Security & compliance
Compliant by design
Mapido is built as a serious B2B platform — official APIs, strict tenant isolation, and responsible-use controls throughout.
Tenant isolation
Every record carries a team_id and all queries are scoped by it. Workspaces never see each other’s data.
Encrypted secrets
OAuth tokens are encrypted at rest with AES-256-GCM. Server-only keys never reach the browser.
Official APIs only
We use the Google Places API (New) with minimal field masks — never scraping. Attribution and freshness are tracked.
Idempotent credits
Credit transactions are append-only with idempotency keys — never negative, never double-charged, refunded on failure.
Audit logs
Sensitive actions are recorded with actor, entity, IP, and user agent for accountability.
Responsible use
Suppression lists, an acceptable-use policy, and admin review discourage spam and unlawful outreach.
Compliance we design around
- Google Maps Platform terms — Place ID stored for deduplication, field masks minimised, last-fetched timestamps kept.
- India Digital Personal Data Protection Act, 2023 — responsible-use reminders and user-agreed terms.
- No automated WhatsApp/SMS/calling outreach — anti-spam by default.
Mapido does not provide legal advice. You remain responsible for lawful outreach. See our Acceptable Use Policy.