Privacy page for Carto | Learn how Carto handles privacy

Contact information

Privacy policy

The privacy policy by is a legal document or statement that discloses how CARTO gathers, uses, discloses, and manges their customers' data.

View privacy policy for CARTO

Privacy contact information

Get the contact information for CARTO privacy team or DPO.

Privacy contact information for CARTO

Data transfers

The basis for CartoDB sharing, adding, uploading, hosting, accessing or sending personal data out of Europe. Vendors can also add a description of their own impact assessment for data transfers.

View CARTO's data transfers information

Security information & certifications

Documentation of the security measures and practices CartoDB has in place when handling personal data.

View CARTO's security information

Personal data

A description of the personal data that CartoDB is handling.

Sensitive and ordinary information being collected by CARTO's

Data processing agreements

A DPA is a contract that defines clear roles and obligations for the sharing of personal data.

Get CARTO's data processing agreement(s)

Data retention & deletion

Information about how long the data is kept for and when it's deleted.

Get CARTO's data retention information

Subprocessors

Subprocessors are companies that provide a service for CartoDB and who has or potentially will get access to personal data of their customers.

Get CARTO's list of subprocessors

Processing locations

Where personal data is processed by CartoDB

Get CARTO's full list of data processing locations

Processing locations of CartoDB's subprocessors

Where personal data is processed by the subprocessors of CartoDB

Get full list of data processing locations of CARTO's subprocessors