Skip to main content
Map Garden (beta)

Privacy Policy

Last updated: April 21, 2026

Summary

  • We store the minimum needed to run Map Garden: an account identifier (we store an HMAC of your email, not the plaintext email), authentication/session tokens, and the pins you create.
  • Pins are public. If you add a pin, its contents (including location coordinates) can be viewed by others.
  • We use these third parties: Render.com (hosting), Resend (transactional email), MapTiler (map tiles), and Stadia Maps (place search on the map).

Information we collect

Account information

  • Email (for login): we use your email address to send login links and account emails. We do not store your plaintext email address in the database; we store a cryptographic HMAC identifier derived from it.
  • Account metadata: confirmation timestamps and basic administrative flags (for example, whether an account is confirmed or muted).

Authentication and security data

  • Session tokens: stored so we can expire sessions and keep your account secure.
  • Magic-link / email-change tokens: tokens are stored in hashed form when delivered by email.

Public content you create

  • Pins: title, description, icon URL (if provided), type, and optional schedule/time fields.
  • Location: latitude and longitude associated with pins.

Technical data

Like most websites, our servers may receive and log basic request data (such as IP address, user agent, and timestamps) for security, debugging, and reliability.

How we use information

  • Provide and operate Map Garden, including creating and displaying pins.
  • Authenticate you and keep your account secure.
  • Send transactional emails (for example, login links and email-change confirmations).
  • Prevent abuse and troubleshoot issues.

How we share information

We do not sell your personal information. We share information only as needed to run the service:

Render.com (hosting)

Map Garden is hosted on Render.com. Render processes web requests and stores application data on our behalf (for example, in the database and server storage).

Resend (email delivery)

We use Resend to send transactional emails. Resend receives the recipient email address and the email contents needed to deliver login and account-related messages.

MapTiler (map tiles)

We use MapTiler to render maps. Your browser requests map tiles directly from MapTiler, which means MapTiler may receive information such as your IP address and browser details as part of serving those requests.

Stadia Maps (place search)

The map includes a search box provided by Stadia Maps. When you search for a place, your browser sends that query to Stadia's servers to return results. Stadia may receive information such as your IP address, browser details, and the text you typed into search.

Cookies

Map Garden uses essential cookies and similar technologies required for core functionality (such as maintaining your session and protecting against request forgery). We do not use cookies for third-party advertising.

Data retention

  • We retain your account and pins until you delete your account.
  • Authentication tokens are retained only as long as needed for security and expiry.

Your choices

  • You can update your email address from your account settings.
  • You can delete your account from your account settings, which deletes your pins and authentication tokens.
  • Because pins are public, consider avoiding sensitive information in pin titles or descriptions.

Security

We use industry-standard security measures. For example, we store a cryptographic identifier for your email (rather than plaintext), and email-delivered tokens are stored in hashed form.

Email identifiers (HMAC)

We store a keyed hash ( HMAC ) of your normalized email instead of the plaintext address. This means that:

  • Reading the database alone does not expose your email as a normal readable column the way storing plaintext would.
  • The stored HMAC is not “decryptable” back to your email from those bytes alone. Recovering an email would require guessing addresses and checking for a match (impractical for arbitrary addresses).
  • Someone with full access to our production systems (including the database and the secret key used to derive email identifiers) could test whether a specific candidate email belongs to a given account, by computing the same HMAC and comparing it to what we store—the same kind of check we use when you sign in. They cannot simply export a list of plaintext emails from the database without trying candidate addresses.
  • Someone with a copy of the database but not the secret key cannot compute HMACs for candidate emails, so they generally cannot match a known email address to a stored account row from the backup alone.
  • Using the public site does not give people a way to look up your Map Garden account from an email address they know, or to derive your email from your public profile—the email identifier is not exposed for that purpose.

Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and update the “Last updated” date above.

Contact

Questions about privacy? Post in our GitHub Discussions Q&A category.