1. Who we are
Mapius refers to the Figma plugin Mapius AI and the website https://mapius.cc.
The data controller for personal data described in this policy is:
| Controller | Liao Changjian (LIAO CHANGJIAN) (individual developer) |
|---|---|
| support@mapius.cc | |
| Location | China |
2. Scope
This policy applies to:
- The Mapius AI plugin in Figma
- https://mapius.cc (including documentation and blog pages)
- Our backend services used to operate the plugin (e.g. https://api.mapius.cc)
This policy does not govern:
- Figma — see Figma’s Privacy Policy
- Stripe checkout pages — see Stripe Privacy Policy
- Third-party AI model providers under their own terms — e.g. OpenAI Privacy Policy
3. Summary
| We process | We do not actively collect |
|---|---|
| Your email address (to sign in) | Phone number |
| Session tokens (to keep you logged in) | Government ID, precise home address, contacts, or photos |
| Text you enter in the plugin for AI generation | Your full Figma file or layers by default |
| Subscription / payment status (not card numbers) |
We use contracted service providers for authentication, hosting, AI processing, and payments. We do not use your data to train Mapius-owned models and do not sell your personal information.
IP addresses: We do not intentionally collect or use IP addresses in our application logs to identify you. However, during network transmission, our servers, CDN, or infrastructure providers may automatically process IP addresses to provide connectivity and security.
4. Data we process
4.1 Account data
When you sign in, we process your email address; one-time verification codes (email OTP) and/or password (stored and verified by our authentication service—we do not store plaintext passwords); and authentication session tokens.
4.2 Content you submit for AI generation
We process text and structured fields you enter in the plugin and related template identifiers solely to generate output on your Figma canvas. We do not automatically upload your entire Figma document. Only information you enter is sent to our service and contracted AI providers.
4.3 Payment data
Payment card details are collected and processed by Stripe, Inc. on Stripe-hosted pages. We receive only payment/subscription status, Stripe customer ID, subscription metadata, and product purchased.
4.4 Local storage in the plugin
The plugin may store login session (Figma clientStorage) and UI language / last-used email (localStorage). Sign out to clear the session.
4.5 Website (mapius.cc)
Our marketing site is largely static. We do not currently use advertising or cross-site tracking cookies.
5. AI processing and model training
Model training: We do not use your submitted inputs to train models owned or controlled by Mapius. We do not use your inputs to improve general-purpose AI models unless we obtain your explicit consent and update this policy.
Identification: We do not intentionally send your email address together with AI inputs to third-party AI providers to identify you.
OpenAI: https://openai.com/policies/privacy-policy
- Transmitted from the Figma plugin to our backend at api.mapius.cc;
- Forwarded by our backend to contracted AI processing providers (which may include third-party LLM APIs such as OpenAI, L.L.C., United States);
- Returned to the plugin and written into your Figma canvas under your control.
6. How we use data
We do not sell or share personal information for cross-context behavioral advertising (California residents).
- Operate accounts and authentication
- Deliver AI generation and template services
- Manage subscriptions and entitlements
- Maintain security and prevent abuse
- Respond to support requests
- Comply with applicable law
7. Storage and retention
Account data: kept while your account is active.
AI inputs: kept only as long as needed to complete the requested generation, troubleshoot issues, and meet legal obligations, then deleted or anonymized. We do not retain AI inputs for model training.
After account deletion: we delete or anonymize associated personal data within a reasonable period (typically within 30 days), except where retention is required by law or legitimate billing/tax records handled by Stripe.
- Account and subscription records are stored with our contracted authentication and database hosting providers and on servers operated in connection with api.mapius.cc.
- Generated output is written into your Figma file under your control.
- Payment instruments are stored by Stripe, not by us.
9. International transfers
Your personal data may be transferred to and processed in countries outside your own (including outside China), such as the United States, for AI content generation, payment processing (Stripe), authentication, hosting, and email delivery.
Purpose: only for account, generation, billing, and service operations described in this policy.
Safeguards: encryption in transit (HTTPS/TLS), access controls, data minimization, and where required by law, standard contractual clauses, separate consent, or other lawful mechanisms.
9.1 China residents (Personal Information Protection Law)
If you are located in the People’s Republic of China, we inform you that your personal information (such as email, login credentials, and inputs you submit for generation) may be transferred across borders for processing by overseas service providers. Purposes, types, and recipient categories are described in Sections 8 and 9. You may exercise rights under Section 11. Where separate consent is required by applicable law for cross-border transfer, we will obtain it as required. You may withdraw consent where permitted by law, but some features (such as AI generation) may no longer be available.
10. Security
We use reasonable technical and organizational measures (including encryption in transit, access controls, and secure authentication). No method of transmission or storage is 100% secure. If we become aware of a breach affecting your personal data, we will notify you as required by applicable law.
11. Your rights
Depending on where you live, you may have the right to access, correct, delete, export, restrict, or object to processing, and to withdraw consent where processing is consent-based.
How to exercise your rights: email support@mapius.cc with the subject line “Privacy Request”. We will respond within 30 days, or within the period required by applicable law.
Account deletion: email support@mapius.cc with the subject line “Delete My Account” from your registered email address.
EEA/UK: You may lodge a complaint with your local data protection supervisory authority.
California: We do not sell personal information. You may request access or deletion as described above.
China: You may exercise rights under the Personal Information Protection Law by contacting support@mapius.cc.
12. Children
Mapius is not directed to children under 16 (or the minimum age required in your country). We do not knowingly collect personal data from children. Contact us to request deletion if you believe a child provided data.
13. Changes to this policy
We may update this policy from time to time. We will post the new version at https://mapius.cc/legal/privacy/ (Chinese: https://mapius.cc/zh/legal/privacy/) and update the “Last updated” date. If changes are material, we may provide additional notice where required by law.
14. Contact
Liao Changjian (LIAO CHANGJIAN)
Email: support@mapius.cc
Website: https://mapius.cc