Privacy Policy

At Thunderforest we take your privacy seriously. We only collect the personal information that is necessary to provide you with our services, and we do not sell or rent your data to anyone else.

We are fully compliant with data protection regulations and best practices, including:

  • The UK Data Protection Act 2018 (DPA 2018)
  • The UK General Data Protection Regulation (UK GDPR)
  • The European Union’s General Data Protection Regulation (GDPR).

This policy has been created to provide transparency to you about what personal information we collect and the purposes for doing so.

Information that you give us


When you register with us we store your name and email address. This is so that we can contact you later if there are changes to our service, and to provide you with information about your account, for example quota notifications. We also store the IP address that you register with, to prevent abuse and as part of our establishing your location for tax reasons.

Our registration system is securely hosted by Heroku, a division of Salesforce.

Financial Information

If you become a paying customer, we require your address and VAT information for tax reasons. You provide your payment card information to our payment partner (Stripe) and we do not store the card number ourselves. We do store the last four digits of the card number, to provide you this information when you are managing your payments, and the card expiry so that we can notify you when you need to update your card information.

We share your financial information with our bookkeeping service provider (Xero), our accountant and the UK Tax authority (HMRC) in order to comply with tax and accounting laws.

Feedback and Surveys

To improve our product, we may ask for your feedback on our product and services. We may store this voluntary information for internal reference only, unless otherwise specified by you in writing.

Information that we collect from you


Our website is hosted by Gitlab. We use Fathom Analytics as a privacy-focussed, GDPR compliant analytics service.

Services (API)

Our services are hosted by Hetzner and are physically located in the EU. When you send us an API request we log details of the request and send you the response. We store this information for later analysis to improve the services that we provide, to ensure the integrity and security of the services, and for billing purposes.


We use Mandrill for sending account notifications to you. We also use Highrise to manage our customer support emails.

Summary of how we use this information

We use the personal information that we collect in order to:

  • Provide the services that you have requested
  • Prevent fraud and abuse of our services
  • Perform our required accounting and tax processes
  • Perform internal business analysis

We do not sell or rent your data to anyone else.

Summary of disclosure of your information

We disclose certain information to our specified business partners, as described in this policy. We may have a legal duty to share your information with tax or financial authorities, or if otherwise required by law or Court Order.

Protection of your information

We make every effort to ensure that your information is secure. We do so by using industry-standard security practices, including using TLS for all personal information, and by ensuring that our software and operating systems are secure and regularly updated.

Data Accuracy and Deletion

We maintain accurate personal information by allowing you to update your details through our website. If you want to remove your personal information from our systems, you can close your account through our website at any time. We may retain a copy of your account information for up to 7 days after you close your account, to provide customer support and to prevent abuse.

For free accounts that are no longer active, we will delete your account after 12 months of inactivity (not having logged in, and not having made any API requests).

For paying customers, we will still keep records of all completed transactions for tax and accounting purposes.


If you have any questions about our Privacy Policy that aren’t answered in this document, please contact us.

Stay Informed

Significant changes to this policy will be announced on our blog. This policy was last updated on 6 January 2023.