Privacy Policy
Last updated: January 1, 2025 · GDPR Compliant (EU Regulation 2016/679)
1. Data We Collect
MosiMap only collects data strictly necessary for the service to function:
- Account: email address, password (bcrypt hashed), display name
- Parkings: GPS coordinates, address, time, duration, level, note, photo (optional)
- Vehicle: brand, model, year, license plate, mileage (optional)
- Technical: anonymized device identifier, iOS version, anonymous error logs
We never collect your banking data, browsing history, or any third-party data for advertising purposes.
2. How We Use Your Data
Your data is used exclusively to:
- Provide the vehicle location service
- Send parking notifications and alerts you have configured
- Improve smart suggestions (AI locally on your device)
- Manage your account and process support requests
- Comply with our legal obligations
We do not practice any advertising profiling and do not sell your data.
3. Location Data
Location is the central data point of MosiMap. Here's how we handle it:
- On device: Processing is done locally on your iPhone. GPS coordinates are only transmitted to our servers to save your parking position.
- Minimal precision: We only use the precision necessary for each use case (100m for detection, 5m for navigation).
- No background tracking: Unless you enable automatic detection, we do not access your position in the background.
- Encryption: Coordinates are encrypted with AES-256 before local storage on your iPhone.
You can revoke location permission at any time in iOS Settings.
4. Data Sharing
Your data is only shared with:
- Supabase (EU): database hosting, GDPR compliant, data stored in Europe
- Resend: transactional email sending (password reset, notifications)
- Apple: App Store, In-App Purchases, push notifications — per Apple's Terms
No sharing with third parties for advertising, behavioral analysis, or resale.
5. Data Retention
- Account data: kept until account deletion
- Parking history: 365 days by default (configurable in settings)
- Reset tokens: 15 minutes then automatic deletion
- Security logs: 90 days
- After account deletion: all data is erased within 30 days
6. Your Rights (GDPR)
Under EU Regulation 2016/679, you have the following rights:
- Access (Art. 15): obtain a copy of all your data
- Rectification (Art. 16): correct inaccurate data
- Erasure (Art. 17): delete your account and all your data
- Portability (Art. 20): export your data in JSON format
- Objection (Art. 21): object to certain processing
- Restriction (Art. 18): limit the processing of your data
These rights can be exercised directly in the app (Settings → Privacy) or by email to our DPO.
You can delete your account and all your data directly from the iOS app: Settings → Delete My Account. Deletion is immediate and irreversible.
7. Security
- AES-256-GCM encryption of sensitive data on device
- Passwords hashed with bcrypt (never stored in plain text)
- Security tokens stored in iOS Keychain
- HTTPS communications only (TLS 1.3)
- Data hosted in the European Union
- Data access limited to the minimum necessary (principle of least privilege)
For any questions regarding the protection of your data:
You can also file a complaint with the CNIL (French Data Protection Authority): www.cnil.fr