Last updated · June 5, 2026
This Privacy Policy explains how Naylalabs Yaz. Tic. Ltd. Şti. (“Naylalabs”, “we”, “us”), the company behind Tint, collects, uses and protects personal data when you use tintmap.dev, the Tint dashboard, and the maps you embed with Tint (together, the “Service”). We act as the data controller for account data, and as a processor for the map content you publish.
Tint is operated by Naylalabs Yaz. Tic. Ltd. Şti., registered in Türkiye and located at Ulubağ mah. Harran Teknokent 387/A, Şanlıurfa, Türkiye.
For any privacy question or to exercise your rights, contact us at [email protected].
Account data — when you create a workspace we collect your name, email address and a hashed password (or your Google account identifier if you sign in with Google), plus the workspace name you choose.
Map content — the maps you build: themes, locations, markers, labels and embed settings. This is content you provide and control.
Usage & metering — when one of your published maps loads on a website, our embed servers record a load event containing your organization id, the map id, the embedding site’s domain (from the HTTP referrer) and your plan, so we can count loads against your quota. We do not collect personal data about your end visitors.
Billing data — payments are processed by our payment provider (Creem) acting as merchant of record. We receive your plan, subscription status and the last four digits / card brand for display; we never see or store full card numbers.
Communications & support — emails you send us, and the transactional emails we send you (verification, password reset, billing, quota).
Technical & cookies — a first-party session cookie to keep you signed in, plus basic analytics (see “Cookies & analytics”).
To provide and operate the Service (create your workspace, store and serve your maps, enforce plan limits), to process billing, to send you service and account emails, to keep the Service secure and prevent abuse, to understand and improve the product in aggregate, and to comply with our legal obligations.
Where the GDPR or Türkiye’s KVKK (Law No. 6698) applies, we process personal data on the bases of: performance of our contract with you (providing the Service and billing); your consent (e.g. optional analytics cookies); our legitimate interests (security, abuse prevention, product improvement); and compliance with legal obligations.
Maps you publish are served from our embed domain and rendered using open map tiles from OpenStreetMap and OpenFreeMap. When a visitor loads one of your embedded maps, we log the metering event described above for quota purposes. We do not set tracking cookies on your visitors and do not build profiles of them.
We share data only with providers that help us run the Service, under appropriate safeguards: Cloudflare (hosting, database, edge compute, usage metering and asset storage), Creem (payments and subscription management as merchant of record), Resend (transactional email delivery), Google Analytics (website and dashboard analytics), and OpenStreetMap / OpenFreeMap (map tiles). We do not sell your personal data.
We use a strictly-necessary first-party cookie to keep you signed in. We use Google Analytics on our marketing site and dashboard to understand traffic and conversions in aggregate; this may set analytics cookies. You can block cookies in your browser, though the dashboard needs the session cookie to work.
We keep your account and map data for as long as your workspace exists. If you delete your account or a map, we delete the associated data within a reasonable period, except where we must retain limited records (e.g. invoices) to meet legal or accounting obligations. Aggregated usage metrics are retained on a rolling basis.
Our infrastructure runs on global edge providers, so your data may be processed in countries outside your own, including outside Türkiye and the EEA. Where required, such transfers are covered by appropriate safeguards such as Standard Contractual Clauses.
Subject to applicable law (GDPR / KVKK), you may request access to your personal data, correction, deletion, restriction or objection to processing, and data portability, and you may withdraw consent at any time. To make a request, email [email protected]. You also have the right to lodge a complaint with your data protection authority — in Türkiye, the Personal Data Protection Authority (KVKK Kurumu).
We protect data with encryption in transit, hashed passwords, scoped access controls and reputable infrastructure providers. No system is perfectly secure, but we work to keep your data safe and will notify you of any breach affecting your personal data as required by law.
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
We may update this policy from time to time. We’ll change the “Last updated” date and, for material changes, notify you by email or in the dashboard.
Naylalabs Yaz. Tic. Ltd. Şti. · Ulubağ mah. Harran Teknokent 387/A, Şanlıurfa, Türkiye · [email protected].