Legal
Privacy Policy
Last updated: June 2026
This Privacy Policy explains how New Map collects, uses, shares and protects personal data when you use our website, run an audit, or use our AI-visibility platform and services. We aim to handle data lawfully, fairly and transparently.
1. Who we are
New Map is the data controller for the personal data described here. New Map is the trading name of [legal entity name], registered in England & Wales [company number]. Contact us about privacy at privacy@thenewmap.ai.
2. What we collect
- Audit inputs — the website you submit and the email address you give to receive your report.
- Account data — name, work email, company, role, and login credentials (passwords are stored hashed; we never see them in plain text).
- Usage data — how you interact with the platform, and basic technical data such as IP and device/browser, used for security and to operate the Service.
- Communications — messages you send us and your responses to our outreach.
3. How we use it
To run your audit and produce your dashboard; to provide, secure and improve the Service; to contact you about your audit, account and (with the appropriate basis) relevant updates; to take payment on paid plans; and to meet legal obligations.
4. Legal bases (UK/EU GDPR)
We rely on: performance of a contract (to deliver the Service you request); legitimate interests (to run, secure and improve the Service and to do proportionate B2B outreach, balanced against your rights); consent where required (for example certain marketing); and legal obligation where applicable. You can withdraw consent at any time.
5. Who we share it with (sub-processors)
We use trusted providers to run the Service, each under contract and only for these purposes:
- Supabase — database, authentication and storage
- Vercel — hosting and serverless infrastructure
- Anthropic (Claude) — the AI models that generate audits and strategy
- Era and Otterly — AI-visibility measurement data
- Serper — web search used for research and grounding
- Resend — transactional and notification email
- Upstash — rate limiting and caching
- Calendly — booking calls, where you choose to
6. International transfers
Some providers are based outside the UK/EU (for example in the US). Where we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or an equivalent approved mechanism.
7. Retention
We keep personal data only as long as needed for the purposes above: audit and account data for as long as your account is active and a reasonable period afterwards, and longer where the law requires. You can ask us to delete your data (see your rights below).
8. Your rights
Subject to law, you can request access to, correction or deletion of your personal data; object to or restrict certain processing; withdraw consent; and request portability. Contact privacy@thenewmap.ai. You also have the right to complain to the UK Information Commissioner’s Office (ICO) or your local data-protection authority.
9. Cookies
We use only the cookies needed to run the Service, primarily a secure session cookie to keep you signed in. We do not use third-party advertising cookies.
10. Security
We use industry-standard measures including encryption in transit, hashed passwords, access controls and reputable infrastructure providers. No system is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a qualifying breach as required by law.
11. Children
The Service is for business use and is not directed to anyone under 18. We do not knowingly collect data from children.
12. Changes
We may update this policy; if a change is material we will give reasonable notice. The “last updated” date above shows the current version.
13. Contact
Privacy questions or requests: privacy@thenewmap.ai.