Privacy Policy
Our commitment to your privacy
PathStack LLC is built on trust. We collect only what is necessary to provide our service, we do not sell your data to third parties, and we do not use your personal information for advertising. Your career interests, assessment responses, and personal details are yours — not a product we sell. This policy describes what we collect, why we collect it, who else has access to it, and the rights you have over your data.
What we collect and why
Account information
When you create an account, we collect your email address and full name. This is used to identify your account, send you transactional messages (e.g. password resets, receipts), and personalize the app's interface. Your email address is also used as your sign-in identifier.
Authentication data
You may sign in using either an email and password, or with a third-party identity provider (Google or Apple). Passwords are never stored by PathStack — they are handled and hashed by our authentication provider, Supabase. When you sign in with a third-party provider, we receive only your name and email address from that provider. If you choose Apple's "Hide My Email" option, Apple provides us with an anonymized relay email address (@privaterelay.appleid.com) that forwards to your real email; we never see your real email address in this case.
Assessment responses
The career combinations and the four MAPS dimension answers you provide during a MAPS Assessment are stored against your account. They are used solely to generate your score, verdict, and (on Plus/Pro/Team plans) AI-generated narrative report and action plan.
Subscription and payment information
If you subscribe to a paid plan, we store an internal record of your subscription status, plan tier, and the identifiers (customer ID, subscription ID) that Stripe uses to recognize your account. We never see, receive, or store your card number, CVV, or full payment details — those are entered directly into Stripe's secure form and remain with Stripe. Stripe's privacy practices are governed by their own privacy policy.
Cookies and local storage
The website uses browser cookies and local storage for the sole purpose of keeping you signed in (your authentication session) and remembering your preferences. We do not use advertising cookies, tracking cookies, or third-party marketing pixels.
Server-side technical data
Our hosting provider, Cloudflare, may automatically log standard request metadata (IP address, request time, user-agent, referrer) for security, fraud prevention, and operational reliability. This is the same kind of logging used by virtually every website on the internet. We do not run any third-party analytics scripts (Google Analytics, Facebook Pixel, etc.) on the site.
Third-party data processors
To deliver the service, we share specific data with the following providers. Each is bound by their own enterprise agreements and privacy policies. We do not give them permission to use your data for advertising or to share it with anyone else.
- Supabase — Stores your account, profile, and assessment data. Handles authentication.
- Stripe — Processes payments, manages subscriptions, and stores billing information. Your card details go directly to Stripe; we never see them.
- Anthropic (Claude API) — Generates the AI narrative report and action plan for Plus/Pro/Team users. Your career names and MAPS scores are sent to Anthropic's API to produce the report; no email address, name, or other identifying information is sent. Anthropic's API terms prohibit training on customer data by default.
- Cloudflare — Hosts the website and serves traffic. May log standard request metadata as described above.
- Google — Only if you choose to sign in with Google. Receives the standard OAuth handshake; we receive your name and email back from them.
- Apple — Only if you choose to sign in with Apple. Receives the standard OAuth handshake; we receive your name (on first sign-in only) and email back from them. If you select "Hide My Email," the email is an Apple-managed relay address.
What we do not do
- We do not sell your data to advertisers, data brokers, or any third party.
- We do not use your assessment responses or AI reports for any purpose other than delivering them to you.
- We do not share your email address with marketing partners.
- We do not build advertising profiles from your usage of the app or website.
- We do not run third-party tracking scripts or advertising pixels on our site.
Data retention
While your account is active, we retain your profile information and the assessments you have created so they remain accessible to you in the iOS app, Android app, and on the web dashboard. There is no automatic time-based expiry — your assessments stay with your account until you choose to delete them or your account.
When you delete your account (see below), all of this data is permanently removed from our systems.
Account deletion
You can permanently delete your account directly from inside the app or website at any time. No email request, customer service call, or waiting period is required.
How to delete your account
- iOS app: Open the Account tab, scroll to the bottom, and tap Delete Account. You will be asked to confirm and to type DELETE before the action is performed.
- Website: Sign in, go to your Dashboard, scroll to the bottom, and click Delete account. You will be asked to confirm and to type DELETE before the action is performed.
- Android app: The Android app provides the same in-app deletion flow.
What gets deleted
When you confirm deletion, the following are permanently and immediately deleted from our systems:
- Your profile (name, email, account credentials).
- All your saved assessments and their results.
- Your authentication record — you can no longer sign in with this email.
- Any active paid subscription is cancelled with Stripe at the same moment, so you are not billed again.
What is retained by Stripe
If you have ever made a payment, Stripe retains records of those past charges, invoices, and the customer record itself, in accordance with their own data retention policy and their legal and tax obligations. We do not have the ability to instruct Stripe to delete this billing history, and we are required by law (and by Stripe's terms of service) not to attempt to do so. This means: no future charges will occur, but Stripe's record of past payments remains within Stripe.
Your rights
You have the right to access, correct, export, or delete the personal information we hold about you. Most of these are available directly inside the app or on the website (you can update your profile, see your assessments, and delete your account in-product). If you would like to exercise any other right or have questions about your data, contact us at privacy@mapsassessment.com.
Children's privacy
PathStack MAPS is intended for adults. Per our Terms of Service, you must be at least 18 years old to use this service. We do not knowingly create accounts for, or collect personal information from, anyone under 18.
In particular, the service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 within the meaning of the Children's Online Privacy Protection Act (COPPA). If you believe a child has provided us with personal information, please contact us at privacy@mapsassessment.com and we will delete it.
Security
We use industry-standard practices to protect your data: TLS encryption in transit, encryption at rest with our database provider, and strict access controls server-side. No system is perfectly secure, but we treat the security of your data as essential to the service we offer.
Changes to this policy
We will notify registered users by email of any material changes to this policy before they take effect. Continued use of the platform after changes constitutes acceptance.
Contact
Questions or concerns about your privacy? Email us at privacy@mapsassessment.com.