Privacy policy

MapProof stores your projects, your photos, and a small amount of account info. We use that data to run the product. We don't sell it. We don't train AI on it. We strip GPS from photos before showing them on any public page. Your customers' addresses stay private. You can export or delete your data at any time.

Account info. Email address (used to log in and to send password resets), display name, and optional profile/company logo. Email is the only required field.

Project data. Anything you type in or upload into a project — client name, address, phone, email, notes, status, dollar amounts, photos, videos, estimate appointment time. This is your data; we hold it so you can look at it later.

Photo metadata. When you upload a photo, we read the EXIF data on it (GPS coordinates, capture time, device) and save those values to your private record. We then re-encode the photo without that metadata before storing the version we serve to your customers, so EXIF never ships to the public side.

Standard server logs. IP address, browser type, request paths, and timing — written by our hosting providers (Vercel, Supabase) and used to keep the service running and debug issues. Retained at most 30 days.

We use your data to run the product: serve your dashboard, mint share links your customers can open, render your portfolio map, send password reset and team invite emails. That's it.

We don't sell your data. We don't share it with advertisers. We don't train AI models on it. If we ever change any of that, this page will say so before the change takes effect.

Two surfaces of the product are publicly accessible:

• Customer share pages at /s/<token> — show only the photos and videos for the project the contractor explicitly shared. No address, client name, dollar amounts, or EXIF.
• Public portfolio at /p/<org-slug> — shows city-level pins on a map for completed (Sold) jobs that have at least one After photo. No street addresses or client names ever appear.

We rely on a small number of third-party services to run MapProof. These companies have access to data only as needed to provide their service.

• Vercel — application hosting and serverless functions.
• Supabase — Postgres database and file storage.
• Mapbox — address autocomplete only. We pass the partial address you type; Mapbox returns suggestions.
• OpenStreetMap — base map tiles for the portfolio map.

You can:

• Export your project list as CSV from the dashboard at any time.
• Download your photos directly via right-click on any project.
• Delete a project — including its photos and videos — from the project page.
• Delete your entire account by emailing the address on the contact page. We'll wipe your data and confirm.

If you're in a jurisdiction with specific data-protection rights (GDPR, CCPA, etc.) and the standard self-serve options don't cover what you need, email us and we'll handle it manually.

MapProof is built for businesses. We don't knowingly collect data from anyone under 13.

We'll update the “Last updated” date at the top whenever we change anything material. If you have an account, we'll email you about meaningful changes before they take effect.

Questions, requests, or concerns about your data — email us via the contact page.