Data Privacy
The Maptoolkit Community Tile Server is built to be privacy-respecting by default. This page summarises how the Tile Server handles data and provides a ready-to-use text block you can paste into your own privacy policy.
How the Tile Server handles data
We designed the public tile, style, font, sprite, and terrain endpoints so that operating them requires the absolute minimum of personal data.
- No accounts, no API keys, no registration. You and your End Users use the service anonymously.
- No tracking cookies, no fingerprinting, no advertising IDs. Nothing is set in the browser that would require a consent banner under the EU ePrivacy Directive.
- No user profiles, no cross-site identifiers, no data sales. We do not build behavioural histories and do not share data with advertisers or data brokers.
- No AI training on request data. Service traffic is never used to train, fine-tune, or evaluate machine-learning models.
- Anonymised request logs only. For each request reaching our origin, we may log a truncated IP address (last three digits replaced with zero — the full IP is never persisted), a timestamp, the requested URL path, and the HTTP status and response size. We do not log
RefererorUser-Agent. - Short retention. Anonymised request logs are kept for a maximum of 15 days and then permanently deleted.
- EU hosting. Origin infrastructure is hosted within the European Union. Edge delivery and DDoS protection are provided by Cloudflare as our processor; the overwhelming majority of requests (typically ≥95%) are served directly from Cloudflare’s edge cache and never reach our origin.
- Terrain tiles are served via tiles.mapterhorn.com, which is itself fronted by Cloudflare; the same operational characteristics apply.
The full, legally binding statement — including legal bases, data subject rights, and contact details — is available at maptoolkit.org/privacy.
Suggested text block for your own privacy policy
If you embed the Maptoolkit.org Community Tile Server in your website or application, we recommend including the following passage in your own privacy policy. Adjust wording and headings to match the style of your document.
Map tiles (Maptoolkit Community Tile Server)
To display interactive maps, this application loads vector map tiles, styles, fonts, and sprites from the free Maptoolkit Community Tile Server operated by Maptoolkit (Mariahilfer Strasse 93/20, 1060 Vienna, Austria). When a map is displayed, your browser or device connects directly to the endpoints
tiles.maptoolkit.org,styles.maptoolkit.org, andfonts.maptoolkit.org, and — where terrain or hillshading is used — totiles.mapterhorn.com. Cloudflare is used as a content delivery network and DDoS-protection layer in front of these endpoints; the majority of requests are served directly from Cloudflare’s edge cache.The Maptoolkit Community Tile Server does not require an API key or user registration, does not set cookies, does not use browser fingerprinting, does not build user profiles, and is not used to train machine-learning models. Maptoolkit stores only anonymised operational logs (truncated IP address, timestamp, requested URL path, HTTP status, response size) for a maximum of 15 days for security, abuse prevention, and capacity planning.
For details, see the Maptoolkit Privacy Policy. For this map component, Maptoolkit acts as an independent controller for the limited operational processing described in that policy.
You may freely reference https://www.maptoolkit.org/privacy/ from your own privacy notice.