Maps require direct browser sharing
A live web map cannot appear out of nothing. When a page loads Google Maps Platform or OpenStreetMap resources, your browser has to request JavaScript, map tiles, style files, or geocoding responses from that provider. That direct request is what makes the map visible on screen.
Because the browser is making that request, the map provider can see the normal web-request data that every site sees for a resource fetch, such as your IP address, browser headers, the time of the request, and usually the referring page or site. For map tiles and place lookups, the provider can also infer the approximate area being viewed from the requested tiles or coordinates.
LocationNotes does not have a browser-only way to show a live third-party map without that sharing. The alternative would be not showing that live map at all.
What map providers do not automatically receive
A map provider does not automatically receive your private note body, team membership list, or internal permissions just because a map is shown. Those remain in LocationNotes unless a specific workflow intentionally sends a related lookup to the external service.
In practical terms, the provider can usually see that a browser asked for map resources for a certain area, but not the full private record you are editing unless the product explicitly sends that data for a separate feature.
External sign-in providers work the same way
If you choose Google Identity or Facebook Login sign-in, your browser is redirected to that provider so it can authenticate you. The provider can see that you are trying to sign in to LocationNotes, along with normal browser and network metadata. If you approve the login, the provider sends LocationNotes the account identifier and approved profile data needed to create or link your local account, such as email address, name claims, and the provider subject identifier.
LocationNotes stores the linkage needed to recognize that provider later. The provider also keeps its own record that your account was used to authenticate with this site, subject to that provider's own policies.
Optional analytics and operational infrastructure
LocationNotes also supports an optional Google Analytics tag. No Google Analytics browser requests are sent unless a measurement ID is configured for the host. If that tag is configured, the browser loads analytics code from Google and sends page-view and browser metadata that can include IP-derived regional information, device or browser details, and the referring page.
Separately from analytics, normal hosting and operations still create server-side records. Web servers, reverse proxies, application logs, security logs, and database transaction logs can capture request times, requested paths, status codes, and technical diagnostics so the service can stay secure and support incidents can be investigated.
Email and text delivery providers
LocationNotes currently uses Mailgun for transactional email delivery. That means the recipient email address, delivery headers, message content needed for the delivery, and delivery-status events can be processed by Mailgun so account-security and support-related mail can reach the recipient.
LocationNotes also has Twilio Messaging configuration in place for future text-message delivery. When that feature is enabled, the destination phone number, message content, carrier-routing metadata, and delivery-status events will need to be processed by Twilio to deliver the text and report whether it succeeded.
Deletion does not always erase every log instantly
When you delete an account or a synced record, LocationNotes removes the live product data that the deletion workflow is designed to remove. That does not always mean every copy disappears from every operational system at that same second. Backup sets, database transaction logs, short-term server logs, and incident records can persist until their normal rotation, overwrite, or retention window ends.
That extra retention is operational, not a second public copy of your content. It exists because real systems need disaster recovery, audit trails, fraud review, and security investigation records.
Legal requests are reviewed, not automatic
LocationNotes does not maintain an open feed that automatically hands user data to government agencies or private requesters. If a warrant, subpoena, court order, judgment, or similar lawful demand requires disclosure, the request is reviewed and the response is limited to what the law requires and what the system actually stores.
In practice, that usually means collecting the same underlying account, content, provider-link, support-ticket, and audit records that a user can already request through export workflows, plus any server, security, or backup records that must be preserved for the legal review. A valid legal hold can also delay normal deletion of affected records until the obligation is resolved.
Why this page exists
Privacy and Terms summarize the rule. This page goes deeper because map rendering, third-party login, analytics tags, and operational logging are easy to misunderstand if they are described only in one short sentence.