Sharing & Disclosure Policy
Our commitment to transparency, responsible data sharing, and clear disclosure practices across all GeoServer platforms and services.
Last Updated: October 24, 20251. Overview & Commitment
At GeoServer, we believe that geospatial data drives innovation, sustainability, and informed decision-making. This policy outlines how we handle data sharing, third-party disclosures, open data initiatives, and user transparency. Our practices align with international standards for spatial data infrastructure (SDI), including OGC specifications, GDPR, CCPA, and ISO 19100 series guidelines.
Core Principle: Data is a shared resource. We prioritize user consent, legal compliance, and ethical disclosure in every interaction, integration, and deployment.
2. Data Sharing Principles
- Explicit Consent: We only share or process geospatial and user data when explicitly authorized by the account holder or through contractual agreements.
- Minimal Exposure: Shared datasets are scoped to the minimum necessary fields, geometries, and metadata required for the intended use case.
- Encryption & Access Controls: All data in transit and at rest is encrypted (TLS 1.3+, AES-256). Role-based access control (RBAC) governs who can view, modify, or share layers.
- Third-Party Integrations: Partners and SDKs receive only tokenized, auditable access. No raw PII or sensitive coordinate data is exposed without explicit workflow approval.
3. Third-Party & Vendor Disclosures
We partner with specialized vendors to enhance mapping, analytics, and cloud infrastructure. Below is a transparent disclosure of our primary integrations and data handling practices:
| Service / Vendor | Purpose | Data Shared | Retention |
|---|---|---|---|
| Cloud Compute Provider (AWS/GCP) | Infrastructure & Scaling | Aggregated usage metrics, non-personal logs | 90 days (auto-purged) |
| Map Tile & Basemap Providers | Geospatial Context & Rendering | Viewports, zoom levels, tile requests | Session-only (not stored) |
| Analytics & Telemetry SDKs | Performance Monitoring | Anonymous crash reports, load times | 12 months (aggregated) |
| Compliance & Audit Partners | Security & Regulatory Verification | Access logs, encryption keys (escrowed) | As required by law/contract |
4. Open Data & Public Disclosures
GeoServer actively supports open geospatial standards and public data initiatives. We commit to:
- Publishing quarterly transparency reports detailing data requests, incident disclosures, and infrastructure uptime.
- Providing read-only access to select public datasets under OGC-compliant WMS/WFS endpoints.
- Maintaining a public changelog for all API modifications, deprecations, and schema updates.
- Encouraging community-driven metadata standards aligned with ISO 19115/19139.
Note on Public Datasets: Any dataset marked "Public" or "Open" on our platform is intentionally exposed for global access. Users uploading sensitive or proprietary data should explicitly configure sharing permissions to "Private" or "Invite-Only".
5. Legal, Compliance & User Rights
Our sharing and disclosure practices comply with applicable regulations including but not limited to GDPR, CCPA, HIPAA (for health-adjacent spatial data), and local geospatial sovereignty laws. You retain the right to:
- Export your data in standard formats (GeoJSON, GeoPackage, Shapefile, KML)
- Request deletion of personal identifiers and associated metadata
- Audit sharing permissions and revoke third-party tokens at any time
- Opt out of non-essential telemetry and analytics tracking
Questions About Data Sharing?
Our Transparency & Compliance team is available to review your data workflows, answer policy questions, or assist with audit requirements.
Contact Disclosure Team