Legal
Privacy Notice
Last updated: July 11, 2026
1. Who is responsible
Semiotic Mapper is operated by Anu Maarit Hoffman, who acts as the data controller for the personal data described in this notice. You can contact us at hello@semioticmap.com.
2. What we collect and why
- Account data (name, email, hashed password / auth provider ID) — to create and manage your account. Legal basis: performance of a contract.
- Content you create (maps, axes, prompts, briefs) — to provide the Service. Legal basis: performance of a contract.
- Support messages — when you email or message us. Legal basis: legitimate interests in providing support.
- Usage and telemetry (pages viewed, AI calls made, errors, device type, browser, IP address) — to keep the Service secure, debug issues, and improve it. Legal basis: legitimate interests.
- Billing data — collected directly by Paddle (our Merchant of Record). We receive from Paddle the minimum needed to manage your subscription (e.g. customer ID, status, country). Legal basis: performance of a contract and legal obligation.
- Email engagement (deliveries, bounces, complaints, unsubscribes) — to keep our transactional email working and respect opt-outs. Legal basis: legitimate interests and legal obligation.
3. Cookies
We use a small number of essential cookies and local storage entries required to keep you signed in and remember your preferences. We do not use marketing or advertising cookies. If we add analytics in future we will update this notice and, where required, ask for your consent.
4. Who we share data with
- Hosting & database (Supabase / Lovable Cloud) — to store your account and content.
- AI providers (Google, OpenAI) — to generate suggestions in response to your prompts. Your prompts and minimal context are sent to these providers via the Lovable AI Gateway.
- Paddle.com — our Merchant of Record. Paddle handles payment processing, sales tax, invoicing, and subscription management. Their privacy notice is at paddle.com/legal/privacy.
- Email delivery provider — to send you transactional emails (welcome, receipts, account notifications).
- Professional advisers (legal, accounting) — when needed and under confidentiality.
- Authorities — where required by law.
We do not sell your personal data and we do not share it for third-party marketing.
5. International transfers
Some of our service providers (e.g. AI model providers, Paddle) are located outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an applicable adequacy decision.
6. How long we keep data
We keep account and content data for as long as your account is active. If you delete your account, we delete or anonymise associated personal data within a reasonable period, except where we are required to retain it (for example, billing records for tax purposes via Paddle).
7. Security
We apply appropriate technical and organisational measures including encryption in transit, access controls, secret management, and least-privilege principles for our infrastructure.
8. Your rights
Depending on where you live, you may have the right to access, rectify, erase, restrict, or port your personal data, to object to processing, and to withdraw consent. For EU/UK users, these rights come from the GDPR / UK GDPR, including the right to complain to your local supervisory authority. We aim to respond within one month.
To exercise any of these rights, email hello@semioticmap.com.
9. Changes to this notice
We may update this notice as the Service evolves. Material changes will be flagged in the Service or by email.