1. Introduction
GeoHunter Inc. (“GeoHunter,” “we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered geolocation detection SaaS platform, geohunter.ai (the “Platform”).
This policy is designed to be compliant with major global data protection regulations, including the General Data Protection Regulation (GDPR), Turkey's Law on the Protection of Personal Data (KVKK), and the California Consumer Privacy Act (CCPA).
2. Data Controller
GeoHunter Inc. is the data controller responsible for your personal data. You can contact us at: privacy@geohunter.ai
3. Information We Collect
3.1. Information You Provide to Us
- Account Information: When you register for an account, we collect your name, email address, and a hashed version of your password.
- Payment Information: When you subscribe to a paid plan, we collect payment information. This information is processed directly and securely by our third-party payment processor, Stripe. We do not store your full credit card details on our servers.
- Content You Upload: We collect the images you upload to the Platform for geolocation analysis.
3.2. Information We Collect Automatically
- Usage Data: We collect your search history on the Platform, including the images you've analyzed and the results.
- Technical Data: We may collect your IP address and browser/device information for security purposes, authentication, and to ensure the proper functioning of the Platform.
4. How We Use Your Data
We only process your personal data when we have a valid legal basis:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and manage your account | Account, Usage, Technical | Art. 6(1)(b) - Contract |
| Process subscription payments | Account, Payment | Art. 6(1)(b) - Contract |
| AI-powered geolocation analysis | Uploaded Images | Art. 6(1)(b) - Contract |
| Secure Platform and prevent fraud | Technical, Account | Art. 6(1)(f) - Legitimate Interest |
| Remember your preferences | Functional cookies | Art. 6(1)(a) - Consent |
| Comply with legal obligations | Account, Payment, Usage | Art. 6(1)(c) - Legal Obligation |
5. Data Sharing and Disclosure
We do not sell or share your personal data with third parties for their marketing purposes. We only share data with:
- AI Service Providers: Google Gemini API, OpenAI GPT-4o API, and Anthropic Claude API process uploaded images solely on our behalf under strict data processing agreements.
- Payment Processor: Stripe processes payments directly; we do not store credit card details.
- Mapping Services: Google Street View Static API and Nominatim/OpenStreetMap for geocoding.
- Infrastructure Providers: Cloud hosting providers to host the Platform.
- Legal Authorities: When required by law or valid legal requests.
6. International Data Transfers
Your personal data may be transferred to and processed in countries other than your own. Our AI service providers and infrastructure providers may be located in the United States. We rely on the European Commission's Standard Contractual Clauses (SCCs) and conduct Transfer Impact Assessments (TIAs) to ensure adequate protection.
7. Data Retention
- Account Information: For as long as your account is active, plus a reasonable period for legal or security reasons.
- Uploaded Images & Search History: Retained as part of your account data. Free tier: 90 days. Paid users: 365 days. You can delete at any time.
- Payment Records: As required by tax and financial laws (typically 7-10 years).
8. Data Security
We implement robust technical and organizational security measures including encryption of data in transit (TLS/SSL), bcrypt password hashing, HTTP-only secure cookies, token rotation with blacklisting, rate limiting, and strict access controls.
9. Your Data Protection Rights
9.1. EEA/UK Users (GDPR)
- Right of Access (Art. 15): Request copies of your personal data.
- Right to Rectification (Art. 16): Request correction of inaccurate data.
- Right to Erasure (Art. 17): Request deletion of your data.
- Right to Restrict Processing (Art. 18): Request restriction of processing.
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests.
9.2. Turkey Users (KVKK)
- Right to Learn (Art. 11): Learn whether your data is processed and request information.
- Right to Rectification: Request correction of incomplete or inaccurate data.
- Right to Erasure/Destruction: Request deletion under Art. 7 conditions.
- Right to be Notified: Request info on third parties your data is transferred to.
9.3. California Users (CCPA)
- Right to Know: What personal information we collect, use, and disclose.
- Right to Delete: Request deletion of your personal information.
- Right to Correct: Request correction of inaccurate data.
- Right to Non-Discrimination: Not be discriminated against for exercising rights.
- No Sale or Sharing: We do not sell or share your personal information.
To exercise any of these rights, contact us at privacy@geohunter.ai.
10. Children's Privacy
Our Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes via email. Continued use of the Platform after changes constitutes acceptance.
12. Contact Us
For any questions, contact our Data Protection Officer at: dpo@geohunter.ai or privacy@geohunter.ai.