Privacy Policy
Last updated: June 3, 2026
This Privacy Policy explains how Sjödin Media ("DDD Maps", "we", "us", or "our") collects, uses, and protects your personal data when you use the website dddmaps.com and the DDD Maps service (the "Service").
We are the data controller responsible for your personal data. If you have any questions about this policy or your data, contact us at contact@dddmaps.com.
1. Who we are
Data controller: Sjödin Media (enkeltpersonforetak)
Organisation number: 937 813 686
Address: Dronningens gate 12A, 8514 Narvik, Norway
Email: contact@dddmaps.com
We are established in Norway and process personal data in accordance with the EU General Data Protection Regulation (GDPR), as incorporated into Norwegian law through the Personal Data Act (personopplysningsloven).
2. What data we collect
We collect the following categories of personal data:
- Account and identity data. When you register, we collect your name and email address. Authentication and account management are handled through our provider Outseta.
- Billing and subscription data. If you subscribe to a paid plan, we (via Outseta and its payment processor Stripe) process billing details such as your name, billing address, subscription plan, and transaction history. We do not store your full card number on our own systems — card data is handled directly by Stripe, a PCI-DSS compliant payment processor.
- Content you upload. When you use the Service, you may upload GPX files and other route or track data. These files can contain precise location information, timestamps, elevation, and (depending on the file) activity data. We process this content solely to generate your map animations.
- Usage and technical data. We automatically collect technical information such as your IP address, browser type, device information, pages visited, and interactions with the Service. This may be collected through server logs and, where applicable, analytics tools.
- Cookies and similar technologies. See Section 8.
- Communications. If you contact us for support or by email, we keep a record of that correspondence.
3. How and why we use your data (legal bases)
We process your personal data on the following legal bases under GDPR Article 6:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Providing the Service and generating animations from your uploads | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Performance of a contract (Art. 6(1)(b)) |
| Securing the Service, preventing abuse, and debugging | Legitimate interests (Art. 6(1)(f)) |
| Improving and developing the Service | Legitimate interests (Art. 6(1)(f)) |
| Sending service-related communications (e.g. billing notices) | Performance of a contract / legitimate interests |
| Sending marketing emails (where applicable) | Consent (Art. 6(1)(a)) |
| Non-essential cookies and analytics | Consent (Art. 6(1)(a)) |
| Complying with legal obligations (e.g. accounting) | Legal obligation (Art. 6(1)(c)) |
You can withdraw any consent at any time without affecting the lawfulness of processing carried out before withdrawal.
4. Your uploaded location data
We treat GPX and route data with particular care because it can reveal sensitive details such as where you live, train, or travel.
- We use your uploaded content only to provide the Service to you (i.e. to generate the animations you request).
- We do not sell your location data, and we do not use it for advertising.
- We do not use it to profile you or to make automated decisions about you.
You can delete your uploaded content from your account at any time. See Section 6 for retention details.
5. Who we share your data with (subprocessors)
We share personal data with carefully selected third-party providers who process it on our behalf. Each is bound by a data processing agreement requiring appropriate safeguards.
- Outseta — account management, authentication, CRM, subscription billing, and account/transactional email.
- Stripe — payment processing (card and other payment-method data).
- Mapbox — map rendering and mapping services used to generate animations.
- Hetzner (Hetzner Online GmbH) — hosting of the Service and its data (servers located in the EU).
- Google (Google Analytics) — usage analytics, only after you give consent.
We may also disclose data where required by law, to enforce our terms, or to protect our rights, users, or the public. We do not sell your personal data to third parties.
6. International transfers
Some of our providers (including Outseta, Stripe, Mapbox, and Google) are based in or transfer data to the United States or other countries outside the EEA. Where this happens, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework. You can request more information about these safeguards using the contact details above.
7. How long we keep your data
- Account data: for as long as your account is active, and for a reasonable period afterwards.
- Uploaded content (GPX / route data): retained while needed to provide the Service; deleted when you delete it or close your account, subject to backup cycles.
- Billing records: retained as required by applicable accounting and tax law (in Norway, typically up to 5 years).
- Technical logs: retained for a limited period for security and troubleshooting.
When data is no longer needed, we delete or anonymise it.
8. Cookies
We use cookies and similar technologies to operate the Service, keep you signed in, remember your preferences, and (where you consent) measure usage.
Strictly necessary cookies are required for the Service to function (e.g. authentication via Outseta). Analytics cookies (Google Analytics) are non-essential and are set only after you give consent via our cookie banner.
You can give, refuse, or withdraw consent for non-essential cookies through our cookie banner at any time, and manage cookies via your browser settings.
9. Your rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten");
- Restrict or object to certain processing;
- Data portability — receive your data in a structured, machine-readable format;
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, contact us at contact@dddmaps.com. We will respond within the time limits required by law (generally one month).
You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, www.datatilsynet.no) or your local supervisory authority.
10. Security
We take reasonable technical and organisational measures to protect your personal data against loss, misuse, and unauthorised access. No method of transmission or storage is completely secure, but we work to protect your data and to keep our providers held to appropriate standards.
11. Children
The Service is not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
13. Contact
Questions or requests regarding this policy or your personal data:
Sjödin Media
contact@dddmaps.com
Dronningens gate 12A, 8514 Narvik, Norway