Privacy Policy.

How Mapdash handles personal data.

1. Introduction

This Privacy Policy describes how LMK Group AB (“we”, “us”, “Mapdash”) processes personal data in connection with our service Mapdash and our website.

Mapdash is a B2B service intended for businesses, not consumers.

• Company: LMK Group AB
• Org. no.: 559538-0725
• Address: Stenkullavägen 44, Stockholm 112 65, Sweden
• Privacy inquiries: info@mapdash.app

This policy supplements our Terms of Service and our Data Processing Agreement (DPA).

2. Roles Under GDPR

It is important to distinguish between two situations:

1. Customer data within Mapdash (leads, customers, addresses, markers, etc.)

• The customer (your company) is the data controller.
• LMK Group AB is the data processor.
• This is governed by our Data Processing Agreement (DPA).

2. LMK Group AB’s own personal data processing

We are the data controller for:

• contact details of people at customer organizations (e.g. sales managers, admins)
• billing and contract information
• support tickets and communications
• website visitors
• demo request submissions.

This Privacy Policy primarily concerns the second category — how we, as data controller, process personal data.

3. What Personal Data We Collect

3.1 Contact & Customer Information

When you or your company become a customer, submit a demo request, or contact us, we may process:

• name
• email address
• phone number
• company name, organization number
• billing address and payment information
• your role/title
• industry, team size, revenue range (for demo requests)
• any free-text information you provide (e.g. reason for demo).

3.2 Usage Data

When you use Mapdash we may collect technical and usage-related data, such as:

• login and usage history (e.g. account creation date, last login)
• feature usage logs (e.g. which modules are used most frequently)
• technical information such as browser, IP address, and device type.

We use this information to:

• ensure uptime and security
• troubleshoot issues
• improve features and user experience.

3.3 Website & Communication

If you visit our website or contact us via forms or email we may process:

• name and contact details
• the content of your message
• technical website data (e.g. IP address, browser, cookies if applicable).

3.4 Service-Generated Content (Location & Voice Notes)

When sales representatives use the Mapdash mobile app, the Service processes two additional categories of data on behalf of the customer organization:

Location data.Mapdash uses your device’s location only while the app is in use (“when-in-use” permission). Continuous location history is not stored. Location is used live on-device to display your position on the map. When a representative registers a knock or interaction, the marker is stamped with the coordinates of that event and stored against the customer organization’s account.

Voice notes. Representatives may record notes attached to markers. Audio is captured on the device and processed as follows:

• The full audio recording and full transcription are processed by our transcription sub-processor, AssemblyAI (EU endpoint, Dublin/Ireland).
• A condensed summary of the transcript is stored in Supabase, linked to the relevant marker.
• Recording may continue when the app is in the background or the device is locked (e.g. while the phone is pocketed during a conversation). The operating system’s privacy indicators (the iOS orange dot, Android microphone indicator) remain visible during recording.

Access within the customer organization.Markers, location stamps, and voice-note summaries are visible to other members of the same customer organization, in line with how the customer (as data controller) has configured its team. LMK Group AB acts as data processor for this content; retention and access controls within the organization are the customer’s responsibility under the DPA.

Retention.This content is retained for the duration of the customer’s subscription. Upon termination, the standard 90-day post-termination retention period applies (see Section 4 of the Terms of Service), after which it is permanently deleted from active systems.

4. Purposes of Processing

We process personal data to:

1. Deliver and administer the Mapdash service

• create and manage customer accounts
• provide access to the Service
• provide support and respond to inquiries.

2. Handle billing and contracts

• send invoices
• process payments and reminders
• administer the contractual relationship.

3. Operations, security, and improvement

• logging and troubleshooting
• preventing misuse and unauthorized access
• analyzing usage at an aggregate/anonymized level to improve the Service.

4. Sales and communication

• follow up on demo requests and sales inquiries
• send important information about the Service, updates, and changes
• send relevant information about new features (you can always ask us to stop sending marketing-related communications).

We do not use our customers’ end-customer data (leads, customers, etc.) for our own independent commercial purposes. That data belongs to the customer and is governed by the DPA.

5. Legal Basis

We process personal data based on:

• Contract — when processing is necessary to enter into or perform a contract with you or your organization, e.g. to deliver the Service.
• Consent — when you submit a demo request or sales inquiry via our website, the legal basis is your consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.
• Legal obligation — e.g. Swedish bookkeeping requirements (retention of invoicing records).
• Legitimate interest — e.g. to improve our Service, prevent misuse, or communicate relevant information to existing customers. Where we rely on legitimate interest we conduct a balancing test to ensure our interests do not override your rights and freedoms.

6. Retention Periods

We retain personal data for as long as necessary for the purposes for which it was collected:

• Customer and contract data: retained during the contract term and thereafter as required by law (e.g. at least 7 years under Swedish bookkeeping law).
• Demo request and sales inquiry data: retained for up to 24 months following the inquiry, unless you request earlier deletion or become a customer (in which case the data is retained under the contract basis).
• Support tickets and emails: retained during the contract term and for a reasonable period afterwards.
• Technical logs: typically retained for a limited period (e.g. months) for troubleshooting and security.

When data is no longer needed it is deleted or anonymized.

7. Recipients & Sub-processors

We may share personal data with:

• Our sub-processors and service providers, including:
  • hosting and database (Supabase)
  • mapping services (Mapbox)
  • voice transcription (AssemblyAI — EU endpoint, Dublin/Ireland)
  • payment processing (Stripe)
  • email delivery, logging, analytics, and operations.

These parties process personal data only according to our instructions and we ensure they comply with applicable data protection legislation.

We do not sell your personal data to third parties.

8. Transfers Outside the EU/EEA

We process personal data within the EU/EEA wherever possible. Our primary sub-processors operate or offer EU-region infrastructure: Supabase (EU region), Mapbox, and AssemblyAI (EU endpoint, Dublin/Ireland).

Where personal data is nonetheless transferred to a country outside the EU/EEA — for example, to certain support tools or as part of payment processing via Stripe — we ensure the transfer complies with the GDPR through one or more of the following safeguards:

• an adequacy decision by the European Commission;
• the EU-U.S. Data Privacy Framework, where the recipient is certified; or
• the European Commission’s Standard Contractual Clauses or other approved safeguards, supplemented by appropriate technical and organizational measures.

Additional information about specific transfers and safeguards is available on request at info@mapdash.app.

9. Your Rights

Where we are the data controller for your personal data, you have the right to:

• request access to your personal data
• request rectification of inaccurate data
• request erasure (“right to be forgotten”) in certain circumstances
• request restriction of processing
• object to processing based on legitimate interest
• request data portability (receive your data in a structured, commonly used, machine-readable format)
• withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

You can delete your Mapdash account directly in the app under Settings → Account → Delete Account, or by emailing info@mapdash.app.

To exercise your rights, contact us at: info@mapdash.app.

You also have the right to lodge a complaint with your national data protection authority. In Sweden this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on you as an individual.

10. Security

We implement appropriate technical and organizational security measures to protect personal data, including access controls, logging, encryption where relevant, backup procedures, and incident management. Despite these measures we cannot guarantee absolute security for all data communication or storage.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always published on our website.

For material changes we will inform you by email or in-app notification.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Company: LMK Group AB
• Org. no.: 559538-0725
• Address: Stenkullavägen 44, Stockholm 112 65, Sweden
• Email: info@mapdash.app