Security & Privacy

How Base Map protects your API keys and data

Client-Side Only Architecture

Your API keys never leave your browser

Base Map is designed with a client-side only architecture, which means:

All API keys are stored exclusively in your browser's local storage
API requests to Airtable and Gemini are made directly from your browser
No data or credentials ever pass through our servers
Your browser communicates directly with the API providers

Local Storage Security

How your credentials are stored locally

When you enter your API keys:

They are saved to your browser's local storage
They remain on your device only
They persist between sessions so you don't need to re-enter them
They can be cleared at any time by using the purge function

Local storage is isolated to your browser and device, making it a secure way to store credentials for client-side applications.

Data Flow Protection

How your data moves securely

Airtable Flow

You enter your Airtable Personal Access Token (PAT) and Base ID
Your browser stores these credentials locally
When you fetch a schema, your browser makes a direct API call to Airtable
The schema is returned directly to your browser
No data passes through Base Map servers

Gemini Flow

You enter your Gemini API key
Your browser stores the key locally
When analyzing a schema, your browser makes a direct API call to Gemini
The analysis is returned directly to your browser
No data passes through Base Map servers

Best Practices

Recommendations for API key security

Use API keys with the minimum required permissions
For Airtable, create a PAT with access only to the bases you need
For Gemini, consider using an API key with usage limits
Clear your stored credentials when using shared or public devices
Keep your browser updated to benefit from the latest security patches

Remember:

While Base Map is designed to keep your API keys secure, you should always follow your organization's security policies when handling API credentials.

How we handle your data

Data Collection

Base Map does not collect, store, or transmit any personal data or API keys to our servers. All data processing occurs entirely within your browser.

Data Usage

API keys are stored only in your browser's local storage
Schema data fetched from Airtable remains in your browser
Analysis results from Gemini are displayed only in your browser
No analytics or tracking cookies are used

Third-Party Services

Your browser communicates directly with:

Airtable API: To fetch base schemas (requires your PAT)
Google Gemini API: To analyze schemas (requires your API key)

These services have their own privacy policies and data handling practices.

Data Deletion & Retention

Control over your data

Data Retention

All data (API keys, schemas, analysis results) is stored exclusively in your browser's local storage. Data persists until:

You manually clear it using the "Purge Storage" feature
You clear your browser's local storage/cache
You uninstall or reset your browser

Data Deletion

You have complete control over your data:

Use the "Purge Storage" button on the main page to instantly remove all stored data
Clear individual API keys by removing them from the input fields
No data exists on our servers to delete

Important:

Since Base Map stores no data on servers, there is no account to delete or data to request. All data management happens in your browser.

Google OAuth Authentication

For user accounts and payments only

Authentication Purpose

Base Map uses Google OAuth solely for:

Creating and managing your user account
Processing payments through Stripe
Providing access to premium features

Google OAuth Scopes

We request minimal Google account permissions:

openid - Authenticate your identity
email - Access your email address
profile - Access your basic profile info (name, picture)

Important:

Google OAuth is ONLY used for user authentication. Your Airtable and Gemini API credentials are NEVER sent to our servers and remain exclusively in your browser.

API Credentials & Permissions

How your API keys are handled

Airtable Permissions

Base Map requires minimal Airtable permissions:

schema.bases:read - Read base schema only
No access to actual record data
No write permissions
No user information access

Google Gemini API Key

Your Gemini API key is used to:

Send schema data for analysis directly from your browser
Receive AI-generated insights
Never stored in our database
Remains in your browser's local storage only

Client-Side Security:

Your API credentials (Airtable PAT and Gemini API key) are:

Never sent to our servers
Never stored in our database
Never associated with your user account
Kept exclusively in your browser's local storage

Payment Processing

Secure payments through Stripe

Payment Security

We use Stripe for secure payment processing:

Payment information is processed directly by Stripe
We never store credit card details
All payment data is encrypted and PCI compliant
Stripe handles all sensitive financial information

Account Information

Your Google account is used only to:

Create a unique user ID for payment processing
Associate your subscription with your account
Send payment receipts to your email

Your agreement with Base Map

Service Usage

By using Base Map, you agree to:

Use the service in compliance with all applicable laws
Not misuse or attempt to reverse-engineer the service
Maintain the security of your own API credentials
Accept responsibility for API usage costs with third-party providers

Account Terms

When you create an account:

You must provide accurate account information
You are responsible for maintaining account security
You may cancel your subscription at any time
Refunds are provided according to our refund policy

Liability & Warranties

Base Map is provided "as is" without warranties. We are not liable for:

API costs incurred with Airtable or Google Gemini
Data loss due to browser issues or user error
Service interruptions or third-party API outages
Indirect or consequential damages

Contact:

For questions about these terms or to request account deletion, please contact support.