Our commitment to data protection
The General Data Protection Regulation (GDPR) is European Union
legislation to strengthen and unify data protection laws for all
individuals within the European Union. The regulation becomes effective
and enforceable on May 25, 2018.
As an EU business, founded and run by EU citizens, but also as people
who value privacy, we are fully committed to being compliant with GDPR.
This page lays out our commitment to data protection and makes
transparent what data we store about our users.
In the lead up to the arrival of GDPR we will be reviewing our data
protection practices and those of the service providers we rely on.
We will update this document regularly, but what will not change is our
commitment to being fully compliant with GDPR and all best practices to
ensure the privacy of our users.
Should you have any questions about this topic feel free to write to
write to us at firstname.lastname@example.org or via
our contact form
What data do we collect?
On our website:
Our website (as opposed to our geocoding API) is hosted by
, a division of SalesForce,
On our website we use
us understand, in anonymized form, how the site is being used.
When registering for a free trial, users will need to provide us with
an email address. We then confirm that the address works by emailing
you a confirmation link. We need an email address so we can contact
you regarding any changes to our service or for example to this privacy
We also ask for (but do not require) a few other bits of information
like name, how you found out about our service, which programming
languages you use. We ask these questions so we can better help you get
started with using our service. You answers are stored in a database
within Heroku and accessible to our employees. That database is
regularly encrypted and backed up outside of Heroku. You can see the
information you provided us with on your account dashboard.
Registering for a free trial requires
acceptance of our publicly available
terms and conditions
Via our API:
Our API servers are leased from hosting service
and physically in the EU
(in Germany, specifically). When you send us an API request we send you
a response and then log the query. We later analyze the logs to see how
we can improve our service. While you should only ever be sending us
geographic data and NOT personal data, if you use
we will not store your query in our logs. We encourage you to use this
Our query logs are encrypted and regularly backed up with
Customer/Financial transaction information:
If you become a paying customer (as opposed to just using our free-trial)
you will need to provide us and our payment partners
for the billing,
for the invoicing) with
valid billing information. We will be able to see your billing address
and VAT number (if you have provided one). We are not able to see your
credit card number, only Stripe has access to that.
As you would expect of any business, we of course share transaction
data with the our accountants and with the relevant tax authorities
when we pay VAT and file our annual tax return.
In addition, we use the business analytics service
for internal business
analysis. They also have details of customer purchasing history.
Any user (paid or free-trial) can request to have their account deleted
at any time, this can be done inside your account dashboard or by
Free trial accounts that have not been active for six months are deleted.
For paying customers we of course have to keep records of all completed
transactions for tax purposes.