We never share or sell your data. Ever.

Geocodio's privacy policies, including specifications for GDPR and CCPA. How to exercise your rights, including deleting your Geocodio account.

The Bottom Line

You're probably on this page because you're curious about our privacy practices, or you want to exercise your privacy rights, like deleting your account. To make it simple for you:

Plain Language Privacy Policy

What follows is a plain language version of our Privacy Policy. You can download our formal privacy policy here.

Our commitment to data protection

The General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on May 25, 2018.

We are also subject to the California Consumer Privacy Act of 2018 (CCPA).

We also provide HIPAA-compliant geocoding via our Enterprise service.

As a company that values treating our users fairly and transparently, we welcome CCPA and GDPR's efforts to increase privacy across the board. We are fully committed to being compliant with data privacy laws.

This page outlines our commitment to complying with GDPR and CCPA and upholding our users' individual privacy and the privacy of the data they transmit to us. As best practices for implementing GDPR and CCPA evolve, we will make changes to this statement and to our product accordingly.

GDPR makes a distinction between “data controllers” and “data processors.” Geocodio is considered a “data controller” with regards to your account details and behavior on our website (such as your email address). We are a “data processor” with regards to the data you upload to our service (such as an API request or a file upload). Under CCPA, we are a Data Recipient, and you are a Data Provider. It is important to understand these distinctions so you can be better informed of your rights and the rights of the people whose data you transmit.

Geocodio GDPR-Compliant Products

As a data controller when it comes to your personal account details, our service is GDPR-compliant by default, even for non-EU users. We believe this is in everyone’s best interest.

Note this only applies to your personal account details, such as your email address, physical address, and consent to receive product updates. It does not cover data you upload to Geocodio, such as data about your customers. That is covered below under "Geocodio as a data processor."

If you want to upload data for EU persons, GDPR requires that we have a signed Data Processing Agreement with each other. Users who need a signed Data Processing Agreement must be on the Geocodio Unlimited plan at the time of signing (one-month or recurring). All users transmitting data about EU persons are required to have this plan. That is, if you’d like to upload a file or use our API with data about EU persons, you must have a Data Processing Agreement with us. You can sign a Data Processing Agreement on the dashboard. You can cancel the plan at any time on the dashboard.

Geocodio as a data controller: Your account details

Your website activity

We use several third-party vendors to help us improve our customer experience. We have signed Data Processing Agreements with all of our vendors. These vendors are: Intercom (customer support platform), Google Analytics (anonymized visit and traffic tracking), Ahrefs (anonymized traffic tracking), Satismeter (customer happiness surveys), Stripe (payments and invoices), QuickBooks (invoicing), Reform (forms), and Sentry (Error Tracking).

We have authorized these vendors collect several different kinds of data about our users, including:

  • Name
  • Email address, if provided (Intercom, Satismeter, Sentry)
  • Date of signup
  • Location based on IP address (Fathom Analytics, Intercom)
  • Website visits and behavior (pages visited, time on page, so forth) (Intercom, Fathom Analytics, Ahrefs)
  • Customer support conversation history (Intercom)
  • Feedback comments and ratings (Satismeter)
  • Payment information and history (QuickBooks, Stripe)

Frequency at which this data is deleted:

  • Fathom Analytics: Data is anonymized
  • Intercom: For signed up users, after account closure; for visitors, the data collected (IP, location, and conversation history) is automatically deleted after 9 months without a visit
  • Satismeter: After account closure
  • QuickBooks, Stripe: Credit card data is deleted after account closure. Invoice and payment history is never deleted due to tax and accounting purposes. After account deletion, Stripe payment history is tied to a customer number only that is stripped of any identifying details.
  • Sentry: Data is retained for up to 90 days

We use cookies on our website to signal your logged-in status and track behavior on our website.

We do not engage in psychographic profiling.

In compliance with the CCPA, we do not not (i) retain, use or disclose any Personal Information for any purpose other than for the specific purpose of providing services to our customers; and (ii) sell (as such term is defined under the CCPA) any Personal Information.

We may use your usage history to send you relevant messages, for example if you’ve used our Congressional district append in the past and we make changes or improvements to that append.

You can delete your account at any time via the dashboard.

You can delete any spreadsheet upload at any time via the dashboard. Spreadsheet uploads and API usage are deleted or retained according to our data retention policy.

When you sign up, we ask for your email address, your country, whether you are an EU citizen, whether you are transmitting any data about EU persons, whether you are over the age of 16, and whether all person data is for persons over the age of 16. We store this data to ensure GDPR compliance.

When you register, we store your IP address. This is so we can prevent abuse from people attempting to register multiple accounts.

Our user database is encrypted and regularly backed up to Amazon S3 in the US. Our website is hosted on Amazon S3 and CloudFront.

We have no known breaches in our past.

Your financial information

If you sign up for a paid plan with a credit card, your information is stored with Stripe, a PCI-compliant payments processing vendor. This is our default option, and you will be invoiced and billed directly through Stripe. Your financial information is never stored on our servers. If you have paper billing, invoices are stored with Quickbooks and/or Stripe. We have signed Data Processing Agreements with both vendors.

What we can see in Stripe and Quickbooks:

  1. Your name
  2. Email address
  3. Billing address
  4. Credit card type
  5. Last 4 digits of your credit card, for card differentiation purposes

We cannot see your full credit card number.

For accounting and tax purposes, we keep records of customer payments.

If you would like to remove your credit card information, you can do so on the dashboard at any time. Note that you will be charged for any outstanding balance before your credit card is deleted.

Geocodio as a data processor

We take data protection seriously and safeguard the data you transmit to us.

In compliance with the CCPA, we do not sell, share, or otherwise distribute data uploaded by customers.

For Standard customers, our API and spreadsheet upload tool are hosted on leased servers from Hetzner and are physically located in the EU. Our Enterprise service is hosted on AWS in the US. API requests are logged, and we occasionally analyze the logs as part of ongoing improvements or for billing purposes. To have a completely unlogged account, you will need to use our Enterprise version.

For the privacy of those whose data you are transmitting, we encourage you to only transmit location data through our services, and to remove any information that is not related to location.

Under no circumstances can sensitive data for EU persons be transmitted to Geocodio. This includes the following categories under Articles 9 and 10 of GDPR:

  • racial or ethnic origin,
  • political opinions,
  • religious or philosophical beliefs,
  • trade union membership,
  • genetic data (with the exception of our HIPAA-compliant product),
  • biometric data for the purpose of uniquely identifying a natural person,
  • data concerning health (with the exception of our HIPAA-compliant product),
  • data concerning a natural person’s sex life,
  • sexual orientation, or
  • criminal convictions and offenses or related security measures (with the exception of our HIPAA-compliant product).

You can see our data retention policy here.

You can delete your account at any time through the dashboard, which will delete all account-related data except for that which we need to retain for accounting and tax compliance purposes.

Contact

If you have any questions, please email us at hello@geocod.io.

Upload a spreadsheet now. No credit card required.

Upload SpreadsheetGet an API Key

Terms of Use

Geocodio's Terms of Use and API Use Guidelines.
Learn more

Security

Secure geocoding without compromises.

Infrastructure

Geocodio's resilient, hardened infrastructure processes over 2 billion lookups per month.

Data Retention Policy

Specifies the kinds of data we keep and how long we keep it for.

Delete Your Account

When logged in, you can permanently delete your account and all associated data by following the button below and scrolling to the bottom of the page.
Copyright © 2014-2024 Dotsquare LLC, Norfolk, Virginia. All rights reserved.