Our commitment to data protection
BackgroundThe General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation came into effect from May 25th, 2018. As an EU business, founded and run by EU (German) citizens, but also as people who value privacy, we are fully committed to being compliant with GDPR and all data protection best practices. This page lays out our commitment to data protection and makes transparent what data we store about our users.
Should you have any questions about this topic feel free to write to write to us at dataprotection @ opencagedata.com or via our contact form.
What data do we collect?
On our website:
Our website (as opposed to our geocoding API) is hosted by Heroku, a division of SalesForce, in Europe.
On our website we use Fathom Analytics to help us understand, in anonymized form, how the site is being used. Fathom does not track or store any personal data, and we have set our account such that all data the collect stay entirely in the EU. Please see the Fathom data policy. We're delighted by Fathom's privacy focus, and are happy to recommend the service to others. If you too would like to try out Fathom, here's an affiliate link for $10 off.
We store the IP address you used when you register. We do this so we can detect when people try to abuse the service by registering for multiple accounts.
In addition, at the time of registration we ask for (but do not require) a few other bits of information like name, how you found out about our service, and which programming languages you use. We ask these questions so we can better help you get started with using our service. You answers are stored in a database within Heroku and accessible to our employees. You can see the information you provided us with on your account dashboard.
Our user database is encrypted and regularly backed up to rsync.net in Switzerland. Rsync has no ability to unencrypt this information.
Registering for our services requires acceptance of our publicly available terms and conditions.
Our status page is hosted by Instatus.
When launching new services we may ask if you wish to join an early access list. We collect emails for such lists using forms hosted by Reform.
Via our API:
Our geocoding API servers are leased from hosting service Hetzner, and physically at multiple locations in the EU (in Germany and Finland, specifically). All of Hetzner's datacenters are certified in accordance with DIN ISO/IEC 27001, an internationally recognized standard for information security. Please see the Hetzner statement on security and privacy (pdf).
When you send us a geocoding API request we send you a response and then log the query. We later analyze the logs to see how we can improve our service. All logs are deleted after six months.
While you should only ever be sending us
geographic data and NOT personal data, if you use
when calling the geocoding API, we will not store your query in our logs.
In this case we have no record of what the query was. We encourage you
to use this parameter.
Customer/Financial transaction information:
If you become a paying customer (as opposed to just using our free trial) you will need to provide us and our payment partners (Stripe for the billing, Quaderno for the invoicing) with valid billing information. We will be able to see your name, billing address, email address, and VAT number (if you have provided one). We are not able to see your credit card number, only Stripe has access to that. Once you are no longer a customer you can, with a single click in your account dashboard, delete your billing information.
As you would expect of any business, we of course share transaction data with our accountants and with the relevant tax authorities when we pay VAT and file our annual tax return.
In addition, we use the business analytics service Baremetrics for internal business analysis. They also have details of customer purchasing history.
Data Processing Agreement
Becoming a customer of our service implies acceptance of our Data Processing Agreement, unless otherwise explicitly agreed with us in writing.
Any user (paid or free trial) can request to have their account deleted at any time, this can be done inside your account dashboard or by contacting us.
Geocoding free trial accounts that have not been active (defined as having made at least one API request or logged into their account dashboard) for six months are deleted automatically.
For paying customers we of course have to keep records of all completed transactions for tax purposes.
This document was edited on:
|13 Sep 2022||Add that servers are within the EU but not only Germany. There are servers in Finland.|
|13 Nov 2021||Note that our Fathom Analytics account is now set such that all data is collected and stays within the EU.|
|16 Oct 2021||Our legal headquarters has moved to Hannover: blog post|
|15 Sept 2021||Added mention of using Reform for early access lists.|
|23 Jan 2021||Remove reference to map view as it was turned off in Sept. 2020|
|15 Dec 2020||Make it clear card details can be deleted once no longer a customer|
|2 June 2020||Minor design tweak, added mention of CAPTCHAs in sign up process|
|30 April 2020||Added link to our security bounty program|
|1 Oct 2019||Added link to Hetzner's security certification|
|12 July 2019||Service is now operated by OpenCage GmbH, Brexit section removed|
|29 May 2019||Added link to blog post with details of transition of operations to OpenCage GmbH|
|11 April 2019||OpenCage Data Ltd is now 100% subsidiary of OpenCage GmbH|
We make every effort to keep your data secure. If you find a vulnerability please report it to security @ opencagedata.com, we will follow up with you promptly. You can find our public key on our security.txt. Thank you.
We welcome vulnerability reports via our security bounty program.
Meaningful changes to this document will be announced on our Mastodon account and our blog.
2,500 geocoding API requests per day.
No credit card required.