Privacy Policy
Last updated: April 15, 2026
1. What we collect
- Account information. Name, email, company name, password hash (we never see your plaintext password).
- Payment information. Stripe handles all payment processing. We store only your Stripe customer ID and subscription ID. We never see or store card numbers.
- Tool usage data. Which tools you use, when, and how long they take. Used for service analytics and billing.
- Uploaded files. Deeds, point files, field photos, and similar files you provide to run tools or submit jobs. Stored on Cloudflare R2 in your private folder.
- Cookies. First-party session cookies for authentication and a 90-day affiliate-attribution cookie (
gg_ref). No third-party ad or tracking cookies.
2. How AI processing works
Every AI-powered feature — AI deed parsing, zoning research, symbol classification — runs on infrastructure owned and operated by GeoGear in our Metro Detroit office. Your documents are never sent to OpenAI, Google, Anthropic, or any other third-party AI service.
All traffic between your browser and our servers is encrypted (HTTPS / TLS 1.2+), and the connection to our AI backend is tunneled over an encrypted, authenticated channel.
3. Training data opt-in
In your account settings, you can opt in to let GeoGear use anonymized versions of your description keys, linework conventions, and symbol mappings to improve the AI for all customers.
What gets collected (opt-in only)
- Description key codes and their mappings (EP → Edge of Pavement, etc.)
- Linework prefix/suffix conventions (.S, .C, .X, numbered suffixes)
- Symbol assignments per code
- Layer-naming patterns (company-specific prefixes generalized away)
What always gets stripped before training
- Company name, address, phone, email, contact names
- Project names, job numbers, client names
- Geographic coordinates (randomized or shifted to origin)
- Any text that could contain personally identifying information
4. Data retention
- Account data: kept as long as your account is active.
- Canceled accounts: data retained for 90 days, then permanently deleted.
- Uploaded files: governed by the subscription tier's lifecycle rules (typically 1 year after upload; storage quota is enforced continuously).
- Authentication logs: 90 days.
- Usage logs: 24 months, aggregated thereafter.
5. Third parties
We share information with the following service providers solely to deliver the Service:
- Stripe — payment processing. See Stripe's privacy policy.
- Vercel — hosts the frontend. See Vercel's privacy policy.
- Cloudflare — hosts the R2 storage bucket and the tunnel between our frontend and AI gateway. See Cloudflare's privacy policy.
- Resend — sends transactional emails (receipts, password resets, etc.).
- Neon — managed Postgres database.
We do not sell or rent your data. We do not share it for marketing purposes.
6. Your rights
Depending on where you live, you may have the right to:
- Access, correct, or delete your personal data.
- Export a copy of your data in a portable format.
- Opt out of marketing emails (unsubscribe link in every email).
- Revoke AI training consent at any time in your account settings.
- File a complaint with a data protection authority.
Submit requests to privacy@geogearsupply.com. We'll respond within 30 days.
7. Children
The Service is not intended for use by anyone under 18. We do not knowingly collect data from children.
8. Security
All data in transit is TLS-encrypted. Data at rest is encrypted by the respective providers (Neon, R2, and our local ZFS pool all use AES-256). Passwords are hashed with bcrypt (cost 12). We log authentication events and alert on suspicious patterns.
9. Changes to this policy
We'll notify you of material changes by email at least 14 days before they take effect. The "last updated" date at the top of this page always reflects the current version.
10. Contact
Questions? Email privacy@geogearsupply.com.