Privacy Policy.
Website, Platform, and Mobile Application
1. Introduction
Zia Map LLC ("Company," "we," "us," or "our") operates the Services described in our Terms of Use. This Privacy Policy explains what information we collect, how we use and protect it, and your rights. It is incorporated by reference into the Terms of Use.
The Services are not directed to individuals under 18. We do not knowingly collect information from anyone under 18. If you believe we have done so inadvertently, contact us at legal@ziamap.com immediately.
2. Information We Collect
2.1 Information You Provide
- Identity: full name, username, professional title
- Contact: business email, phone number, business address
- Credentials: username and encrypted password
- Billing contact: subscription plan and billing contact. Payment card data is processed by Stripe and is not stored by Zia Map.
- User Content: all Field Journal entries, Point Data descriptions, field notes, survey records, annotations, images, accident reports and other forms, change orders, and project messages you create or upload
- Support communications: messages you send to the Company
2.2 Information Collected Automatically
- Log data: IP address, browser type, operating system, referring URL, pages visited, timestamps
- Device information: device type, unique identifiers, mobile network
- Usage data: features accessed, session duration, frequency of use
- Cookie and tracking data, including advertising pixel event data (see Section 8)
2.3 What We Do Not Collect
The Zia Map app and Platform do not collect GPS data, survey instrument readings, equipment telemetry, or any other automatically captured field data. All information in the Platform is manually entered by Authorized Users. With the exception of account login credentials (which constitute sensitive personal information under California law and are addressed in Section 11.4), we do not collect sensitive personal information as defined by the California Privacy Rights Act, including health data, biometric data, racial or ethnic origin, sexual orientation, precise geolocation, or political opinions. We use login credentials solely for the purposes of account authentication and security.
3. Your Data Belongs to You
All User Content you create, upload, or input — including field notes, Field Journal entries, Point Data descriptions, project records, survey documentation, photographs, forms, annotations, and messages — is and remains your property. We do not claim ownership, sell, monetize, or use your User Content to train AI or machine learning models. We do not analyze your User Content for any purpose other than providing the Services. Our only rights are the limited storage and processing rights necessary to deliver the Services, and those rights terminate when your subscription ends and your User Content is deleted following the Data Retrieval Period. For clarity, User Content (your field records, photos, forms, messages, and project data) is permanently deleted after the Data Retrieval Period. Account, billing, and compliance records described in Section 11.3 are retained for the longer periods stated there to satisfy tax, accounting, and legal obligations.
4. How We Use Your Information
- To provide, operate, maintain, and improve the Services
- To authenticate Authorized Users and maintain account security
- To process subscription payments through Stripe
- To send account notices, renewal reminders, service updates, and policy notices
- To respond to support requests
- To analyze usage and improve Service functionality
- To detect and prevent fraud, unauthorized access, and security incidents
- To enforce our Terms of Use and comply with legal obligations
- To send marketing communications where you have opted in (opt-out available at any time)
- To serve targeted advertising on Facebook and Instagram and measure advertising effectiveness through the Meta Pixel (Website visitors only; see Sections 7.5 and 8)
5. Cloud Storage and Data Hosting
5.1 Third-Party Cloud Infrastructure
All User Content is stored in third-party cloud infrastructure in the United States. By using the Services you consent to your data being stored and processed on third-party cloud servers. Cloud providers are contractually obligated to implement appropriate security measures and to use your data only to provide services to the Company.
5.2 Security Measures
We use commercially reasonable security measures, including encrypted transmission (TLS/SSL), access controls, and monitoring. No security system is perfect.
5.3 Data Breach Notification
If a confirmed security breach materially compromises your personal information, we will notify you at the primary account email as required by applicable law, including California Civil Code §§ 1798.29 and 1798.82 and applicable state notification laws.
5.4 Data Location
User Content is stored and processed in the United States. The Services are not directed at users outside the United States.
5.5 Photographs Uploaded by Users
The Company does not review or analyze photograph content for any purpose other than storing and displaying it within the applicable project record. Users are solely responsible for obtaining all necessary consents and permissions from individuals depicted before uploading. The Company is not responsible for the privacy implications of photograph content uploaded by users.
6. Our Confidentiality Commitment to You
We understand that your User Content may include sensitive business information related to government infrastructure, private development, litigation support, and professional engagements. We treat your User Content as confidential and will not disclose it except: (a) to subprocessors engaged solely to provide the Services, subject to confidentiality obligations; (b) as required by applicable law, regulation, or valid legal process; (c) with your prior written consent; or (d) as necessary to respond to a security incident.
If we receive a subpoena or government order requiring disclosure of your User Content, we will, to the extent permitted by law, notify you before making any disclosure so that you may seek a protective order.
7. How We Share Your Information
7.1 Service Providers (Subprocessors)
We share information with trusted subprocessors and advertising partners who help us operate the Services and conduct marketing activities. Current subprocessors include: DigitalOcean, LLC (cloud infrastructure, data storage and hosting); Stripe, Inc. (payment processing); BoldSign, operated by Syncfusion, Inc. (electronic signatures); Google LLC (analytics, via Google Analytics); and Meta Platforms, Inc. (advertising, via Meta Pixel, for Facebook and Instagram advertising). Each subprocessor is contractually limited to using your information only as directed by us and is subject to confidentiality obligations. A current subprocessor list is available upon request at legal@ziamap.com.
Each subprocessor and Third-Party Integration is an independent company. Zia Map LLC is not affiliated with, endorsed by, or acting as an agent of any subprocessor or third-party provider. BoldSign™ is a trademark of Syncfusion, Inc. Stripe™ is a trademark of Stripe, Inc. All third-party names and marks belong to their respective owners. When you use a feature powered by a Third-Party Integration, your information may also be processed by that provider under its own privacy policy, which you are responsible for reviewing.
7.2 Organizational Administrators
If you use the Services as an Authorized User within an organizational subscription, your organization's administrator may have access to your activity, project records, and User Content within the organization's portal.
7.3 Legal Compliance
We may disclose information when required by applicable law, regulation, legal process, or valid government request, or to protect the rights, property, or safety of the Company or others.
7.4 Business Transfers
In a merger, acquisition, or sale of assets, your information may transfer to the successor entity. We will notify you before your information becomes subject to a materially different privacy policy.
7.5 Sale and Sharing of Personal Information
We do not sell your personal information for money. We do share certain personal information — specifically, online identifiers and browsing activity collected through the Meta Pixel on our Website — with Meta Platforms, Inc. for the purpose of cross-context behavioral advertising on Facebook and Instagram. Under California law, this constitutes "sharing" of personal information as defined by Civil Code § 1798.140(ad). California residents have the right to opt out of this sharing under Civil Code § 1798.120. To exercise this right, click "Do Not Sell or Share My Personal Information" in the footer of our Website, or email legal@ziamap.com. We will not discriminate against you for exercising this right. We do not sell or share personal information collected through the Platform (as distinct from the Website) for marketing purposes.
8. Cookies and Tracking
We use cookies and similar technologies on the Website to maintain session authentication, recognize returning users, analyze traffic, and serve targeted advertising. You may configure your browser to refuse cookies, but some features may not work properly. We do not currently respond to browser "Do Not Track" signals. We do honor Global Privacy Control (GPC) signals as an opt-out of sharing for cross-context behavioral advertising, consistent with Civil Code § 1798.135(d). Where a GPC signal is detected, the Company will not fire the Meta Pixel for that user session. We use Google Analytics (Google LLC) to analyze Website traffic. We use the Meta Pixel (Meta Platforms, Inc.) to measure the effectiveness of our Facebook and Instagram advertising and to show targeted ads to Website visitors on those platforms. The Meta Pixel transmits certain online identifiers and activity data to Meta when you visit our Website. California residents may opt out of this sharing by clicking "Do Not Sell or Share My Personal Information" in the Website footer or by emailing legal@ziamap.com. Each analytics and advertising tool is subject to its own privacy policy and terms.
9. Automatic Renewal and Billing Notices
In connection with our automatic renewal subscription, we use your email and billing information to: send renewal reminders before each billing period; send receipts and invoices; notify you of price changes at least 30 days in advance; and confirm cancellations. These communications are transactional and are not subject to marketing opt-out.
10. Data Retention
We retain account information, subscription records, and billing history while your account is active and for periods thereafter as described in Section 11.3 (Categories of Personal Information and Retention Periods) and in the ZiaMap Data Retention Policy. In general, identifiers and professional information are retained for up to three years after account closure; commercial and billing records are retained for up to ten years; and log and usage data is retained for up to 90 days. We retain operational logs as needed for security and compliance consistent with those periods.
IT IS SOLELY YOUR RESPONSIBILITY TO LOG IN AND EXPORT ALL USER CONTENT YOU WISH TO KEEP BEFORE YOUR SUBSCRIPTION ENDS OR DURING THE 30-DAY DATA RETRIEVAL PERIOD. USER CONTENT WILL BE PERMANENTLY AND IRREVOCABLY DELETED AFTER THE DATA RETRIEVAL PERIOD EXPIRES. THE COMPANY WILL NOT REMIND YOU TO RETRIEVE YOUR DATA AND IS NOT OBLIGATED TO ASSIST WITH RETRIEVAL OR EXTEND THE PERIOD. DELETION CANNOT BE UNDONE.
11. California Privacy Rights (CCPA/CPRA)
11.1 Applicability and Notice at Collection
This Section 11 applies to California residents subject to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (together, "CCPA/CPRA"). This Privacy Policy, together with the information provided at the point of collection, constitutes the Company's notice at collection as required by Civil Code § 1798.100(b).
11.2 Business Context
The Services are business-to-business software. Personal information collected through the Services relates primarily to individuals acting in a professional or employment capacity on behalf of their employer or client. To the extent CCPA/CPRA applies to such individuals, this Policy governs. Information collected solely in the context of a business-to-business commercial transaction may be subject to different treatment under applicable law.
11.3 Categories of Personal Information and Retention Periods
In the preceding 12 months we have collected the following categories of personal information and retain them as described:
- Identifiers (name, email address, IP address, username): retained for the duration of the active account and up to three (3) years after closure for legal compliance and dispute resolution.
- Commercial information (subscription records, billing history, transaction records): retained for ten (10) years from the transaction date for tax, accounting, and legal compliance.
- Internet and electronic network activity (log data, usage data, session data): retained for up to 90 days for security monitoring and service improvement, then deleted or anonymized.
- Professional or employment-related information (job title, employer name): retained for the duration of the active account and up to three (3) years after closure.
- Account log-in credentials (username and password, which may constitute sensitive personal information under CPRA § 1798.140(ae)): retained for the duration of the active account and deleted within 90 days of account closure.
- Inferences drawn from the above: retained for the duration of the active account and deleted within 90 days of account closure.
11.4 Sensitive Personal Information
The Company collects account log-in credentials in combination with a password, which may constitute sensitive personal information under CPRA Civil Code § 1798.140(ae)(1)(L). The Company uses this information solely to provide the Services and for account security, which are permitted purposes under CPRA that do not require a "Limit the Use of My Sensitive Personal Information" link pursuant to Civil Code § 1798.121(a). The Company does not use or disclose sensitive personal information for any other purpose and does not collect any other category of sensitive personal information as defined by CPRA.
11.5 Sale, Sharing, and GPC Signals
The Company does not sell personal information for money. The Company does share certain personal information with Meta Platforms, Inc. for cross-context behavioral advertising purposes via the Meta Pixel, as described in Sections 7.1, 7.5, and 8. This constitutes "sharing" as defined under CCPA/CPRA Civil Code § 1798.140(ad). California residents have the right to opt out of this sharing under Civil Code § 1798.120 by clicking "Do Not Sell or Share My Personal Information" in the Website footer or by emailing legal@ziamap.com with the subject line "Opt-Out Request." The Company does not sell or share personal information collected through the Platform for marketing purposes.
Global Privacy Control: The Company recognizes and honors Global Privacy Control (GPC) signals as an opt-out of the sharing of personal information for cross-context behavioral advertising, consistent with Civil Code § 1798.135(d). Where a GPC signal is detected, the Company will not fire the Meta Pixel for that user session. Separate "Do Not Track" browser signals are not legally equivalent to GPC and are not honored as opt-out requests.
11.6 Your CCPA/CPRA Rights
- Right to Know (§ 1798.100): request the categories and specific pieces of personal information collected, the sources, the business or commercial purposes, and categories of third parties to whom it is disclosed.
- Right to Delete (§ 1798.105): request deletion of personal information, subject to legal exceptions including completing a transaction, detecting security incidents, complying with a legal obligation, or exercising a legal claim.
- Right to Correct (§ 1798.106): request correction of inaccurate personal information, taking into account the nature of the information and purposes of processing.
- Right to Opt Out (§ 1798.120): opt out of the sharing of personal information for cross-context behavioral advertising. The Company shares certain personal information with Meta Platforms, Inc. via the Meta Pixel for advertising purposes. To opt out, click "Do Not Sell or Share My Personal Information" in the Website footer or email legal@ziamap.com.
- Right to Limit Use of Sensitive Personal Information (§ 1798.121): the Company uses account log-in credentials solely for permitted purposes under § 1798.121(a); no limitation request is required.
- Right to Non-Discrimination (§ 1798.125): the Company will not discriminate against you for exercising any CCPA/CPRA right, including by denying services, charging different prices, or providing a different service level.
11.7 Submitting a Request and Right to Appeal
Email legal@ziamap.com with subject line "Privacy Rights Request", your name, email address, and a description of the right you wish to exercise. We will acknowledge within 10 business days and respond within 45 calendar days; if more time is needed we will notify you and may extend by up to 45 additional days. You may designate an authorized agent subject to written authorization and identity verification. If we deny your request in whole or in part, we will explain the basis. You may appeal within 45 days by emailing legal@ziamap.com with subject line "Privacy Rights Appeal." We will respond to your appeal within 60 days. If your appeal is denied, we will provide information on how to submit a complaint to the California Privacy Protection Agency.
11.8 Shine the Light (Civil Code § 1798.83)
California Civil Code § 1798.83 (Shine the Light) permits California residents to request a list of personal information disclosed to third parties for direct marketing purposes during the preceding year. The Company shares certain online identifiers and browsing activity with Meta Platforms, Inc. for advertising purposes via the Meta Pixel, as described in Sections 7.5 and 8. California residents may request information about this disclosure or exercise their right to opt out by contacting legal@ziamap.com or using the "Do Not Sell or Share My Personal Information" link in the Website footer.
12. Other State Privacy Rights
Residents of states with comprehensive consumer privacy laws (including Colorado, Connecticut, Virginia, Texas, Oregon, and Montana, among others) may have rights to access, delete, correct, and opt out of certain data processing. Submit requests to legal@ziamap.com. We will respond in accordance with applicable state law.
This Policy is designed to comply with applicable U.S. state privacy laws. The Company does not represent compliance with privacy laws of jurisdictions outside the United States.
13. Third-Party Links and Services
The Services may link to third-party websites and integrate with third-party platforms. This Policy does not apply to those third parties. Review their privacy policies before sharing information with them.
14. Changes to This Policy
We may update this Policy at any time. We will post the updated Policy on the Website and update the Last Modified date. For material changes, we will provide additional notice by email or in-app notification. Continued use after the effective date constitutes acceptance.
15. Contact
Zia Map LLC · San Diego, California · legal@ziamap.com · www.ziamap.com
By using the Services, you acknowledge that you have read and understood this Privacy Policy.