Curolia

Log inSign up

Privacy Policy

Last updated: 10 June 2026

This Privacy Policy explains how Curolia ("we", "us") collects, uses, and protects personal data when you use our website and apps (the "Service"). We process data in line with applicable privacy laws, including the GDPR where it applies.

Who we are

Curolia is a map service. For privacy-related questions, contact us at hello@curolia.com.

Data we collect

  • Account data: email address and authentication credentials (passwords are handled by our auth provider; we do not store plain-text passwords).
  • Profile data: optional display name, avatar, and preferences you choose in settings.
  • Map content: maps, pins, places, notes, photos, tags, and other material you create or upload.
  • Connected services: if you enable plugins (for example calendars or media providers), we process data needed to link and sync those services according to your configuration.
  • Technical data: device and usage information such as IP address, browser type, and logs needed to operate and secure the Service.
  • Usage analytics: page paths and in-app navigation (for example which screens you open), plus coarse device and browser metadata collected through our analytics tool — see Analytics below.
  • Error reports: when the app fails unexpectedly, we may receive crash information such as error messages, stack traces, browser type, and app version — see Error reporting below. We do not include your map content or passwords in these reports.

How we use your data

  • Provide, maintain, and improve the Service.
  • Authenticate you and keep your account secure.
  • Store and display your maps and pins as you direct.
  • Send service messages (for example password reset or invitations).
  • Comply with legal obligations and enforce our Terms.

We do not sell your personal data. We do not use your map content to train third-party AI models.

Legal bases (EEA users)

Where the GDPR applies, we rely on: performance of our contract with you (providing the Service); legitimate interests (security, abuse prevention, and product improvement); and consent where required (for example optional integrations or notifications you can turn off).

Analytics

We use privacy-focused website analytics (Umami) to understand how the Service is used — for example which pages are visited and how users move between screens. Umami does not use advertising cookies and does not track you across other websites. Analytics may include a truncated or hashed IP address, browser type, device type, operating system, referrer, and the page path you view. We use this information to improve the Service, not to sell your data or profile you for advertising.

Analytics is provided by Umami Software (hosted at cloud.umami.is) as our processor. You can limit tracking with browser Do Not Track settings or content blockers; the Service remains usable without analytics.

Error reporting

We use Bugsink, a privacy-focused error tracking service, to learn when the Service crashes or hits unexpected errors. Reports may include error messages, stack traces, browser and device type, app version, and coarse session metadata. We use this information only to diagnose and fix bugs — not for advertising or profiling.

Error reporting is provided by Bugsink B.V. (hosted in the European Union) as our processor. See Bugsink's GDPR information. You can limit reporting with browser extensions that block error trackers; the Service remains usable without it.

Sharing and processors

We use trusted infrastructure and service providers (for example hosting, authentication, email delivery, privacy-focused analytics, error reporting, and optional plugin providers you connect). They process data only on our instructions and under appropriate safeguards. Map content is private by default; we share it only when you use sharing features or when required by law.

Storage and transfers

We aim to store and process data in the European Union. If data is transferred outside the EEA, we use appropriate safeguards such as standard contractual clauses where required.

Retention

We keep your data while your account is active and for a reasonable period afterward so you can recover content or so we can meet legal obligations. You may delete content in the app or close your account; we will then delete or anonymise data unless we must retain it by law.

Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You may also lodge a complaint with your local supervisory authority. To exercise your rights, email hello@curolia.com.

Security

We apply technical and organisational measures appropriate to the nature of the data, including encryption in transit and access controls. No online service can guarantee absolute security.

Children

The Service is not directed at children under 16. If you believe a child has provided us personal data, contact us and we will take appropriate steps.

Changes

We may update this policy from time to time. We will post the revised version on this page and update the effective date above.

Related

See also our Terms and Conditions and Open source at Curolia.