Privacy Policy
Last updated: June 3, 2026
1. Who we are
Inkstamp Map is a personal open-source project. For any inquiry, open an issue on GitHub. This policy explains what personal data we collect, why, and your rights under the GDPR and applicable data protection laws.
2. Data we collect
| Data | Purpose | Retention |
|---|---|---|
| Email address, auth tokens | Account creation & login | Until account deletion |
| Favorites, collections, comments | Core app functionality | Until account deletion |
| Stripe billing data | Subscription management & payment | 7 years (legal obligation) |
| Server logs (IP, requests) | Security & abuse prevention | 30 days |
We do not sell your data. We do not use third-party advertising trackers.
3. Legal bases (GDPR Art. 6)
- Contract performance — processing your account, favorites, collections, subscriptions.
- Legal obligation — retaining billing records 7 years per French accounting law.
- Legitimate interest — server logs for security and abuse detection.
4. Data processors (sub-contractors)
- Supabase— database & authentication (EU region)
- Vercel— hosting & edge functions
- Stripe — payment processing
- Cloudflare R2 — user-uploaded image storage
- PostHog — anonymous product analytics (no IP stored, no cross-site tracking)
Each processor has signed a Data Processing Agreement (DPA) and processes data only on our instructions.
5. Your rights
Under GDPR you have the right to: access your data, correct inaccuracies, delete your account and associated data, export your data (portability), and object to processing based on legitimate interest. To exercise any of these rights, open a GitHub issue. We respond within 30 days. You may also lodge a complaint with the CNIL (cnil.fr).
To delete your account and all associated data, go to Account settings and use the “Delete account” button. Stripe billing records are exempt from deletion for 7 years per legal requirement.
6. Cookies
We use strictly necessary cookies for authentication (Supabase session). We use PostHog with anonymized analytics — no personal identifiers are stored, and no cookie consent banner is required under CNIL guidance for anonymized measurement. No advertising cookies are set.