Privacy Policy

OctopusMap (“we”, “our”, or “us”) operates the OctopusMap platform — a project intelligence and management tool. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. By using OctopusMap, you agree to the practices described in this policy.

1. Information We Collect

Account information: When you create an account, we collect your name, email address, and password (stored in hashed form).

Organization data: Projects, tasks, timelines, documents, budgets, and other content you create within the platform.

Usage data: Pages visited, features used, actions taken, timestamps, and browser/device information to help us improve the product.

Communications: If you contact us for support or feedback, we retain that correspondence.

Cookies & local storage: We use essential cookies for authentication sessions and optional analytics cookies to understand usage patterns.

2. How We Use Your Information

• To provide, maintain, and improve the OctopusMap platform
• To authenticate your identity and manage your account
• To send transactional emails (password reset, invitations, notifications)
• To generate aggregate, anonymised analytics about platform usage
• To respond to support requests and legal inquiries
• To detect and prevent fraud, abuse, or security incidents

We do not sell your personal data to third parties. We do not use your project content to train AI models.

3. AI Features

OctopusMap includes AI-powered features such as AI Chat and document analysis. When you use these features, relevant content is sent to a third-party AI provider (currently OpenAI) to generate responses. This content is processed in accordance with OpenAI’s API data usage policies. We do not permit OpenAI to use your data to train their models under our API agreement.

4. Data Storage & Security

Your data is stored in Supabase (PostgreSQL), hosted on infrastructure in the European Union and/or United States, depending on your organization’s configuration. We implement industry-standard security measures including TLS encryption in transit, encryption at rest, access controls, and regular security reviews.

No method of transmission over the internet or electronic storage is 100% secure. We take all reasonable steps to protect your data but cannot guarantee absolute security.

5. Data Sharing

We share data only in the following limited circumstances:

• Service providers: We use third-party services (Supabase for database/auth, OpenAI for AI features, email delivery providers) who process data on our behalf under contractual data processing agreements.
• Your organisation members: Data you add to a shared project is visible to other members of that organisation as intended by the platform’s collaboration features.
• Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of OctopusMap or its users.
• Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your personal data (“right to be forgotten”)
• Restrict or object to certain types of processing
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@octopusmap.com. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to maintain your authenticated session. We may also use analytics cookies (e.g. aggregate page-view data). You can disable non-essential cookies in your browser settings; this will not affect core platform functionality.

9. Children’s Privacy

OctopusMap is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

10. International Transfers

If you are located in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed in countries outside the EEA (including the United States) by our service providers. When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Continued use of OctopusMap after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:
privacy@octopusmap.com