Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Mapline is a US-based data visualisation and mapping platform that allows businesses to create interactive maps from spreadsheet data for territory management, location analysis, and reporting. While it primarily processes business data rather than consumer personal data, any maps containing location or address data linked to individuals are subject to GDPR. The platform processes data on US infrastructure with SCCs as the transfer mechanism.
Mapline is a cloud-based data mapping and territory management platform that allows businesses to visualise spreadsheet data on interactive maps. Typical use cases include sales territory planning, store location analysis, customer distribution mapping, logistics route optimisation, and field team management. Users upload data from Excel, CSV, or CRM exports, and Mapline geocodes addresses to plot locations on the map.
Mapline processes the data uploaded by users, which may include customer names and addresses, employee locations, client contact details, and any other data in the uploaded spreadsheet. It also collects IP addresses and browser information from users accessing the Mapline application. If maps are embedded on public websites, visitor IP addresses are also logged.
GDPR applies when Mapline is used to process personal data, which occurs when maps include data linked to identifiable individuals such as customer addresses, employee locations, or named contacts. The organisation uploading the data is the data controller and Mapline acts as a data processor. The US transfer requires SCCs. If maps are embedded publicly, the embedding itself may expose personal data, requiring appropriate disclosure.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For the Mapline application used by internal team members, consent is not typically required as the processing basis is legitimate interest or contract performance. For embedded public maps that set cookies, ePrivacy consent is required. Individuals whose data is included in Mapline maps must be informed of the processing in the privacy policy.
Mapline is a US company and processes all data on US infrastructure. Standard Contractual Clauses apply. Sign Mapline''s DPA and document the transfer in your RoPA.
Sign a DPA with Mapline. Update your privacy policy to describe Mapline as a processor for location and mapping data. For embedded maps, obtain ePrivacy consent. Minimise personal data in maps where possible. Document the US transfer in your RoPA. For employee location mapping, ensure individuals are informed and a lawful basis is documented.
Websites using Mapline must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is advisable when Mapline is used to map personal data linked to identifiable individuals at scale, such as customer location data, employee location tracking, or geographically referenced personal information in regulated sectors.
Sample consent text
This map is powered by Mapline (United States). Mapline processes the map data displayed here on US servers. If this map contains personal location data, please see our privacy policy for full details.
Third-party domains contacted
mapline.comapp.mapline.comapi.mapline.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ml_session | session | Session | Session identifier for the Mapline application and embedded map widgets |
Mapline uses cookies for user preferences — inform visitors with a consent banner.
Mapline sets session and functional cookies for users of the Mapline application. If maps are embedded on public websites, the embed script may set cookies on visitor browsers. These require ePrivacy consent before the embed script loads.
For internal use, no public-facing consent banner is required. If maps are embedded on public websites, ePrivacy consent is required for non-essential cookies. Individuals whose personal data appears in maps must be informed in the privacy policy.
Legitimate interest (Art. 6(1)(f)) or contract performance (Art. 6(1)(b)) typically applies for internal business mapping. For employee location mapping, a specific lawful basis and transparency obligation must be documented separately.
Yes. Mapline is a US company and processes all data on US infrastructure. Standard Contractual Clauses apply. Sign Mapline's DPA and document the US transfer in your Records of Processing Activities.
A DPIA is advisable when Mapline is used to map personal data at large scale, particularly employee location data or customer geolocation in regulated sectors.
Only include data for which you have a lawful basis. Sign a DPA with Mapline. Update your privacy policy describing Mapline as a processor. For embedded public maps, obtain ePrivacy consent. Minimise personal data in maps where possible.
Datawrapper (Germany) and CARTO offer EU data residency for data visualisation and mapping. OpenStreetMap-based tools like Leaflet.js self-hosted on EU infrastructure keep all data on your own servers.
Yes, but you must have a lawful basis and inform customers in your privacy policy. The Mapline DPA must be in place. Minimise data by excluding unnecessary identifiers from the map data.