Our commitment to data protectionThe General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation came into effect from May 25th, 2018. As an EU business, founded and run by EU (German) citizens, but also as people who value privacy, we are fully committed to being compliant with GDPR and all data protection best practices. This page lays out our commitment to data protection and makes transparent what data we store about our users.
Have questions?Should you have any questions about this topic feel free to write to write to us at email@example.com or via our contact form.
What data do we collect?
Via our API:Our API servers are leased from hosting service Hetzner, and physically in the EU (in Germany, specifically). All of Hetzner's datacenters are certified in accordance with DIN ISO/IEC 27001, an internationally recognized standard for information security. When you send us an API request we send you a response and then log the query. We later analyze the logs to see how we can improve our service. All logs are deleted after six months. While you should only ever be sending us geographic data and NOT personal data, if you use the optional
no_recordparameter we will not store your query in our logs. In this case we have no record of what the query was. We encourage you to use this parameter.
Customer/Financial transaction information:If you become a paying customer (as opposed to just using our free trial) you will need to provide us and our payment partners (Stripe for the billing, Quaderno for the invoicing) with valid billing information. We will be able to see your name, billing address, email address, and VAT number (if you have provided one). We are not able to see your credit card number, only Stripe has access to that. As you would expect of any business, we of course share transaction data with our accountants and with the relevant tax authorities when we pay VAT and file our annual tax return. In addition, we use the business analytics service Baremetrics for internal business analysis. They also have details of customer purchasing history.
Data Processing AgreementBecoming a customer of our service implies acceptance of our Data Processing Agreement, unless otherwise explicitly agreed with us in writing.
Data deletionAny user (paid or free-trial) can request to have their account deleted at any time, this can be done inside your account dashboard or by contacting us. Free trial accounts that have not been active (defined as having made at least one API request or logged into their account dashboard) for six months are deleted automatically. For paying customers we of course have to keep records of all completed transactions for tax purposes.
This document was edited on:
|1 Oct 2019||Added link to Hetzner's security certification|
|12 July 2019||Service is now operated by OpenCage GmbH, Brexit section removed|
|29 May 2019||added link to blog post with details of transition of operations to OpenCage GmbH|
|11 April 2019||OpenCage Data Ltd is now 100% subsidiary of OpenCage GmbH|