Privacy Policy
Last updated: April 3, 2026
1. Data Controller
The data controller for this service is MG Group (mg-group.ltd).
For any privacy-related inquiries, contact us at: privacy@mg-group.ltd
2. What Data We Collect
We collect the minimum data necessary to provide the coverage map API service:
| Data | Purpose | Retention |
|---|---|---|
| Email address | API key provisioning, account identification | Until account deletion |
| API key (hashed) | Authentication, usage tracking | Until account deletion |
| IP address | Rate limiting, abuse prevention | 7 days |
| Request log (coordinates, timestamp) | Usage analytics, billing | 90 days |
3. Legal Basis for Processing
We process your data based on:
- Consent — You provide explicit consent when registering for an API key by checking the consent box.
- Legitimate interest — Rate limiting and abuse prevention to protect the service and other users.
- Contract performance — Processing necessary to provide the API service you requested.
4. How We Use Your Data
- Provision and authenticate your API key
- Enforce daily request limits per your tier (free/hobby/pro)
- Prevent abuse and bot registrations (IP rate limiting)
- Monitor service health and performance
- Generate anonymized, aggregated usage statistics
We do not use your data for advertising, profiling, or automated decision-making.
5. Cookies and Tracking
This website does not use cookies, localStorage, or any client-side tracking technologies. We do not use Google Analytics or any third-party tracking scripts.
The only external resources loaded are Google Fonts (Inter, JetBrains Mono) for typography. Google's font service may log standard web request data (IP, user agent) per their privacy policy.
6. Data Sharing
We do not sell, rent, or share your personal data with third parties, except when required by law or legal process.
Our infrastructure providers (server hosting) may process data as sub-processors under appropriate data processing agreements.
7. Data Security
We implement appropriate technical measures to protect your data:
- All traffic encrypted via TLS (HTTPS)
- API keys stored as SHA-256 hashes (original key never stored)
- Database accessible only from localhost
- Admin endpoints protected by separate secret
- IP rate limiting against brute force
8. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — Request a copy of all data we hold about you
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data ("right to be forgotten")
- Restriction — Request limitation of data processing
- Portability — Receive your data in a structured, machine-readable format
- Objection — Object to processing based on legitimate interest
- Withdraw consent — Withdraw your consent at any time
To exercise any of these rights, contact us at privacy@mg-group.ltd. We will respond within 30 days.
9. Data Retention
- Account data (email, API key hash) — retained while your account is active. Deleted within 30 days of account deletion request.
- Request logs (coordinates, timestamps) — retained for 90 days, then automatically purged.
- IP rate limit records — retained for 7 days, then automatically purged.
10. International Transfers
Your data is processed and stored on servers located in the European Union. We do not transfer personal data outside the EU/EEA.
11. Supervisory Authority
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with a supervisory authority. In Poland, this is the Urząd Ochrony Danych Osobowych (UODO): uodo.gov.pl
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.