Overview
GeoServer ("we," "our," or "us") operates geospatial data platforms, mapping services, and related software tools. We are committed to protecting the privacy of all users, especially children under the age of 13 (or the applicable age of consent in your jurisdiction, such as 16 under the GDPR).
This Children's Privacy Policy supplements our main Privacy Policy and explains our practices regarding the collection, use, and disclosure of information from children. Our services are not directed to children under the age of 13, and we do not intentionally collect personal information from children without verifiable parental consent.
π Key Commitment
We do not knowingly collect, use, or disclose personal information from children under 13 without prior verifiable parental consent, in full compliance with the U.S. Children's Online Privacy Protection Act (COPPA) and applicable international laws.
Information We Do Not Collect from Children
Because our services are designed for enterprise and professional geospatial use, we do not market to or intentionally collect personal information from children. However, should we become aware that personal information from a child under 13 has been provided without parental consent, we will take immediate steps to delete such information from our systems.
For transparency, the following types of information are not collected from children:
- Names, email addresses, or physical addresses β We require verified adult accounts for registration and use of our services.
- Geolocation data β While our tools process geospatial data, we do not track or collect the personal location of individual users, especially children.
- Photographs, audio recordings, or video β Our services do not solicit or store media files from users under 13.
- Device identifiers or persistent cookies β We do not install tracking cookies on devices used by children.
- Social security numbers or payment information β No financial or sensitive government identifiers are collected from children.
Use of Information
In the rare event that we inadvertently collect information from a child, that information is not used for any purpose other than to identify the situation and promptly delete the data. We do not:
- Profile or build behavioral profiles of children;
- Target advertising to children;
- Share, sell, or trade children's information with third parties;
- Use children's information for automated decision-making or profiling.
β οΈ Important Notice
If you believe a child has provided us with personal information without parental consent, please contact our Data Protection Officer immediately using the contact details provided in Section 11.
Disclosure and Sharing
We do not disclose, share, or sell personal information collected from children to any third party. The only exceptions are:
- With verifiable parental consent β If a parent or guardian provides documented consent, we may process the child's information solely for the purpose specified in the consent.
- To comply with the law β We may disclose information if required by applicable law, regulation, legal process, or governmental request.
- To protect safety β We may disclose information if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of GeoServer, our users, or the public.
Security Measures
We implement industry-standard technical and organizational measures to protect all data processed through our platforms, with particular attention to the safety of minors. These measures include:
- Encryption in transit and at rest β All data communications use TLS 1.3 or higher, and stored data is encrypted using AES-256.
- Access controls β Strict role-based access limits who can view or process any user data within our organization.
- Regular security audits β Independent third-party penetration testing and vulnerability assessments are conducted quarterly.
- Data minimization β We collect only the minimum data necessary for service delivery and retain it only as long as required.
- Age verification β Registration processes include age-confirmation steps to prevent under-13 accounts.
π No Child Account Creation
Our registration system is configured to prevent account creation by users who indicate they are under 13 years of age. If a user selects an age under 13, the registration process will be halted and no data will be stored.
Parental Rights and Controls
Parents and legal guardians have the right to:
- Review β Request access to any personal information we may have collected from their child.
- Delete β Demand the deletion of any child's personal information from our systems.
- Refuse further collection β Opt out of any future collection or use of their child's information.
- Revoke consent β Withdraw previously given consent at any time, after which we will cease processing and delete the data.
- Provide consent β If a parent wishes their child to use GeoServer services, they may provide verifiable consent through our designated process.
To exercise any of these rights, parents should contact our Data Protection Officer. We will verify the parent's identity and relationship to the child before processing the request, and respond within 30 days as required by law.
Cookies and Tracking Technologies
We do not use cookies, web beacons, local storage, or similar tracking technologies to collect personal information from children. Our cookie policy is designed for adult users, and we take reasonable steps to ensure that tracking technologies are not deployed on content accessible to children.
For our adult user base, we use only essential and analytics cookies. You can manage cookie preferences through your browser settings or our cookie consent banner. No cookies are placed without explicit user consent, and no child-specific tracking occurs under any circumstances.
Third-Party Services
GeoServer may integrate with third-party services such as cloud hosting providers, payment processors, and analytics tools. We require all third-party partners to comply with applicable privacy laws, including COPPA. We do not permit third-party partners to collect information from children through our platform.
Our platform does not contain third-party advertising, and we do not link to external websites that are directed toward children. Users should be aware that once they leave our platform, other websites may have different privacy practices.
Data Retention and Deletion
We retain personal information only as long as necessary to provide our services or as required by law. Specifically regarding children's data:
- Inadvertently collected data β Deleted within 48 hours of discovery.
- Data collected with parental consent β Retained only for the duration and purpose specified in the consent, and deleted immediately upon revocation.
- Account records β If an account is identified as belonging to a child under 13, it is deactivated and all associated data is purged within 7 days.
Changes to This Policy
We may update this Children's Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post the updated policy on this page with a new "Last Updated" date;
- Notify affected users via email if the changes impact data previously collected;
- Obtain new parental consent if required by the changes under applicable law.
We encourage parents and guardians to review this policy periodically.
Contact Us
If you have questions or concerns about this Children's Privacy Policy, our data practices, or if you believe we have inadvertently collected information from a child, please contact us using the methods below:
GeoServer β Data Protection Officer
We take children's privacy seriously. Our team is available to respond to inquiries, requests, and concerns within 30 days.
Attn: Data Protection Officer
100 Geospatial Way, Suite 200
San Francisco, CA 94105
United States
MonβFri, 9AMβ5PM PST
You may also file a complaint with the Federal Trade Commission (FTC) or your local data protection authority if you believe our practices violate applicable law.