (GPC) signals where required by law.

10. Data Retention

We retain your information for the following periods:

Account Data: 24 months after account closure
Billing Records: 7 years (as required for tax and legal purposes)
Server Logs: 30-90 days
Backups: Up to 35 days

11. Your Rights

You have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your personal information
Opt out of marketing communications
Opt out of cross-context behavioral advertising (see Section 9)
Request limitations on data usage
Update your account preferences at any time

Response Timeframes: We respond to verified data subject requests within 30 days (or 45 days for complex requests with notice). For California residents, we respond within 45 days as required by CCPA, with the option to extend by an additional 45 days for complex requests.

California Residents (CCPA/CPRA): You have additional rights under California law:

Right to Know: What personal information is collected, used, and disclosed
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out: Opt out of "sharing" for cross-context behavioral advertising
Right to Limit: Limit use of sensitive personal information
Right to Non-Discrimination: We will not discriminate against you for exercising these rights

While we do not sell personal information, our use of RB2B may constitute "sharing" under California law. To opt out, visit https://app.retention.com/optout.

Opt-Out Confirmation: When you submit a request to opt out of sharing, we will confirm receipt within 15 business days and complete processing within 45 days. You will receive confirmation once your request is fulfilled.

12. GDPR Compliance & International Transfers

For users in the European Union or United Kingdom, MapMatix acts as the data controller for personal information collected through our services. When we transfer data outside the EU/UK, we use the following safeguards:

Standard Contractual Clauses (SCCs): EU-approved contract terms with our service providers
Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
Supplementary Measures: Additional technical and organizational safeguards where needed

You have the right to request a copy of the safeguards we use for international transfers by contacting us at the address below.

13. Changes to This Policy

We review and update this Privacy Policy at least annually, or more frequently when our data practices change. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Your continued use of our services after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically for the latest information on our privacy practices.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. While we use analytics tools to understand website usage patterns, these do not make automated decisions about individual users. Our CRM audit and optimization services involve human review, analysis, and recommendations—not automated processing that affects your rights or interests.

15. Children's Privacy

Our services are designed for businesses and are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe we may have collected information from a child, please contact us immediately.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: matt@mapmatix.com
Phone: (509) 792-3594