EF‑Map Privacy Policy

Last updated: 2025‑11‑19

Summary

EF‑Map aims to be privacy‑first. The majority of our telemetry is anonymous aggregate metrics only (see the Usage Stats page and the blog post about privacy‑first analytics). However, if you choose to link accounts or purchase a subscription we store minimal account metadata to operate authentication and billing features. This page explains what we collect, why, and how to request access or deletion.

Data we may store

• Wallet address: Your Ethereum wallet address (if you choose to sign-in / link a wallet). Used as an authentication key and to derive tribe membership where applicable.
• Discord account metadata: Discord identifier (user id) and optional display name if you link your Discord account via OAuth. Used only to show linked identity and ease login.
• Subscription & billing identifiers: Stripe customer identifier and subscription status metadata (we do NOT store full payment card details). These identifiers are used to manage access to paid features and quotas.
• Internal customer number: A small integer we assign to manage subscription records and support workflows. This is an internal reference only and not published publicly.
• Activity logs for subscription events: Webhook timestamps and minimal event metadata (created/updated/cancelled) used for troubleshooting and reconciliations.

Why we store this

Account and subscription metadata enable user sign‑in, persist your subscription entitlements and quotas, and allow us to manage customer support and billing reconciliation. Wallet/address linkage is used for authentication, tribe membership checks, and optional encrypted tribe workflows.

Third parties & processors

We use third parties for authentication and payments:

• Stripe — payment processing. We receive a Stripe customer id and subscription status. We never store raw card numbers or full payment method details on our servers; Stripe retains and processes payment credentials according to their policy.
• Discord — optional OAuth login. We receive a Discord user id and basic public profile metadata when you link Discord.

Storage & retention

We retain the minimal account & subscription metadata for the time necessary to provide the service and to meet legal/billing obligations. For billing records (invoices, subscription history) we retain data for up to 7 years to meet bookkeeping requirements. Aggregate anonymous metrics are retained and rolled up as described in our analytics documentation.

Security

We protect data in transit using TLS. Access to internal project data stores is limited to a small number of operators. We do not request or store raw payment card data; Stripe handles payment credentials. For tribe encryption workflows, we rely on user wallet signatures and keys; encrypted payloads are handled per-feature documentation.

Your rights

You may request access, correction, or deletion of the account metadata we store. To make a request, email [email protected] (or [email protected] / [email protected] if privacy@ is not available). Include your wallet address or the email used for support requests and we will follow up with verification steps. We aim to respond within 30 days for routine requests.

Overlay helper note

The desktop overlay helper processes almost all data locally and does not collect personal information by default. If you use the helper and also choose to link accounts or subscribe, the helper will, by your explicit opt‑in action, communicate the minimal routing or account identifiers required to ef‑map.com (for example, to authenticate or retrieve subscription status). See the overlay helper distribution privacy file for the helper‑side statement.

Analytics

Our analytics are privacy‑first and aggregate-only. They do not contain IP addresses, device IDs, or other personal identifiers. See the blog post Privacy‑First Analytics for full details of the event model.

Contact

Questions, data requests, or concerns: [email protected] (fallback: [email protected] or [email protected]).

EF‑Map is operated by the EF‑Map Project. This policy may be updated; the page date above reflects the latest change.