Privacy Policy

GEOINFER SL (hereinafter, "GEOINFER", "we", or "the Company") is responsible for processing the personal data of users of our website geoinfer.com and our services.

This Privacy Policy aims to inform you about the processing of your personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data (GDPR), and Spanish Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDGDD).

Data Controller

Personal Data We Collect

2.1 Data provided directly by the user

• Registration data: Name, surname, email address, password (encrypted), company, job title.
• Payment data: Credit/debit card or payment method information (processed by third parties: Stripe).
• Contact data: Name, email, phone, message (contact form).
• Profile data: Photo, biography, usage preferences, platform settings.

2.2 Automatically collected data

• Navigation data: IP address, browser type, operating system, pages visited, session duration, traffic source.
• Cookies and similar technologies: Device identifiers, user preferences, session tokens. See our Cookie Policy for more information.
• Service usage data: Uploaded images, queries made, results obtained, API usage, usage statistics.
• Performance data: Technical information about our services' operation, system logs.

2.3 Images and visual content

• User-uploaded images: Images you upload to our platform for geolocation analysis are processed by our AI systems.
  • Temporary storage: Images are processed and may be temporarily stored to provide the service.
  • Automated analysis: Images are analyzed using computer vision algorithms and AI models.
  • Not shared with third parties: Images are not sold or shared with third parties without your explicit consent.
  • Service improvement: With your consent, images may be used anonymously to train and improve our AI models.

Purposes and Legal Bases of Processing

Data Recipients

Your personal data may be communicated to:

4.1 Service providers (data processors)

• Hosting services: Servers in the EU and EEA where our systems are hosted.
• Cloud services: AWS, Google Cloud Platform (depending on contracted plan).
• Payment processors: Stripe (for card payments).
• Email services: SendGrid, Amazon SES (for transactional and newsletter emails).
• Analytics tools: Google Analytics, Plausible Analytics (with anonymized IPs).
• Technical support: Zendesk, Intercom (for ticket and chat management).

All our providers comply with GDPR and/or have adequate safeguards for international transfers (standard contractual clauses, Privacy Shield, etc.).

4.2 Public authorities

When legally required, your data may be communicated to:

• Law enforcement agencies.
• Judicial and administrative authorities.
• Spanish Data Protection Agency (AEPD).
• Tax Administration.

4.3 Third parties with your consent

With your explicit consent, your data may be shared with third parties for:

• Collaborations with research institutions (anonymized data).
• Integrations with third-party services (APIs, business integrations).

International Transfers

Some of our service providers may be located outside the European Economic Area (EEA). In these cases, we ensure the protection of your data through:

• European Commission's standard contractual clauses.
• Adequacy decisions adopted by the European Commission.
• Compliance certifications (e.g., Privacy Shield, though with due precautions after Schrems II ruling).

You can request more information about specific safeguards adopted by contacting our DPO.

Data Subject Rights

You have the right to:

6.1 Right of access

Obtain information about what personal data we are processing.

6.2 Right of rectification

Request correction of inaccurate or incomplete data.

6.3 Right of erasure ("right to be forgotten")

Request deletion of your data when no longer necessary for the purposes for which they were collected.

6.4 Right to restriction of processing

Request suspension of processing under certain circumstances.

6.5 Right to object

Object to the processing of your data, especially for direct marketing purposes.

6.6 Right to data portability

Receive your data in a structured, commonly used, and machine-readable format, and transmit them to another controller.

6.7 Right not to be subject to automated decisions

Right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

6.8 Right to withdraw consent

When processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

6.9 Right to lodge a complaint

You may lodge a complaint with the Spanish Data Protection Agency (AEPD):

• Website: https://www.aepd.es
• Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
• Phone: +34 901 100 099

Exercise of rights

To exercise your rights, you can contact:

• Email: dpo@geoinfer.com
• Postal address: Verada de las Lomadas 163, San Andrés y Sauces 38729, Santa Cruz de Tenerife, Spain

You must accompany your request with a copy of your ID or equivalent document. We will respond to your request within a maximum period of 1 month from receipt.

Security Measures

GEOINFER has adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Data encryption: HTTPS/TLS connections, password encryption with bcrypt/Argon2, encryption of sensitive data at rest.
• Access control: Multi-factor authentication (MFA), role-based access management (RBAC).
• Audits and logs: Access logging, security monitoring, periodic audits.
• Backups: Encrypted backups and redundant storage.
• Staff training: Training in data protection and information security.
• Incident response policy: Procedures to detect, report, and respond to security breaches.

In case of a data security breach that may pose a high risk to your rights and freedoms, we will notify you without undue delay and, when legally required, also communicate it to the data protection authority.

Data Retention

Your personal data will be retained for the time necessary to fulfill the purposes for which they were collected, and subsequently:

• Billing and payment data: 6 years (General Tax Law).
• Contract and commercial relationship data: Duration of relationship + 5 years (statute of limitations for legal actions).
• Newsletter data: Until you withdraw your consent.
• Images uploaded for analysis:
  • With consent for service improvement: Anonymized and indefinitely for AI training.
  • Without consent: Deleted after providing the service (maximum 30 days).
• Technical logs: 12 months (security and debugging).

Once retention periods have expired, we will proceed with secure deletion of your data.

Minors

Our services are not directed at children under 16 years of age. If you are under 16, do not use our services or provide us with personal data.

If GEOINFER detects that it has collected data from a child under 16 without verifiable parental consent, it will delete such data without undue delay.

Parents or legal guardians who detect that their children have provided us with personal data without their consent should contact us immediately to proceed with deletion.

Changes to the Privacy Policy

GEOINFER reserves the right to modify this Privacy Policy to adapt it to legislative or jurisprudential developments, or changes in our services.

Modifications will be effective from their publication on the website. If changes are substantial, we will notify you in advance by email or through a prominent notice on the platform.

We recommend periodically reviewing this Privacy Policy.

Contact

For any inquiries related to this Privacy Policy or the processing of your personal data, you can contact:

GEOINFER SL © 2026 All rights reserved