Tagmaps Privacy Policy

Effective date: April 24, 2026 Last updated: May 20, 2026

This Privacy Policy explains how Tagmaps, LLC ("Tagmaps," "we," "us," or "our") collects, uses, shares, and protects Personal Information when you visit tagmaps.io (our "Website") or use our cloud-based website-scanning service and related features (the "Service").

Tagmaps is a business-to-business service. The Service is intended solely for use by organizations and by individuals acting on behalf of an organization. The Service is not directed to, and we do not knowingly collect Personal Information from, anyone under the age of 18.

This Privacy Policy applies when Tagmaps is the controller of Personal Information — for example, when we collect information from visitors to our Website, when individuals create and use accounts on the Service, and when we communicate with prospective and existing customers. When Tagmaps processes Personal Information on behalf of a customer (for example, Personal Information contained in Customer Data submitted through the Service), we act as a processor and our handling of that information is governed by our Terms of Service and, where applicable, the Data Processing Agreement between Tagmaps and the customer. See Section 13 below.

Capitalized terms used but not defined in this Privacy Policy have the meanings given in our Terms of Service at tagmaps.io/terms.

1. Who we are and how to contact us

Controller and contact:

Tagmaps, LLC

c/o New York Registered Agent LLC

418 Broadway, Ste. Y

Albany, NY 12207

United States

Email: privacy@tagmaps.io

For all privacy-related questions, requests, or complaints, please email privacy@tagmaps.io. We respond to verifiable requests within the time periods required by applicable law.

EU / UK residents. Tagmaps is established in the United States and does not currently maintain an establishment in the European Economic Area ("EEA") or the United Kingdom. As of the effective date, Tagmaps has not appointed a representative under Article 27 of the EU General Data Protection Regulation or Article 27 of the UK GDPR. If you are located in the EEA or the UK, you may contact us directly at privacy@tagmaps.io, and you retain the right to lodge a complaint with your local supervisory authority (see Section 11.1).

2. Scope of this Privacy Policy

This Privacy Policy covers:

  • Visitors to the Website (including individuals who submit forms, subscribe to updates, or otherwise interact with our marketing pages);
  • Individuals who create an account on the Service, individuals who are invited as Authorized Users on a customer account, and other individuals who interact with the Service while we act as controller;
  • Individuals who communicate with us (for example, prospects, customers, and candidates for employment); and
  • Individuals whose Personal Information we receive from our service providers and business partners in connection with the activities above.

This Privacy Policy does not cover:

  • Customer Data submitted to the Service by our customers for processing through a Scan. When a customer uploads, inputs, or otherwise makes Personal Information available to the Service, Tagmaps acts as a processor (or service provider under applicable US state law), and the customer is the controller (or business). Our handling of Customer Data is governed by the customer's Terms of Service and, where applicable, our Data Processing Agreement, which is available from legal@tagmaps.io.
  • Third-party websites and services. The Website and Service may contain links to third-party sites or integrate with third-party services that we do not operate. This Privacy Policy does not apply to those sites or services. We encourage you to review the privacy policies of any third party before providing your Personal Information to it.

3. Personal Information we collect

We collect Personal Information in three ways: (a) information you provide to us directly; (b) information collected automatically when you use the Website or the Service; and (c) information we receive from third parties.

3.1 Information you provide

Account and profile information. When you create an account on the Service (including a free trial account) or are added as an Authorized User, we collect your name, work email address, work title (if provided), the organization you are associated with, and a password or other authentication credential. If you authenticate with a single sign-on provider (for example, "Sign in with Google"), we receive the information that provider makes available to us based on the scopes you authorize (typically your name, email address, profile image, and a provider-issued identifier). Waitlist, demo, and marketing inquiries. When you submit a form on the Website — for example, to join a waitlist, request a demo, or ask a sales question — we collect the information you enter, which typically includes your name, work email, organization name, role, and any additional information you choose to share in the message field. Communications. When you contact us (for example, at support@tagmaps.io or privacy@tagmaps.io), we collect the content of your communication and any information you choose to include, along with associated metadata such as your email address and the date and time of the message. Billing information. When your organization pays for a subscription to the Service, our payment processor (Stripe) collects the payment details (for example, payment card number and billing address). Tagmaps does not receive or store full payment card numbers. We receive limited billing information from Stripe — such as the name on the card, the last four digits, card brand, expiration date, billing country and postal code, and invoice and transaction records — which we use to provision and administer your account, generate invoices, and comply with tax and accounting obligations. Other information you choose to submit. You may provide additional information when you participate in surveys, respond to customer research, apply for a job, or otherwise interact with us.

3.2 Information collected automatically

When you visit the Website or use the Service, certain information is collected automatically through cookies, server logs, and similar technologies. This includes:

  • Device and connection data: IP address, browser type and version, operating system, device type, screen size, referring URL, language preference, and time-zone setting.
  • Usage data: Pages or screens you view, the sequence and duration of those views, features you interact with, Scans you configure or run, timestamps, and error logs.
  • Cookies and similar identifiers: Persistent and session identifiers set by us or by our service providers, as described in Section 5.

On the Website, we use server-side logs, first-party cookies, the Customer.io tracking tag, and PostHog (a product-analytics library) to collect this information; the Customer.io tag and PostHog load only after you have consented to the relevant cookie category, as described in Section 5. We do not use session-replay tools, advertising pixels, cross-context behavioral advertising tags, or third-party product-analytics SDKs in the Service.

3.3 Information from third parties

Payment processor. Stripe provides us with limited billing and transaction information as described in Section 3.1. Single sign-on providers. If you authenticate using Google or another SSO provider, that provider shares the profile information described in Section 3.1 based on the scopes you authorize. Business partners and public sources. We may receive limited business-contact information from data providers, partners, or publicly available sources — for example, to verify a corporate email domain or to enrich a prospect record in our CRM (Attio) with basic firmographic data (such as company size and industry). This information is limited to business-context data; we do not enrich with sensitive personal information. Customer administrators. If your organization is a Tagmaps customer and an administrator invites or provisions your account, we receive from the administrator the information needed to create and manage your Authorized User account (such as your name, work email, and role on the account).

4. How we use Personal Information

We use Personal Information for the following purposes, and for each purpose we rely on one or more of the GDPR legal bases described in Section 4.1.

  • To provide and operate the Website and the Service — including creating and authenticating accounts, delivering Scans, generating reports, providing customer support, sending service-related notifications (such as password resets, trial expiry alerts, Scan-complete messages, and billing receipts), and maintaining the security, integrity, and availability of our systems.
  • To administer billing and payment — including generating invoices, processing payments through Stripe, issuing refunds or credits where required, preventing fraudulent transactions, and meeting tax and accounting obligations.
  • To communicate with prospects and customers — including responding to inquiries submitted through Website forms, scheduling demos, following up on trials, providing product updates, sending marketing communications (consistent with the opt-out mechanisms in Section 4.2), and gathering customer feedback.
  • To operate, analyze, and improve the Website and the Service — including measuring usage and engagement, understanding which features are used, diagnosing errors, conducting research and analytics, training and tuning non-generative machine-learning models on de-identified data (consistent with our Terms of Service), and planning future product development.
  • To prevent and respond to abuse, fraud, security incidents, and violations of our Terms of Service — including investigating suspicious activity, blocking unauthorized access, enforcing usage limits, and cooperating with law enforcement where required.
  • To comply with legal obligations, establish, exercise, or defend legal claims, and enforce agreements — including responding to subpoenas, court orders, regulatory requests, and similar legal process; responding to privacy rights requests; and protecting our rights, property, safety, and the rights of others.
  • To evaluate and carry out business transactions — including in connection with a financing round, audit, reorganization, merger, acquisition, or sale of assets (subject to Section 6.3).

4.1 Legal bases (EU / UK residents)

If you are located in the EEA or the UK, we rely on the following legal bases under the GDPR and the UK GDPR:

  • Contract (Article 6(1)(b)) — to create and administer your account, provide the Service, respond to service-related requests, process billing, and deliver the functionality contemplated by our Terms of Service.
  • Legitimate interests (Article 6(1)(f)) — to operate, secure, and improve the Website and Service; to prevent and investigate abuse, fraud, and security incidents; to communicate with business contacts about topics relevant to their professional role; to conduct direct marketing by email to business contacts where permitted; to enforce our agreements; to establish, exercise, and defend legal claims; and to evaluate and carry out corporate transactions. Our legitimate interests are balanced against your rights and interests, and you have the right to object as described in Section 11.1.
  • Consent (Article 6(1)(a)) — to set non-essential cookies on the Website (see Section 5.2), to send direct marketing communications where consent is required, and for any other processing that requires consent under applicable law. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
  • Legal obligation (Article 6(1)(c)) — to comply with tax, accounting, financial reporting, anti-fraud, export-control, and other legal and regulatory obligations that apply to us.

4.2 Marketing communications

We may send marketing emails to business contacts (for example, prospects who submit a Website form or customers) about Tagmaps products, features, events, research, and related topics. We send these messages based on your opt-in where required, and otherwise based on our legitimate interest in communicating with business contacts about professionally relevant topics. You can unsubscribe at any time using the link in any marketing email or by emailing privacy@tagmaps.io. Transactional and service-related messages (for example, billing receipts, Scan-complete notifications, security alerts, and administrative messages) are not subject to the marketing opt-out and will continue for as long as you have an active relationship with us.

4.3 AI and machine learning

We may use de-identified or aggregated information derived from your use of the Service to train, evaluate, and improve our own machine-learning models, including models that classify cookies and tracking technologies detected during Scans. We do not use Customer-specific data, and we do not use the content of Customer Data, to train generative artificial intelligence models or large language models on a per-customer basis. Our AI-related practices are described in more detail in our Terms of Service.

5. Cookies and similar technologies

Cookies are small text files that a website or a service provider places on your device. We use cookies and similar technologies on the Website and in the Service for the purposes described in this Section 5.

5.1 Categories of cookies we use

  • Strictly necessary cookies — required for the Website and Service to function. Examples include session cookies, authentication tokens (including those issued through Amazon Cognito), cross-site-request-forgery tokens, and load-balancing cookies. These cookies cannot be disabled through our consent banner.
  • Functional / preference cookies — remember your preferences, such as language and display settings.
  • Analytics / performance cookies — help us understand how visitors use the Website so we can improve it. On the Website, this category includes the Customer.io tracking tag, which identifies visitors and records page views and events to help us measure engagement and operate lifecycle communications, and PostHog, which measures website traffic and product usage. We have configured PostHog without session-replay or heatmap capture. We do not run analytics or performance cookies inside the Service.

We do not use advertising, retargeting, or cross-context behavioral advertising cookies or pixels (for example, Meta Pixel, Google Ads tags, LinkedIn Insight Tag, or TikTok Pixel) on the Website or in the Service. We do not use session-replay or heatmap tools.

5.2 Cookie consent (EEA / UK visitors)

When you visit the Website from an IP address that we detect as located in the EEA or the UK, we display a consent banner. Strictly necessary cookies load by default; non-essential cookies — including the Customer.io tracking tag (Marketing) and PostHog (Analytics) — load only after you affirmatively accept the relevant category. You can change your preferences at any time by accessing the cookie-preferences link in the Website footer.

5.3 Global Privacy Control and "Do Not Track"

We honor the Global Privacy Control ("GPC") browser signal as an opt-out of the "sale" or "sharing" of Personal Information where applicable US state law treats GPC as a valid opt-out. Because we do not engage in cross-context behavioral advertising and do not "sell" or "share" Personal Information as those terms are defined under California law (see Section 12), honoring a GPC signal has no additional effect on most of our processing. We do not currently respond to "Do Not Track" signals, which are not standardized.

6. How we share Personal Information

We share Personal Information only as described below. We do not sell Personal Information, and we do not share Personal Information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act of 2018, as amended ("CCPA").

6.1 Service providers and subprocessors

We share Personal Information with third-party service providers that perform services on our behalf and that are contractually bound to use Personal Information only to provide those services. The following table describes the categories and primary vendors we use as of the effective date of this Privacy Policy.

| Vendor | Purpose | Primary location |

|---|---|---|

| Amazon Web Services, Inc. ("AWS") | Cloud hosting and storage; identity and authentication (Amazon Cognito); transactional email delivery (Amazon SES) | United States |

| Stripe, Inc. | Payment processing and billing | United States |

| Peaberry Software, Inc. ("Customer.io") | Website visitor identification and marketing / lifecycle email | United States |

| PostHog, Inc. | Website analytics (traffic and product-usage measurement) | European Union |

| Attio, Inc. | Customer relationship management (sales and customer pipeline) | United Kingdom and United States |

| Google LLC (Google Workspace) | Business email infrastructure (for example, support@tagmaps.io) | United States |

We may update this list from time to time as our subprocessor relationships change. Customers may request our current subprocessor list by emailing legal@tagmaps.io.

6.2 Legal and safety disclosures

We may disclose Personal Information if we in good faith believe the disclosure is required or permitted by law — for example, to respond to a subpoena, court order, warrant, or other valid legal process; to cooperate with a regulatory investigation; to enforce our Terms of Service; to investigate or prevent fraud, security incidents, or violations of law; to protect the rights, property, or safety of Tagmaps, our customers, our users, or the public; or to meet any other applicable legal or regulatory obligation.

6.3 Business transactions

If we are involved in a financing, merger, acquisition, reorganization, asset sale, insolvency, bankruptcy, or similar transaction, Personal Information may be disclosed to and transferred to the relevant counterparty, advisors, and successors-in-interest, subject to confidentiality obligations and the continued application of privacy protections substantially equivalent to those in this Privacy Policy.

6.4 With your direction or consent

We may share Personal Information with third parties when you direct us to do so or otherwise consent to the disclosure — for example, when a customer administrator invites another person to join the customer's account on the Service.

6.5 Aggregated and de-identified information

We may create, use, and share aggregated or de-identified information that does not identify any individual or organization. We maintain and use such information only in de-identified form and do not attempt to re-identify it, except as permitted by applicable law.

7. International data transfers

Tagmaps is based in the United States, and our primary infrastructure and the majority of our service providers are located in the United States. When we receive Personal Information from individuals located outside the United States — including in the EEA, the UK, or Switzerland — that information is transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

For transfers of Personal Information from the EEA, the UK, or Switzerland to jurisdictions that the European Commission, the UK Information Commissioner's Office, or the Swiss Federal Data Protection and Information Commissioner have not recognized as providing an adequate level of protection, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses adopted by the European Commission (and, for the UK, the International Data Transfer Addendum issued by the Information Commissioner's Office) entered into with our service providers and customers as applicable;
  • EU-US Data Privacy Framework, UK Extension, and Swiss-US Data Privacy Framework, where a recipient of Personal Information (such as AWS or Google) has self-certified under that framework; and
  • Supplementary measures, such as encryption in transit and at rest, access controls, and contractual commitments by our service providers.

You may request a copy of the relevant Standard Contractual Clauses or information about the safeguards we use by emailing privacy@tagmaps.io.

8. How long we keep Personal Information

We keep Personal Information for as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The following retention periods apply to the main categories of Personal Information we hold as controller.

  • Active account data. While your account on the Service is active, we retain your account profile information and associated data for as long as you are an Authorized User.
  • Post-termination data. After an organization's subscription to the Service terminates or expires, we retain account and associated Customer Data for a 60-day export window as described in our Terms of Service. We then delete or de-identify Customer Data and associated account data from production systems within 30 days after the export window closes. Residual copies may persist in standard, rolling backups for up to 90 days before being overwritten, during which time we do not restore the data for any purpose other than disaster recovery.
  • Waitlist, prospect, and marketing contacts. We retain waitlist and prospect contact records for up to 24 months from the most recent engagement, and for as long as you remain subscribed to marketing communications. If you unsubscribe, we retain a suppression record for as long as necessary to honor your opt-out.
  • Support communications. We retain correspondence received at support@, privacy@, legal@, and abuse@ addresses for up to 24 months after the most recent communication, or longer if necessary to resolve an open issue or legal claim.
  • Billing, tax, and accounting records. We retain billing, tax, and accounting records for the period required by applicable law (typically seven years in the United States).
  • Security logs. We retain security and audit logs for up to 24 months.
  • Legal and compliance records. We retain records relating to legal or regulatory claims, disputes, or investigations for as long as needed to manage the matter and for any applicable statute of limitations.

Where shorter or longer retention periods are required by law, or where the information is retained only in de-identified or aggregated form, the above periods may be adjusted accordingly.

9. Security

We implement and maintain commercially reasonable, industry-standard administrative, physical, and technical safeguards designed to protect Personal Information against unauthorized access, use, alteration, disclosure, destruction, or loss. These safeguards include encryption of data in transit (TLS) and at rest, access controls and least-privilege permissions, authentication requirements for administrators, logging and monitoring, segregation of production environments, and regular security review.

Tagmaps does not currently hold a SOC 2 or ISO 27001 certification. We describe our current security practices, including any in-progress certifications, in our security documentation available on request at legal@tagmaps.io.

No method of transmission or storage is 100% secure. We cannot guarantee the absolute security of Personal Information. You are responsible for safeguarding your account credentials and for notifying us promptly at legal@tagmaps.io if you suspect that your account has been compromised.

10. Children

The Service is not directed to, intended for, or designed for individuals under the age of 18, and we do not knowingly collect Personal Information from anyone under 18. If we learn that we have collected Personal Information from an individual under 18, we will delete that information as soon as practicable. If you believe we may have collected Personal Information from a minor, please contact us at privacy@tagmaps.io.

11. Your privacy rights

11.1 EEA, UK, and Swiss residents

If you are located in the EEA, the UK, or Switzerland, you have the following rights under the GDPR and the UK GDPR, subject to the exceptions and conditions set out in those laws:

  • Right of access — to obtain confirmation of whether we process your Personal Information and, if so, a copy of that information and related information about our processing.
  • Right to rectification — to correct inaccurate Personal Information and complete incomplete Personal Information.
  • Right to erasure ("right to be forgotten") — to request deletion of your Personal Information in specified circumstances.
  • Right to restrict processing — to request restriction of processing in specified circumstances.
  • Right to data portability — to receive Personal Information you provided to us in a structured, commonly used, and machine-readable format, and to transmit that information to another controller.
  • Right to object — to object to processing based on our legitimate interests or for direct marketing.
  • Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right not to be subject to solely automated decision-making producing legal or similarly significant effects. We do not make such decisions about individuals using the Service.
  • Right to lodge a complaint with a supervisory authority in the member state of your habitual residence, place of work, or place of the alleged infringement, or with the UK Information Commissioner's Office (in the UK) or the Federal Data Protection and Information Commissioner (in Switzerland).

To exercise these rights, email privacy@tagmaps.io. We may need to verify your identity before fulfilling a request. We respond to verifiable requests within the time periods required by the GDPR (generally one month, extendable by up to two additional months for complex requests, with notice to you).

11.2 United States residents

Depending on the US state where you reside, you may have some or all of the following rights under applicable state privacy law, including the California Consumer Privacy Act of 2018, as amended ("CCPA"), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, the Oregon Consumer Privacy Act, the Montana Consumer Data Privacy Act, the Iowa Consumer Data Protection Act, the Delaware Personal Data Privacy Act, the Florida Digital Bill of Rights, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, the Tennessee Information Protection Act, the Indiana Consumer Data Protection Act, the Minnesota Consumer Data Privacy Act, the Maryland Online Data Privacy Act, the Rhode Island Data Transparency and Privacy Protection Act, and other comparable state laws as they take effect:

  • Right to know / right to access — to request confirmation of whether we process your Personal Information and a copy of the Personal Information we have collected, the sources of that information, our business purposes for collecting or disclosing it, and the categories of third parties to whom we have disclosed it.
  • Right to delete — to request deletion of Personal Information we have collected from you, subject to applicable exceptions.
  • Right to correct — to request correction of inaccurate Personal Information.
  • Right to data portability — to receive Personal Information in a readily usable format.
  • Right to opt out of the sale of Personal Information, the sharing of Personal Information for cross-context behavioral advertising, and targeted advertising — as noted in Section 12, we do not "sell" or "share" Personal Information or engage in targeted advertising as those terms are defined under applicable state laws.
  • Right to opt out of certain profiling — to opt out of profiling in furtherance of solely automated decisions producing legal or similarly significant effects. We do not engage in such profiling.
  • Right to limit use and disclosure of Sensitive Personal Information — we do not collect Sensitive Personal Information (as that term is defined under the CCPA) for the purpose of inferring characteristics, and we use Sensitive Personal Information only as permitted under applicable state law.
  • Right to non-discrimination — we will not deny goods or services, charge different prices, or provide a different level or quality of goods or services because you exercised a privacy right.
  • Right to appeal a denied request — where required by state law, if we deny your request in whole or in part, you may appeal our decision by replying to our denial notice or emailing privacy@tagmaps.io with the subject line "Privacy Appeal."
How to exercise your rights. Email privacy@tagmaps.io. To protect your information, we will take reasonable steps to verify your identity before fulfilling your request — for example, by matching information you provide in the request against information we hold in your account or records. We may ask for additional information if we are unable to verify you with reasonable certainty. If we cannot verify you, we will let you know and, where available, will treat the request as an opt-out request or another request that does not require verification. Authorized agents. You may designate an authorized agent to submit a request on your behalf by providing the agent with written, signed authorization (or a power of attorney) and verifying your own identity directly with us. California "Shine the Light." California residents may request information about the categories of Personal Information we shared with third parties for their direct marketing purposes in the preceding calendar year. We do not share Personal Information with third parties for their own direct marketing purposes. Response timing. We respond to verifiable requests within the time required by the applicable state law (generally 45 days under the CCPA, with one 45-day extension available for complex requests).

11.3 Other residents

If you reside outside the EEA, the UK, Switzerland, or the United States and have rights under your local law that are not specifically enumerated above, you may still exercise those rights by emailing privacy@tagmaps.io, and we will respond as required by applicable law.

12. Categories of Personal Information — CCPA disclosures

This Section 12 provides the additional disclosures required under the CCPA and, where applicable, other US state privacy laws.

Categories of Personal Information we collect. Within the preceding 12 months, we have collected the following categories of Personal Information (as categorized under California Civil Code § 1798.140):
  • Identifiers — name, email address, postal address (billing), telephone number (if provided), IP address, unique account identifiers, and online identifiers (such as cookie IDs).
  • Customer records (§ 1798.80(e)) — billing information, including the name on the card and limited card metadata received from Stripe.
  • Commercial information — records of products or services purchased, transaction history, and subscription metadata.
  • Internet or other electronic network activity — browsing and usage information about your interactions with the Website and the Service, including pages viewed, features used, and Scans configured or run.
  • Geolocation data — approximate geolocation derived from IP address (country, region, and city level). We do not collect precise geolocation.
  • Professional or employment-related information — job title, organization, and role (when you provide these).
  • Inferences — limited inferences drawn from the above, such as the type of business you represent and your likely professional interests, used to personalize communications.
Sources. We collect these categories from you directly, from your interaction with the Website and the Service, from your organization's administrators, from our payment processor, from authentication providers, and from business partners and data providers as described in Section 3.3. Purposes. We use these categories for the purposes described in Section 4, including operating the Website and Service, billing, communicating with customers and prospects, improving the Service, preventing fraud and abuse, and complying with legal obligations. Categories of third parties with whom we disclose Personal Information for a business purpose. Service providers described in Section 6.1, including our cloud infrastructure provider, payment processor, CRM, marketing email and analytics provider, and business email provider; professional advisors (legal, accounting, tax); and law-enforcement or government authorities where legally required or permitted. Sale and sharing. We do not sell Personal Information for monetary or other valuable consideration, and we do not share Personal Information for cross-context behavioral advertising, as those terms are defined under the CCPA. We have not engaged in such sale or sharing within the preceding 12 months, and we have no actual knowledge that we sell or share the Personal Information of consumers under the age of 16. Sensitive Personal Information. We do not collect or process Sensitive Personal Information (as defined under the CCPA) for the purpose of inferring characteristics about a consumer, and we do not use or disclose Sensitive Personal Information for purposes that require providing the right to limit. Retention. We retain each category of Personal Information as described in Section 8.

13. Customer Data and our role as a processor

When a customer submits Customer Data to the Service — for example, when the customer configures a Scan of a website, uploads URLs, or otherwise provides information through the Service — Tagmaps processes that Customer Data on behalf of the customer. The customer is the controller of Personal Information contained in Customer Data, and Tagmaps acts as a processor (and, under applicable US state law, as a service provider or processor).

Our processing of Customer Data is governed by the customer's Terms of Service and, where applicable, our Data Processing Agreement, which is available on request from legal@tagmaps.io. The Data Processing Agreement sets out our obligations with respect to Customer Data, including confidentiality, security, subprocessor management, international transfer mechanisms, assistance with data-subject requests, breach notification, and return or deletion of Customer Data on termination.

If you are an end user of a Tagmaps customer and wish to exercise rights with respect to Personal Information contained in Customer Data, please contact that customer (the controller) directly. We will cooperate with the customer as required under the Data Processing Agreement.

14. Automated decision-making

We do not make decisions about individuals using solely automated means that produce legal effects or similarly significant effects on those individuals. The Service produces automated output about websites — not about people — and any compliance or business decisions that a customer makes based on that output are made by the customer, not by Tagmaps.

15. Third-party websites and services

The Website and the Service may contain links to, or otherwise interact with, third-party websites, services, and content that we do not control. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party site or service before providing Personal Information to it.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version at tagmaps.io/privacy and update the "Last updated" date at the top of this page. Changes take effect when posted. We encourage you to review this page periodically to stay informed about how we handle Personal Information. Your continued use of the Website or the Service after a change takes effect constitutes your acknowledgment of the change to the extent permitted by applicable law.

17. Contact us

If you have questions, concerns, or requests relating to this Privacy Policy or our handling of Personal Information:

Tagmaps, LLC

c/o New York Registered Agent LLC

418 Broadway, Ste. Y

Albany, NY 12207

United States

privacy@tagmaps.io