Legal
Privacy policy
Last updated: 18 July 2026
01Who we are
MapGTM ("we", "us") provides process-mapping software at mapgtm.com. This policy explains what information we collect when you use MapGTM, how we use it, and the choices you have. We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
02Information we collect
Account information. Your name, email address, and password (stored as a salted hash, never in plain text), plus your team name and membership.
Content you create. Process maps, descriptions, uploaded files (PDF, Word, Excel, images), version history, and anything else you put into the product.
Usage information. Basic product events such as share-link views and walkthrough starts and completions. Viewers of a public share link are counted anonymously; we do not collect their identity.
Cookies. We use strictly necessary cookies to keep you signed in. We do not use advertising or cross-site tracking cookies.
03How we use it
We use your information to operate MapGTM: authenticate you, store and render your maps, run the AI features you invoke, show your team its own analytics, and keep the service secure (including rate limiting and abuse prevention). We do not sell personal information, and we do not use your content for advertising.
04AI processing
When you use an AI feature (generating a map from a description, extracting from a file, analysing a process, or suggestions), the content you submit for that request is sent to Anthropic, our AI provider, to produce the result. Under Anthropic's commercial API terms, this data is not used to train their models. AI features run only when you invoke them.
05Where your data lives
Your data is stored with Supabase (database and authentication) and served through Vercel (hosting). Data is encrypted in transit. These providers process data on our behalf and under their own security certifications.
06Sharing
We share information only with the service providers named above (Supabase, Vercel, Anthropic), and only as needed to run the product. Content behind a share link is visible to anyone who holds that link until you revoke it. We may disclose information if required by law.
07Retention and deletion
We keep your data while your account is active. You can delete processes and revoke share links at any time in the product. Account deletion requests are actioned by an administrator within 30 days.
08Your rights
You can access and correct your account information in the product. Depending on where you live, you may also have rights to access, correct, export, or erase personal information we hold about you, and to complain to a regulator (in Australia, the OAIC). Raise any of these requests with your administrator and they will be actioned.
09Changes
If we make material changes to this policy we will update the date above and, where appropriate, notify you in the product.