Last updated: March 31, 2026
This page summarizes what MapLocal currently collects, stores, and uses based on the app and backend implementation.
We collect information you submit directly, such as usernames, place edits, posts, reports, history drafts, and business/sponsor forms. When you use location-based features, the app may use coordinates you provide or share from your device.
For sign-in and abuse prevention, we also process session cookies, WebAuthn/passkey credential data, request metadata (for example IP and user-agent), and Turnstile tokens when enabled.
We store account, content, moderation, and operational records needed to run the service (for example posts/media metadata, place and history changes, reports, audit and analytics events, and notification records).
Recovery emails and business onboarding contact emails are stored as HMAC/hashed values rather than plaintext. Magic-link tokens are stored only as token hashes. Session state and rate-limit counters are kept in Redis with expiration.
Some app state is stored in your browser local storage (for example saved places and QR draft form state).
We use collected information to authenticate users, deliver map and nearby-place features, process contributions, support moderation, prevent abuse, and operate product analytics and quality workflows.
We use third-party services where configured, including storage providers (for media) and Cloudflare Turnstile for bot protection.
© 2026 MapLocal. Built with and for local communities.