Trust & Security

Built for institutional confidence

Everything your IT security team needs to know before approving Mapsurvey for institutional use.

Data Privacy (GDPR)

Survey respondents remain fully anonymous. Mapsurvey collects no personal data from people filling out surveys.

  • No login required for survey respondents — anyone with the link can participate
  • No cookies used for tracking or analytics purposes
  • No IP addresses stored in survey responses or server logs
  • No analytics tied to individual responses — aggregated data only
  • No third-party trackers or advertising scripts
  • Survey creators need an account (email and password only) — no further personal data required

Hosting & Data Residency

All data is stored and processed within the European Union.

  • Hosted on Render.com — Frankfurt, Germany (EU region)
  • Data stays in the EU — no cross-border transfers outside the European Economic Area
  • Render is SOC 2 Type II certified — independently audited security controls
  • PostgreSQL database with encrypted connections (TLS)
  • Self-hosting option — deploy on your own infrastructure for full data sovereignty

Open Source & Transparency

The entire codebase is publicly available for audit and review.

  • Full source code available on GitHub
  • Licensed under AGPLv3 — guarantees source availability and user freedom
  • Anyone can audit the code, verify claims, and inspect data handling
  • No obfuscation — what you see in the repository is what runs in production

Security

Industry-standard security practices are enforced at every layer.

  • HTTPS everywhere — all traffic encrypted in transit via TLS
  • Django security framework — built-in CSRF protection, XSS prevention, SQL injection safeguards, clickjacking protection
  • Password hashing — user passwords stored using PBKDF2 with SHA-256 (Django default)
  • No third-party scripts — no external JavaScript, trackers, or CDN dependencies in the survey-taking flow
  • Content Security Policy — strict headers to prevent code injection
  • Regular dependency updates — security patches applied promptly

Data Ownership

Survey creators retain full ownership of all collected data.

  • Your data is yours — Mapsurvey claims no rights over survey content or responses
  • Export at any time — download responses as GeoJSON and CSV with a single click
  • Delete at any time — removing a survey permanently deletes all associated data
  • Account deletion — deleting your account removes all surveys, responses, and personal information
  • No vendor lock-in — standard data formats ensure portability to other tools

Who is behind Mapsurvey

Mapsurvey is an independent open-source project created and maintained by Artem Konuchov. It is not affiliated with any government, corporation, or commercial entity. The project is driven by the need for accessible, privacy-respecting participatory mapping tools.

Data Processing Agreement

For institutional users who require a formal Data Processing Agreement (DPA), we provide a ready-to-sign template that covers data handling, security measures, sub-processors, and GDPR compliance obligations.

Download DPA Template (PDF)