Whenever an Axsy Web App displays map information - examples include the Axsy Scheduler or the Map Console - the map tiles that the Axsy Web App uses to render the underlying map are retrieved from OpenStreetMap.

Any geo-location information that is then overlayed on the map - such as visit locations or the last reported location of a mobile user - stay within the Salesforce Platform and no data is ever shared with OpenStreetMap, which is used only as a read-only source of map tile image data. 

In this screenshot of the Axsy Map Console, the underlying map data - such as the street layouts and street names, etc. - is rendered using images from OpenStreetMap, but the pins representing the last reported locations of users is Salesforce data and is never shared with OpenStreetMap

Handling of Public Data vs. Private Data

The map tile image data used by the Axsy Web Apps is considered open-source, free-to-use, publicly available information. Axsy's use of OpenStreetMaps does not involve the storage, transmission or processing of any data stored in the Salesforce Platform with OpenStreetMaps, whether that data is private, sensitive or otherwise.

Whitelisting Access to OpenStreetMap

To ensure the map tile image data can be properly retrieved from OpenStreetMap, it may be necessary to whitelist OpenStreetMap as a trusted URL. 

Specifically, whitelisting will be required if the "Adopt updated CSP directives" setting is checked under Salesforce's Setup > Session Settings:

If "Adopt updated CSP directives" is indeed checked, you will need to configure *.openstreetmap.org as a trusted URL under Salesforce's Setup > Trusted URLs and make sure img-src content can be accessed: