Data Policy
thisRoadmap
Effective Date: December 26, 2025
This Data Policy describes how MicroMega Solutions, LLC ("Company," "we," "us," or "our") collects, stores, processes, and protects data within the thisRoadmap software-as-a-service platform (the "Service"). This policy supplements our Privacy Policy and Terms of Service, providing additional detail on our data handling practices.
1. Data Categories
We process the following categories of data:
| Data Category | Description |
|---|---|
| Account Data | Name, email address, company name, account credentials, subscription status |
| User Content | Roadmaps, items, hierarchies, comments, and all content created within the Service |
| Usage Data | Features used, pages visited, session duration, interaction patterns |
| Technical Data | IP address, browser type, device type, operating system, referring URLs |
| Transaction Data | Billing history, payment records, subscription changes (processed by Stripe) |
2. Data Storage and Infrastructure
2.1 Cloud Infrastructure
All data is stored on Microsoft Azure cloud infrastructure. Azure provides enterprise-grade security, including physical security controls, network isolation, and compliance with major security standards including ISO 27001, SOC 2, and GDPR.
2.2 Data Location
All data is stored and processed exclusively in the United States. We do not store or process data in data centers outside the United States. If you are accessing the Service from outside the United States, your data will be transferred to and stored in our US-based data centers. For users in the European Economic Area, we ensure appropriate safeguards are in place for this international data transfer.
2.3 Encryption
We implement encryption to protect your data: data in transit is encrypted using TLS 1.2 or higher, and data at rest is encrypted using AES-256 encryption. Authentication credentials are hashed using industry-standard algorithms.
3. Data Processing
3.1 Purpose Limitation
We process data only for specified, explicit, and legitimate purposes. Your User Content is processed solely to provide the Service. We do not use your User Content for advertising purposes or sell it to third parties.
3.2 Data Minimization
We collect and retain only the data necessary to provide and improve the Service. We regularly review our data collection practices to ensure we are not collecting unnecessary information.
3.3 Automated Processing
We may use automated systems to analyze usage patterns for service improvement. We do not use automated decision-making that produces legal effects or similarly significant effects on users without human oversight.
4. Data Retention and Deletion
4.1 Active Accounts
While your account is active, we retain all data necessary to provide the Service. You may delete specific User Content at any time through the Service interface.
4.2 Account Deletion
When you delete your account, we delete your personal information and User Content. We do not retain user data after account deletion except as required by law or for the following limited purposes: fraud prevention, legal compliance, and dispute resolution.
4.3 Deletion Timeline
Upon account deletion request, we initiate the deletion process immediately. Complete deletion from active systems occurs within 30 days. Backup systems may retain encrypted copies for up to 90 days before automatic purging.
4.4 Anonymized Data
We may retain anonymized, aggregated data that cannot be used to identify you for analytical and service improvement purposes. This data is not subject to deletion requests.
5. Data Portability and Export
5.1 Export Formats
You may export your User Content in PDF format at any time while you have an active account. Export functionality is available through the Service interface.
5.2 Complete Data Export
Upon request, we can provide a complete export of your personal data in a structured, commonly used, machine-readable format. To request a complete data export, contact us at support@micromeg.com. We will fulfill such requests within 30 days.
5.3 Export Before Deletion
We strongly recommend exporting your data before canceling your subscription or deleting your account. Once your account is deleted, we cannot recover your User Content.
6. Third-Party Data Processors
We engage the following third-party data processors:
| Provider | Purpose | Data Processed |
|---|---|---|
| Microsoft Azure | Cloud hosting | All service data |
| Stripe | Payment processing | Payment details, billing information |
| SendGrid | Email delivery | Email address, name |
| Google Analytics | Usage analytics | Usage data, device info, anonymized IP |
All third-party processors are contractually bound to process data only as instructed by us and to implement appropriate security measures.
7. Data Security Measures
We implement comprehensive security measures including:
Access Controls: Role-based access control, multi-factor authentication for administrative access, and regular access reviews.
Network Security: Firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access.
Application Security: Secure development practices, regular security testing, and vulnerability assessments.
Monitoring: Continuous monitoring of systems for security incidents and anomalies.
Incident Response: Documented incident response procedures for handling security events.
8. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by law. For users in the EEA, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach. We will provide you with information about the nature of the breach, the types of data involved, and steps we are taking to address the situation.
9. Your Data Rights
Depending on your location, you may have the following rights regarding your data:
Access: Request information about the data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your data.
Portability: Receive your data in a portable format.
Restriction: Request limitation of processing.
Objection: Object to certain types of processing.
To exercise any of these rights, contact us at support@micromeg.com. We will respond within 30 days.
10. Changes to This Policy
We may update this Data Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before taking effect. The "Effective Date" at the top of this document indicates when the current version became effective.
11. Contact Information
For questions about this Data Policy or to exercise your data rights, please contact us at:
MicroMega Solutions, LLC
PO Box 530705
Debary, FL 32753
Email: support@micromeg.com