Sign in / Join

Privacy Policy

This Privacy Policy explains how Perkmap (maintained by the Fidelock team) collects, uses, shares, stores, and protects information. We follow privacy-forward practices inspired by common standards (e.g., GDPR, CCPA) but do not claim full compliance for every jurisdiction. The policy is written to be clear, precise, and defensible as a legal document.

1. Scope and controller

  • This policy applies to Perkmap websites, applications, communications, and related services (“Services”).
  • Controller: Perkmap, operated by the Fidelock team. Contact: privacy@perkmap.com.
  • If you access third-party links (banks, airlines, hotels, analytics vendors), their policies govern your data there.

2. Data we collect

  • Contact data: email address, name or alias you voluntarily provide for newsletters, waitlists, feedback, support, or account creation.
  • Service and support content: messages, attachments, screenshots, logs you send; issue context (device type, time, steps to reproduce).
  • Technical data: IP address, user agent, device/OS/browser metadata, timestamps, request headers, referrers, error traces, coarse location inferred from IP (city/region level).
  • Usage signals: page views, clicks, scroll and session timing, feature toggles, notification preferences, language selection; these are collected in aggregated or pseudonymous form.
  • Payment/commerce (if applicable): transaction amount, currency, billing email, status; processing is handled by third-party processors who receive the necessary payment data.
  • User-generated content: submissions of data points, reviews, or survey responses that may include personal data you choose to include.
  • Cookies/identifiers: strictly necessary cookies for session or security; optional analytics identifiers when consented.

3. Lawful bases / legal grounds

  • Contractual necessity: to provide Services you request (e.g., deliver newsletters, manage your account, provide support).
  • Legitimate interests: operate, secure, debug, prevent abuse/fraud, improve and personalize Services, maintain analytics in privacy-preserving form.
  • Consent: optional cookies/analytics, marketing emails, or specific data uses where required by law.
  • Legal obligations: to meet record-keeping, accounting, or lawful requests from authorities when applicable.

4. How we use data

  • Service delivery: send updates, newsletters, transactional notices; maintain your account or preferences; surface content in your chosen language.
  • Reliability and security: detect abuse, spam, fraud, or attacks; rate-limit or block malicious behavior; monitor uptime and errors.
  • Product improvement: analyze aggregated or pseudonymous usage patterns to improve content relevance, navigation, and feature quality.
  • Communications: respond to inquiries, support tickets, and feedback; invite you to research interviews when appropriate.
  • Compliance: honor opt-outs, handle data subject requests, and comply with applicable legal requirements.

5. Cookies and tracking

  • We prefer privacy-first, cookieless analytics (e.g., Plausible). If enabled, these tools avoid cross-site tracking and do not set advertising cookies.
  • Strictly necessary cookies may be used for session continuity, load balancing, security, and remembering consent choices.
  • If we introduce optional cookies (e.g., for A/B tests or product analytics), we will present clear notices and, where required, obtain consent first.
  • You can block or delete cookies via browser settings; some features may degrade without necessary cookies.

6. Sharing and disclosure

  • We do not sell or rent personal data.
  • Service providers: trusted processors for email delivery, analytics, hosting, error logging, customer support tools, and payment processing (if used). They operate under data-protection terms and only on our instructions.
  • Business changes: if Perkmap is involved in a merger, acquisition, or asset transfer, data may be transferred under equivalent protections and with notice where required.
  • Legal and safety: we may disclose data if required by law, court order, or to protect rights, safety, security, or prevent fraud/abuse.

7. International transfers

  • Data may be processed in countries different from yours. We rely on safeguards such as standard contractual clauses or equivalent protections where applicable.
  • Vendors are selected for strong security practices; we minimize data sent and prefer regions aligned with your primary geography when feasible.

8. Data retention

  • Contact and communication records: kept while you remain subscribed or until you request deletion, plus a short buffer to honor opt-outs.
  • Technical and security logs: retained for a limited window necessary for security, fraud detection, debugging, and compliance, then deleted or anonymized.
  • User-generated content: retained as long as relevant to the Services; if you request deletion, we will assess feasibility while preserving system integrity and legal obligations.
  • Backups: deleted on a rolling schedule; deletions may take effect after backup cycles expire.

9. Security measures

  • Encryption in transit (HTTPS/TLS) and at rest where supported by our infrastructure and vendors.
  • Access controls and least-privilege: data access limited to personnel and systems with a need-to-know for operations, support, or security.
  • Audit trails: administrative actions may be logged to preserve accountability.
  • Protective controls: rate limits, WAF rules, spam/abuse detection, dependency management, and regular security updates.
  • No security can be perfect; if we detect a breach with material risk, we will investigate, mitigate, and notify affected users and/or authorities as required by law.

10. Your rights and choices

  • Access and correction: you may request a copy of your personal data and ask us to correct inaccuracies.
  • Deletion: you may request deletion of personal data where permitted by law; we will honor or explain any necessary retention (e.g., legal obligations).
  • Portability: you may request export of the data you provided in a common format where applicable.
  • Objection/Restriction: you may object to certain processing based on legitimate interests or request restriction in specific circumstances.
  • Marketing opt-out: unsubscribe links are included in emails; you can also email privacy@perkmap.com.
  • To exercise rights, email privacy@perkmap.com. We aim to respond within 7 business days; complex requests may take longer where allowed.

11. Children

  • Perkmap is not intended for individuals under 16. We do not knowingly collect their data.
  • If you believe a minor has provided data, contact us at privacy@perkmap.com to request deletion.

12. Third-party links and content

  • Links to banks, airlines, hotels, forums, or other services are governed by their own privacy terms. We are not responsible for their practices.
  • Embedded content (e.g., videos, social widgets) may collect data under the provider’s policies.

13. Changes to this policy

  • We may update this policy to reflect changes in law, our Services, or practices. The “Last updated” date will change, and material changes will be highlighted where feasible.
  • Continued use of the Services after an update signifies acceptance of the revised policy.

14. Contact

  • Email: privacy@perkmap.com
  • For security reports, you may also reach out to security@perkmap.com (non-urgent).

15. Supplement for California (CCPA/CPRA) users (informational)

  • Categories collected: identifiers (email, IP), internet/network activity (logs, usage), limited geolocation (city/region from IP), and user-generated content. Sensitive data is not sought; if provided inadvertently, it is treated with heightened care or deleted when feasible.
  • Purpose of use: as described in Sections 2–6. No sale or sharing for cross-context behavioral advertising.
  • Rights: know, delete, correct, opt-out of sale/sharing (not applicable as we do not sell/share), limit use of sensitive data (we avoid collecting). Non-discrimination: exercising rights will not lead to different prices or service levels, except where data is necessary to provide a feature.

16. Records of processing and DPIA (summary)

  • We maintain internal records of processing activities and review data flows for necessity and proportionality.
  • For new features involving personal data, we consider conducting a risk review or DPIA-like assessment, focusing on data minimization, retention limits, vendor safeguards, and user expectations.