Privacy Policy

Last updated: May 2026

1. Data Controller

HantaMap.io is operated by MEKOS Labs. For questions about this privacy policy, contact us at privacy@hantamap.io.

2. Data We Collect

Account data

When you create an account: email address, display name, and authentication credentials (hashed).

Subscription data

If you subscribe to alerts: country, city, geographic coordinates, alert radius, and alert type preferences.

Usage data

Page views, interactions, and performance metrics collected via analytics (with your consent).

Geolocation data

If you enable location-based alerts, we process your approximate location to match nearby outbreak signals. We do not track real-time location.

3. Legal Basis (GDPR)

• Consent — analytics, marketing communications, geolocation processing
• Contractual necessity — account management, alert delivery
• Legitimate interest — security monitoring, fraud prevention, service improvement

4. How We Use Your Data

• Deliver geolocated hantavirus alerts based on your subscription preferences
• Authenticate and manage your account
• Monitor and improve platform performance and security
• Generate anonymised, aggregated usage statistics

5. Data Sharing

We do not sell personal data. We may share data with:

• Infrastructure providers — hosting, database, email delivery (processed under DPA)
• Legal authorities — when required by law

6. Data Retention

• Account data: retained until you delete your account
• Subscription data: retained while subscription is active + 30 days
• Security audit logs: retained for 12 months
• Analytics data: retained for 26 months (anonymised)

7. Your Rights

Under GDPR and applicable US privacy laws, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing based on legitimate interest
• Withdraw consent at any time
• Unsubscribe from all alert communications

To exercise these rights, email privacy@hantamap.io.

8. Cookies

See our Cookie Policy for details on cookies and tracking technologies.

9. International Transfers

Data may be processed in the EU and US. Where transfers occur, we use Standard Contractual Clauses or equivalent safeguards.

10. Security

We implement industry-standard security measures including encryption in transit and at rest, role-based access control, and security audit logging.

11. Children

HantaMap.io is not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes

We may update this policy periodically. Material changes will be communicated via email to registered users.