Privacy Policy

Last updated: June 24, 2026 | Effective: June 24, 2026 | Data Protection

GeoAnomaly ("we", "our", "us") is operated by GeoAnomaly.com, United States. This Privacy Policy explains how we collect, use, and protect your personal data when you use our satellite anomaly detection service at geoanomaly.com.

1. Data Controller

GeoAnomaly.com
United States
Email: privacy@geoanomaly.com
Support: support@geoanomaly.com

2. Data We Collect

2.1 Account Data

Full name and email address (provided during registration)
Encrypted password (we never store plain-text passwords)
Account creation date and last login time
Preferred language and interface settings

2.2 Usage Data

Geographic coordinates you search or analyze
Saved locations and associated notes
Analysis results and anomaly detection history
Session duration and feature usage patterns

2.3 Technical Data

IP address and approximate geographic location
Browser type, version and operating system
Device screen resolution and timezone
Device fingerprint hash (anonymized identifier)
Referral source (e.g., YouTube)

2.4 Communication Data

Email correspondence with our support team
Reviews and feedback you voluntarily submit

3. How We Use Your Data

Service delivery: To provide satellite analysis, save your locations and preferences
Account management: Registration, authentication, password reset
Security: Fraud prevention, abuse detection, unauthorized access prevention
Communications: Service emails, security alerts, product updates (you may opt out)
Service improvement: Anonymized usage analytics to improve detection algorithms
Legal compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing (GDPR)

Contract performance: Processing necessary to provide the service you requested
Legitimate interests: Security, fraud prevention, service improvement
Legal obligation: Compliance with applicable law (Data Protection) and EU GDPR
Consent: Marketing communications (you may withdraw at any time)

5. Data Sharing

⚠️ We do not sell, rent, or trade your personal data to any third party.

We may share data only in the following limited circumstances:

Service providers: Hosting (Hostinger VPS), email delivery infrastructure — bound by data processing agreements
Satellite data providers: Your coordinates are sent to Google Maps API, NASA Earthdata, ESA Copernicus solely to retrieve satellite imagery. These providers have their own privacy policies.
Legal requirements: If required by competent courts, law enforcement, or regulatory authorities
Business transfer: In the event of a merger or acquisition, with advance notice to you

6. Data Retention

Active account data: Retained while your account is active
Inactive accounts: Deleted after 24 months of inactivity
Session logs: 90 days
Security/fraud logs: 12 months
Financial records: 10 years (legal requirement)
Deleted accounts: Anonymized within 30 days of deletion request

7. Your Rights

Under GDPR and Data Protection, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Portability: Receive your data in machine-readable format
Restriction: Limit how we process your data
Objection: Object to processing based on legitimate interests
Withdraw consent: For marketing communications at any time

To exercise these rights, email privacy@geoanomaly.com. We respond within 30 days.

8. Cookies & Tracking

Essential cookies: Authentication tokens, session management (required)
Functional cookies: Language preferences, UI settings
No advertising cookies: We do not use advertising or tracking cookies
No third-party trackers: No Google Analytics, Facebook Pixel or similar

9. Security Measures

All data transmitted via HTTPS/TLS encryption
Passwords hashed using bcrypt (industry standard)
JWT tokens with 30-day expiry and server-side session validation
Device fingerprinting for unauthorized access prevention
Regular security audits and vulnerability assessments
Access limited to authorized personnel only

10. International Data Transfers

Our servers are located in the European Union (Hostinger, Netherlands). Satellite imagery requests may be processed by Google (US), NASA (US), and ESA (EU). These transfers are covered by appropriate safeguards including Standard Contractual Clauses.

11. Children's Privacy

GeoAnomaly is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us immediately.

12. Changes to This Policy

We may update this policy periodically. Material changes will be notified by email and/or prominent notice on our website at least 14 days before taking effect. Continued use constitutes acceptance.

13. Contact & Complaints

For privacy concerns: privacy@geoanomaly.com

You may also lodge a complaint with your local data protection authority. In your national Data Protection Authority.