Data Protection / GDPR Compliance

Our commitment to data protection

The General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation came into effect from May 25th, 2018.

As an EU business, founded and run by EU (German) citizens, but also as people who value privacy, we are fully committed to being compliant with GDPR and all data protection best practices.

This page lays out our commitment to data protection and makes transparent what data we store about our users.

Have questions?

Should you have any questions about this topic feel free to write to write to us at dataprotection@opencagedata.com or via our contact form.

What data do we collect?

On our website:

Our website (as opposed to our geocoding API) is hosted by Heroku, a division of SalesForce, in Europe.

On our website we use Fathom Analytics to help us understand, in anonymized form, how the site is being used. Fathom does not track or store any personal data. Fathom data policy.

To display maps on our demo page (and in the map view of our API results) we use Thunderforest. Please see Thunderforest's privacy policy.

For speed we host some static content on jsDelivr's Content Delivery Network (CDN). Please see jsDelivr's privacy policy.

When registering for our free trial tier, you need to provide us with an email address. We then confirm that the address works by emailing you a confirmation link. We need an email address so we can contact you regarding any changes to our service or, for example, to this privacy policy. We send the email to you via the email delivery service Postmark, which is operated by Wildbit LLC. Wildbit's privacy policy.

We store the IP address you used when you register. We do this so we can detect when people try to abuse the service by registering for multiple accounts.

In addition, at the time of registration we ask for (but do not require) a few other bits of information like name, how you found out about our service, and which programming languages you use. We ask these questions so we can better help you get started with using our service. You answers are stored in a database within Heroku and accessible to our employees. You can see the information you provided us with on your account dashboard.

Our user database is encrypted and regularly backed up to rsync.net in Switzerland. Rsync has no ability to unencrypt this information.

Registering for a free trial requires acceptance of our publicly available terms and conditions.

Via our API:

Our API servers are leased from hosting service Hetzner and physically in the EU (in Germany, specifically). When you send us an API request we send you a response and then log the query. We later analyze the logs to see how we can improve our service. All logs are deleted after six months.

While you should only ever be sending us geographic data and NOT personal data, if you use the optional no_record parameter we will not store your query in our logs. In this case we have no record of what the query was. We encourage you to use this parameter.

Customer/Financial transaction information:

If you become a paying customer (as opposed to just using our free trial) you will need to provide us and our payment partners (Stripe for the billing, Quaderno for the invoicing) with valid billing information. We will be able to see your name, billing address, email address, and VAT number (if you have provided one). We are not able to see your credit card number, only Stripe has access to that.

As you would expect of any business, we of course share transaction data with our accountants and with the relevant UK tax authorities when we pay VAT and file our annual tax return.

In addition, we use the business analytics service Baremetrics for internal business analysis. They also have details of customer purchasing history.

Data Processing Agreement

Becoming a customer of our service implies acceptance of our Data Processing Agreement, unless otherwise explicitly agreed with us in writing.

Data deletion

Any user (paid or free-trial) can request to have their account deleted at any time, this can be done inside your account dashboard or by contacting us.

Free trial accounts that have not been active (defined as having made at least one API request or logged into their account dashboard) for six months are deleted automatically.

For paying customers we of course have to keep records of all completed transactions for tax purposes.

What about Brexit?

While OpenCage Data Ltd is a UK business (UK Company No. 09485974), please rest assured that we have no plans to change our focus on privacy anytime before or after the UK's departure from the EU - in whatever form that departure may take place.

Our servers will continue to be hosted in the EU and we will follow all EU data protection guidelines and best practices.

We are currently exploring if it makes sense to create an EU-registered subsidiary or indeed even to move the entire business. If we deem that necessary then the legal partner you transact with may change, but we will not change our approach to privacy or data protection.

We look forward to continuing to serve customers from all over the world.

Stay informed

Meaningful changes to this document will be announced on our twitter account and our blog.
Start your free trial

2,500 API requests per day.

No credit card required.