Data protection

1. Roles

In most cases, Maplan acts as a processor for customer workspace data, while the customer acts as the controller. Customers decide what personal data they collect, why they collect it, and how they use public and private boards.

2. Individual rights

Maplan is intended to support common data subject rights under the GDPR and UK GDPR, including access, correction, deletion, and export requests where appropriate.

• • Locate and update relevant records
• • Delete or anonymise personal data where required
• • Export data in a portable format where appropriate

3. Data residency and transfers

Maplan is designed for UK and EU teams and aims to keep core application data in Europe. If any provider or workflow involves restricted transfers, appropriate safeguards should be assessed and documented.

4. Security measures

Technical and organisational controls may include encryption in transit, access controls, audit logging, infrastructure monitoring, rate limiting, and incident response procedures.

5. Data processing agreements

Customers may request a data processing agreement where needed. That agreement should cover processing scope, security commitments, sub-processors, and transfer safeguards where relevant.

6. Contact

Questions about privacy, data handling, or data protection documentation can be sent to [email protected].