Privacy Policy
Effective date: March 16, 2025
1. Introduction
GeoStratyx ("we", "us", or "our") operates the GeoStratyx geosciences field platform, available as a web application and mobile app (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to this policy.
2. Information We Collect
Account Information
When you register we collect your name, email address, and a hashed password. If you are added to an organization by an administrator we collect the same information when you accept the invitation.
Location / GPS Data
The Service is built around field geology. When you log an observation, check in on a project, or use the Lone Worker Safety Timer, we collect GPS coordinates from your device. Location access is requested explicitly and can be denied at any time in your device settings. We do not collect background location when the app is closed.
Field Data
We store the geological data you create: observations, rock samples, seismic profiles, stratigraphic columns, hazard zones, field photos, drone imagery, and any notes or measurements you enter.
Photos and Files
Photos you attach to observations and drone imagery you upload are stored in secure cloud object storage (DigitalOcean Spaces). Access is restricted to members of your organization.
Billing Information
Subscription payments are processed by Stripe. We do not store credit card numbers or full payment details. We receive and store your Stripe customer ID, subscription tier, and billing status.
Usage and Device Information
We may collect basic technical information such as browser type, device model, operating system version, and IP address for security and troubleshooting purposes. We do not use third-party advertising analytics or sell this data.
Offline Data
When you use the app offline, observations are temporarily stored in your device's local storage (IndexedDB). This data is transmitted to our servers automatically when connectivity is restored and is not shared with any third party.
3. How We Use Your Information
- To provide and operate the Service
- To authenticate you and secure your account
- To display your field data on maps and in reports
- To enable real-time team location sharing within your project (with your consent)
- To send transactional emails (account verification, password reset, invitations)
- To process subscription payments via Stripe
- To detect and investigate security incidents via audit logs
- To improve the Service based on aggregate, anonymised usage patterns
We do not sell, rent, or share your personal information or field data with third parties for marketing purposes.
4. Location Data — Additional Detail
Location data is central to the purpose of GeoStratyx. Specifically:
- Observation logging: coordinates are attached to each geological observation you create and stored with that record.
- Live team positions: if enabled on a project, your current location is broadcast in real time to other members of the same project via Firebase. You can leave a project at any time to stop sharing.
- Lone Worker Safety Timer: your last known location may be shown to designated contacts if you do not check in within the configured interval.
- Weather: the Field Safety screen requests your location to display local weather. This request is made to a weather API and your coordinates are not stored.
Location is only accessed while the app is in use (foreground). We do not collect location in the background.
5. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on Neon (cloud-managed), with file assets on DigitalOcean Spaces. All data in transit is encrypted using TLS. We apply organization-level data isolation so that users of one organization cannot access data belonging to another.
We retain your data for as long as your account is active. If you delete your account your personal data will be removed within 30 days. Field data associated with an organization will be retained until the organization owner requests deletion.
6. Third-Party Services
We use the following third-party services to operate the platform:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing details |
| Firebase (Google) | Real-time team locations | Location while project is open |
| Mapbox | Interactive maps | Map tile requests (no PII) |
| SendGrid | Transactional email | Email address |
| Neon | Database hosting | All structured data |
| DigitalOcean Spaces | File/photo storage | Uploaded files |
| Anthropic Claude | AI rock identification | Photo submitted for analysis |
| Vercel | Web hosting & CDN | Request logs (IP, user agent) |
Each provider operates under their own privacy policy. We encourage you to review them.
7. Your Rights
Depending on your jurisdiction you may have the right to:
- Access a copy of the personal data we hold about you
- Correct inaccurate personal data
- Request deletion of your personal data ("right to be forgotten")
- Object to or restrict certain processing
- Data portability — receive your field data in a machine-readable format
To exercise any of these rights, email us at privacy@geostratyx.com and we will respond within 30 days.
8. Children's Privacy
The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email and update the effective date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.
10. Contact
If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us:
GeoStratyx
Email: privacy@geostratyx.com