Security & compliance

Compliant by design

Mapido is built as a serious B2B platform — official APIs, strict tenant isolation, and responsible-use controls throughout.

Tenant isolation

Every record carries a team_id and all queries are scoped by it. Workspaces never see each other’s data.

Encrypted secrets

OAuth tokens are encrypted at rest with AES-256-GCM. Server-only keys never reach the browser.

Official APIs only

We use the Google Places API (New) with minimal field masks — never scraping. Attribution and freshness are tracked.

Idempotent credits

Credit transactions are append-only with idempotency keys — never negative, never double-charged, refunded on failure.

Audit logs

Sensitive actions are recorded with actor, entity, IP, and user agent for accountability.

Responsible use

Suppression lists, an acceptable-use policy, and admin review discourage spam and unlawful outreach.

Compliance we design around

  • Google Maps Platform terms — Place ID stored for deduplication, field masks minimised, last-fetched timestamps kept.
  • India Digital Personal Data Protection Act, 2023 — responsible-use reminders and user-agreed terms.
  • No automated WhatsApp/SMS/calling outreach — anti-spam by default.

Mapido does not provide legal advice. You remain responsible for lawful outreach. See our Acceptable Use Policy.