Privacy Policy

Last updated: March 10, 2026

1. Data Controller

The data controller for the Georavity platform is Alphagorithm, based in Nuremberg, Germany. Contact: [email protected].

2. Data We Collect

Account Data

  • Email address (for authentication and communication)
  • Name (optional, for display purposes)
  • Password (stored as bcrypt hash — we never see your plaintext password)
  • API keys (stored as SHA-256 hashes)

Usage Data

  • Request counts per API key per endpoint (hourly and daily aggregates)
  • Error counts and average response latency

Data We Do NOT Collect

  • Request coordinates or routing destinations
  • Geocoding queries or results
  • IP addresses (used transiently for rate limiting, never stored)
  • Browser fingerprints, cookies, or tracking pixels

3. How We Use Your Data

  • Authentication: To verify your identity and authorize API access.
  • Billing: To track usage against your plan's quota.
  • Communication: To send transactional emails (verification, password reset, usage alerts).
  • Security: To detect abuse patterns and enforce rate limits.

We do NOT use your data for advertising, profiling, or selling to third parties.

4. Data Processing & Storage

  • All data is processed and stored exclusively in EU data centers (Hetzner, Germany).
  • No data is transferred outside the European Economic Area.
  • Database connections are encrypted. Internal services communicate via WireGuard tunnels.
  • Backups are encrypted at rest.

5. Third-Party Services

ServicePurposeData Shared
CloudflareDNS, SSL, DDoS protectionMetadata only (IP, TLS)
ResendTransactional emailEmail address, email content
StripePayment processingEmail, plan selection (no routing data)

6. Cookies

The Georavity website uses zero tracking cookies. No analytics cookies, no advertising cookies, no social media cookies. We use localStorage to store your authentication token (JWT) for dashboard access — this is not a cookie and is never sent to third parties.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of all data we hold about you.
  • Rectification: Correct inaccurate personal data.
  • Erasure: Request deletion of your account and all associated data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data.
  • Restriction: Request restriction of processing.

To exercise any of these rights, email [email protected]. We respond within 30 days.

8. Data Retention

  • Account data: Retained until you delete your account.
  • Usage data: Aggregated daily data retained for 12 months, then purged.
  • Logs: Server logs are rotated every 7 days with no personal data.

9. Changes to This Policy

Material changes will be communicated via email to registered users at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

10. Contact

Data Protection Officer: [email protected]

See also our Terms of Service and Trust Center.