Information We Collect

Transparency, security, and respect for your data are foundational to GeoServer. This page outlines what we collect, why we collect it, and how we protect it.

Last Updated: October 24, 2025

1. Introduction & Scope

At GeoServer, we build enterprise-grade geospatial infrastructure. To deliver reliable mapping, analytics, and spatial data services, we must process certain types of information. This policy applies to our cloud platform, self-hosted deployments, support portals, and related web properties.

Our Commitment We never sell your personal or spatial data. All information collected is used strictly to improve our services, ensure platform security, and comply with legal obligations.

2. What Information We Collect

We collect information in four primary categories, depending on how you interact with our platform:

2.1 Account & Identity Information

  • Name, email address, and organizational role
  • Authentication credentials (hashed & salted)
  • Billing and payment details (processed by PCI-compliant third parties; we do not store raw card numbers)
  • Company name and department for team/admin management

2.2 Geospatial & Project Data

  • Uploaded map layers, GeoJSON, Shapefiles, GeoTIFFs, and vector/raster datasets
  • Coordinate reference systems (CRS) and spatial extents
  • Custom styling rules (SLD, CSS, XML), tile caches, and rendering configurations
  • Metadata, tags, and dataset descriptions you define

2.3 Usage & Technical Data

  • API requests, WMS/WFS/WCS query logs, and endpoint usage metrics
  • IP addresses, device type, browser version, and operating system
  • Session duration, page views, and feature interaction patterns
  • Error logs, crash reports, and performance telemetry from self-hosted instances (opt-in)

2.4 Cookies & Tracking Technologies

We use essential cookies for authentication and session management, analytics cookies to understand platform usage, and preference cookies to remember language and UI settings. You may manage cookie preferences via your browser or our in-app privacy controls.

3. How We Use Your Information

  • Service Delivery: Process spatial queries, render map tiles, manage layers, and maintain workspace integrity.
  • Security & Compliance: Detect unauthorized access, prevent API abuse, enforce rate limits, and maintain audit trails.
  • Product Improvement: Analyze aggregate usage patterns to optimize rendering engines and storage architecture.
  • Customer Support: Troubleshoot issues, respond to tickets, and provide training or consulting services.
  • Legal & Operational: Fulfill contractual obligations, process payments, and comply with applicable data protection laws.

4. Sharing & Third-Party Disclosures

We do not sell, rent, or trade your data. We only share information when necessary:

  • Service Providers: Cloud hosting (AWS/GCP/Azure), CDN tile delivery, email delivery, and payment processors. All bound by strict data processing agreements.
  • Legal Requirements: When compelled by court order, subpoena, or to protect the rights, property, or safety of GeoServer and its users.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, with prior notice and continued confidentiality obligations.
  • Aggregated/Anonymized Data: We may publish non-identifiable usage statistics for industry research or product roadmaps.

5. Data Security & Retention

Your data is protected through industry-standard safeguards:

  • AES-256 encryption at rest; TLS 1.3+ encryption in transit
  • Role-based access control (RBAC), multi-factor authentication (MFA), and regular penetration testing
  • Geographically isolated storage with automated backups and disaster recovery protocols

Retention: We retain account and billing data for the duration of your subscription plus 12 months for tax/legal compliance. Project data is retained until you delete it or cancel your account, after which we securely erase it within 30 days.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access, export, or update your personal information
  • Request deletion of your account and associated data
  • Opt out of non-essential analytics and marketing communications
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact our privacy team. We respond to legitimate requests within 30 business days.

7. Contact & Data Protection Officer

If you have questions about this policy, need a data export, or wish to exercise your privacy rights, please reach out:

Email

privacy@geoserver.io

Mailing Address

GeoServer Inc.
1200 Spatial Way, Suite 400
San Francisco, CA 94105

Support Portal

support.geoserver.io