GoodMaps Data Management

Table of Contents

A Practical Guide for Prospective Customers and End-Users

Overview #

GoodMaps provides indoor navigation technology through LiDAR scanning, enabling accurate mapping of buildings and seamless navigation for app users. This document explains, in clear language, how GoodMaps manages data – especially personal data – while maintaining full compliance with the General Data Protection Regulation (GDPR) and similar data privacy laws worldwide.

Technology, Data, and Privacy #

Building Scanning (LiDAR Data Capture) #

  • Purpose: To generate precise indoor maps for venue operators and facility managers.
  • How it works:
    • Professional surveyors use handheld LiDAR devices and 360° cameras to capture spatial layouts and points of interest.
    • Automated software removes images of people, screens, and written materials from raw scan data wherever possible.
    • Any images of individuals or incidental personal details captured during scanning are deleted automatically by machine learning algorithms. This step is a built-in privacy safeguard in map creation.
    • GoodMaps does not use scanning equipment for ongoing surveillance or for capturing biometric data.
  • Outcome: Only depersonalized spatial datasets and computer vision models are produced – no mapping data is connected to any identifiable individual.

GoodMaps App (Indoor Navigation) #

  • Purpose: To provide real-time, privacy-focused indoor navigation.
  • How it works:
    • The app accesses device location and camera input using Visual Positioning System (VPS) only when navigation is active.
    • Only essential device and temporary location data are collected; no additional identifying data is obtained.
    • All end-user data used in navigation is fully anonymized.
    • Location data is discarded immediately after the navigation session concludes.
    • The app requests clear, explicit consent before accessing device location. Consent can be withdrawn any time.
    • The app does not collect or transmit high-definition photographs; instead, it uses low-resolution visual frames for positioning, minimizing any risk of personal data exposure.

Data Management and Safeguards #

  • Minimal Data Collection: Only the data required to deliver mapping and navigation services is collected. Data is never used for marketing, profiling, or tracking.
  • Clear Privacy Notices: At every stage, GoodMaps communicates:
    • What data is collected
    • Why it is required
    • Who controls it
    • How long it is retained
    • How to exercise applicable data rights
    • Note: For building scanning, only non-personal data vital for computer vision functionality is retained. Any images of people incidentally captured are permanently deleted during processing.
  • Data Security: All data is securely stored using encrypted cloud environments (such as AWS or Azure). Access is strictly limited to authorized personnel or appointed customer representatives.
  • Automatic Data Deletion: Incidental personal data found in raw scans is immediately obfuscated or deleted during processing. Session-based location data from app usage is deleted once navigation ends, per retention policies.
  • Data Subject Rights:
    • End-users: Clearly informed of GDPR rights, including access, correction, deletion, and restriction of any personal data relevant to their use of the app, and how to exercise these rights in the app or via the GoodMaps website.
    • Customers: Provided information and tools to manage the data connected to their venues or accounts according to GDPR and contractual requirements.
    • For venues using Single Sign-On (SSO): SSO credentials are managed entirely by the venue operator, not by GoodMaps. GoodMaps does not access or store individual identities of end-users in these cases.

GDPR and Legal Compliance #

  • Lawful Processing: Mapping and building scans are conducted based on legitimate interests (for customers and service delivery), while app location services for end-users rely on explicit consent.
  • Transparency: All privacy notices are written in plain, easily understood language.
  • Purpose Limitation: Data is processed solely for indoor mapping and navigation – not for profiling, advertising, or unrelated analytics.
  • Data Minimization: Only the minimum data essential for service delivery is collected. Low-resolution images and temporary location data used for navigation are optional and can be disabled by end-users.
  • Security: Data is encrypted in transit and at rest; regular audits and incident response procedures are in place.
  • International Data Transfers: Data remains within local legal jurisdictions (e.g., EU data is stored in the EU), and appropriate safeguards (e.g., Standard Contractual Clauses) are applied for any transfers beyond those zones.
  • Opt-Out: End-users may withhold or withdraw consent for location services at any time, or may simply uninstall the app to stop all data collection.

Quick Reference Table #

Data TypeWhat We CollectWhyHow We ProtectGDPR Basis
LiDAR ScansBuilding geometry, points of interestIndoor mappingPeople/screens removed, secure storage, auto-deletion of incidentalsLegitimate interest
App LocationNavigation during useNavigation during useUser consent, no retention after sessionConsent
Device InfoService deliveryService deliveryLegitimate interestLegitimate interest
Personal Info*User/Customer submitted dataSupport or legal issuesStrict access control, limited retentionConsent/Legal obligation
* Personal information is only collected if an user or customer provides it directly.

User & Customer Support #

  • No Behavioral Tracking: GoodMaps does not create behavior profiles or track user activity outside anonymous analytics essential for improving service reliability.
  • Clear & Proactive Communication: All privacy communications are concise and transparent. Data collection, lawful basis, retention, and rights are precisely explained at every interaction.
  • Privacy Contact: A dedicated privacy officer or team is reachable through both the app and the GoodMaps website for all data access requests or inquiries.

In Summary #

GoodMaps manages all data – in particular, any instance of personal data – with a commitment to maximum privacy, security, and transparency, upholding the highest legal and ethical standards. Any personal data incidentally captured during mapping is deleted automatically.

  • Data is collected only as necessary.
  • Retention schedules are limited and communicated.
  • Lawful basis for processing is always maintained.
  • The rights of both end-users and customers are fully respected and supported.

For full details on any data collection, exercising data rights, or for additional questions, please consult the GoodMaps privacy policy or contact the GoodMaps privacy team.

Updated on August 1, 2025