Privacy Policy

Last Updated: November 1, 2025

1. Introduction

GeoServer ("we", "us", or "our") is committed to protecting your privacy and handling your personal information openly and transparently. This Privacy Policy explains how we collect, use, process, and safeguard your data when you use our geospatial mapping platform, APIs, dashboards, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our platform immediately.

2. Information We Collect

We collect information to provide, maintain, and improve our geospatial infrastructure. The types of data we collect include:

2.1 Information You Provide

  • Account Data: Name, email address, organization, password, and billing details when you register or upgrade.
  • Communication Data: Messages sent to support, sales, or via feedback forms.
  • Geospatial Data: Maps, layers, coordinates, metadata, and custom datasets you upload or configure within our platform.

2.2 Automatically Collected Information

  • Usage Data: API requests, map renders, layer queries, session duration, and feature interactions.
  • Device & Log Data: IP address, browser type, operating system, device identifiers, and crash/referer logs.
  • Location Data: Approximate geographic location derived from IP address or explicitly shared via enabled features.

3. How We Use Your Information

We use the collected information to:

  • Operate, secure, and optimize our geospatial rendering engines and cloud infrastructure.
  • Process transactions, manage subscriptions, and send administrative communications.
  • Deliver personalized map experiences, analytics, and performance insights.
  • Comply with legal obligations, enforce terms of service, and prevent fraud or abuse.
  • Develop new features, conduct research, and improve platform stability.

4. Sharing & Disclosure

We do not sell your personal information. We may share data only in the following circumstances:

  • Service Providers: Trusted third parties assisting with hosting, analytics, payment processing, and customer support, bound by strict data processing agreements.
  • Legal Requirements: When required by law, regulation, or legitimate legal process (e.g., court order, government request).
  • Business Transfers: In connection with a merger, acquisition, or asset sale, with notice to affected users.
  • With Your Consent: When you explicitly authorize sharing, such as exporting data to third-party mapping tools.

5. Security & Data Retention

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS 1.3+) and at rest (AES-256), regular security audits, access controls, and network isolation. While we strive to protect your information, no online service is 100% secure, and we cannot guarantee absolute security.

We retain your data only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and jurisdiction. You may request deletion at any time where permitted by law.

6. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access, correct, or update your account information.
  • Request deletion or anonymization of your data.
  • Opt out of marketing communications via unsubscribe links.
  • Export your data in a machine-readable format.
  • Lodge a complaint with a supervisory authority.
Note: Exercising certain rights may impact your ability to use specific features of our Services. We will respond to valid requests within 30 days. Verify your identity to protect your privacy.

7. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to maintain session state, remember preferences, analyze platform performance, and deliver relevant content. You can manage cookie preferences through your browser settings or our in-platform cookie consent manager. Disabling essential cookies may limit functionality.

8. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete it promptly.

9. Updates to This Policy

We may revise this Privacy Policy to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated via email, platform notice, or prominent website banner. Continued use after updates constitutes acceptance.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

GeoServer Privacy Team
Email: privacy@geoserver.io
Address: 1200 Geospatial Way, Suite 400, San Francisco, CA 94105, USA
Data Protection Officer: dpo@geoserver.io

Thank you for trusting GeoServer with your geospatial data.