Privacy and data protection
A plain-language overview of what HumanMap collects, why we process it, who helps us run the service, and how you can exercise your rights.
Effective date
Last updated: 2026-06-18
Data roles
HumanMap is controller for account, billing, website, and support data, and processor for organizational data uploaded by customers.
Privacy contact
This page is intended to explain our data practices clearly. It is not a substitute for a signed data processing agreement or legal advice for your organization.
This Privacy Policy describes how HumanMap ("we", "us", or "our") collects, uses, stores, and protects personal data when you use our website at humanmap.fr and our organizational chart platform (the "Service"). HumanMap is based in Paris, France. We act as data controller for account, billing, website, support, and service-administration data. For organizational data that customers upload about their employees, teams, and charts, the customer is generally the data controller and HumanMap acts as a data processor under the customer's instructions.
When you create an account, we collect:
When you use the Service, you may upload or create:
We automatically collect certain technical information:
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
We use your personal data for the following purposes:
We share data with the following third-party providers, strictly for the purposes described. Each provider is bound by data processing agreements and maintains appropriate security certifications:
We may update this provider list when our infrastructure changes. We require providers to process data only for the services they provide to us and to apply appropriate safeguards.
We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes.
We may share your data only in these circumstances:
Our application infrastructure is hosted by Hetzner in Germany, our primary database is hosted by Supabase in the EU (Ireland), and PostHog analytics data is configured for EU processing. Some service providers, including Stripe, Cloudflare, Google, Meta, and email or support providers, may process data outside the European Economic Area (EEA), including the United States. When data is transferred outside the EEA, we rely on appropriate safeguards such as adequacy decisions, the EU-U.S. Data Privacy Framework where applicable, or the European Commission's Standard Contractual Clauses (SCCs).
We implement appropriate technical and organizational measures to protect your personal data, including:
While we take every reasonable precaution, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to [email protected].
We retain your data for the following periods:
You may request earlier deletion of your data at any time, subject to legal retention obligations.
Under the GDPR and applicable data protection laws, you have the following rights:
To exercise any of these rights, contact us at [email protected]. We will respond within one month and may ask for information needed to verify your identity. If you are unsatisfied with our response, you have the right to lodge a complaint with the French data protection authority (CNIL) or your local supervisory authority.
The Service is intended for users aged 18 and older. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a minor, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at [email protected].
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes, we will provide reasonable advance notice by email, in-product notice, or another appropriate method before the change takes effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us: