Security & Data Protection

Mapifyer is hosted on enterprise-grade cloud infrastructure maintained by trusted third-party providers:

• Vercel— Application hosting and serverless compute. All traffic is served over HTTPS with TLS 1.2+.
• Supabase— Managed PostgreSQL database with encryption at rest, automated backups, and row-level security policies.
• Stripe— Payment processing. Mapifyer never stores raw card data. All billing is handled by Stripe’s PCI-compliant infrastructure.

• In transit: All data transferred between users and Mapifyer is encrypted using HTTPS/TLS. No plain-text connections are permitted.
• At rest: Databases are encrypted at rest. OAuth tokens and sensitive credentials are stored encrypted and never logged in plain text.
• API keys: Third-party API keys (Google OAuth tokens, provider credentials) are stored encrypted and accessed only at runtime.

• Mapifyer uses role-based access control so that each team member within an agency account can only access the data and features appropriate to their role.
• Business Profile data is scoped to the account that authorized it. One agency account cannot access another agency’s data.
• Internal Mapifyer staff access to production systems is restricted to authorized personnel only and is logged for audit purposes.

• User authentication is managed by Supabase Auth, which provides secure session management, password hashing, and email verification.
• Google Business Profile connections use OAuth 2.0 exclusively. Mapifyer never asks for or stores Google passwords.
• OAuth tokens are scoped to only the permissions the user explicitly granted and can be revoked by the user at any time from their Google Account settings or from inside the Mapifyer dashboard.

• Mapifyer follows industry-standard security practices including the OWASP Top 10 as a development guideline.
• Google Business Profile data accessed via the API is used solely to provide Mapifyer’s core product features. Data is never sold, shared with third parties for advertising, or used to train AI models.
• Mapifyer complies with the Google API Services User Data Policy, including the Limited Use requirements.
• Data is retained only as long as necessary to provide the service. Users may request full deletion at any time — see our Data Deletion Policy.