Privacy Policy

The data controller is Horizon International LLC, 1209 Mountain Road Place NE, Suite N, Albuquerque, NM 87110, USA ("Maplo", "we", "us").

For privacy questions, exercising your rights, or any complaint: contact privacy@trymaplo.com.

Account data

Email, first name, password hash (when not using OAuth), avatar URL, preferred language, account creation timestamp.

Usage data

Searches you launch, leads you save, pipeline state, conversations you have inside Maplo, outreach messages you generate.

Billing data

Subscription tier, payment status and invoice references. We never store your card details — payments are processed by Whop (PCI-DSS compliant).

Technical data

IP address, browser user-agent, timestamps of authentication events. Used only for security audit and abuse prevention.

Business data scraped from Google Maps

Maplo retrieves publicly available business listings (name, address, phone, website, rating) on your behalf. This data is about businesses, not natural persons, and is sourced from publicly indexed pages.

• Contract performance — to provide the Maplo service you subscribed to.
• Legitimate interest — to keep the platform secure, prevent fraud, improve features, and deliver retention emails (weekly report, reply alerts, monthly pulse) which you can opt out of any time.
• Legal obligation — to keep tax records and respond to lawful information requests.
• Consent — for any analytics that go beyond what's strictly necessary (you control this via the cookie banner).

We share data only with sub-processors we've audited and bound by a Data Processing Agreement:

• Supabase (Ireland, EU) — database, authentication.
• Vercel (US, w/ EU regions) — application hosting and edge delivery.
• Whop (US) — subscription billing and merchant of record for global VAT/sales-tax.
• Resend (US) — transactional email delivery.
• Anthropic (US) — large language model for outreach copy generation. Inputs are not used to train models.
• Mapbox (US) — map tiles inside the Lead Finder.
• Plausible (DE, EU) — privacy-friendly product analytics (no cookies, no cross-site tracking).

We do not sell personal data and we do not use it for cross-context behavioral advertising.

When data is transferred outside the EEA, we rely on the EU Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. A copy of the SCCs we use is available on request.

• Account data: while your account is active, plus 12 months after closure for legal claims.
• Billing records: 10 years (US/EU tax compliance).
• Authentication audit logs: 12 months.
• Email engagement events: 24 months.
• Cached business leads: rolling 90 days, refreshed continuously.

Under GDPR / CCPA you can:

• Access — request a copy of all personal data we hold about you.
• Rectify — correct inaccurate data.
• Erase — close your account and request deletion.
• Restrict / object — stop certain processing (e.g. retention emails).
• Portability — receive your data in a machine-readable format.
• Withdraw consent — at any time, without affecting prior lawful processing.
• Complain — lodge a complaint with your local data protection authority.

To exercise any right, email privacy@trymaplo.com. We respond within 30 days.

We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access to production systems is limited to authorized engineers, gated by SSO + 2FA + audit logs. We run quarterly access reviews and a quarterly security checklist. Incident notification: within 72 hours of becoming aware, in line with Art. 33 GDPR.

Maplo is a B2B product and not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have done so, contact us and we will delete it.

We update this page when our practices change. We'll email account-holders ahead of any material change. The "last updated" date at the top reflects the most recent revision.