Legal

Privacy Policy

Effective 2026-04-22 (entity name updated 2026-05-08). GeoClear is operated by GeoClear, Inc., a Virginia corporation. GeoClear provides operational evidence, verification, and evidence-bundle services for AI actions, agent workflows, tool calls, and related enterprise workflows. We collect only what is required to operate, secure, improve, and support the service, and we never sell personal information.

1. Information we collect

When you use GeoClear (operated by GeoClear, Inc.), depending on the customer workflow and deployment model, we may collect:

2. How we use information

3. What we do NOT do

3a. Customer trust boundary (design posture)

GeoClear is designed to support customer-held evidence and minimized-data workflows. Raw mission or enterprise data does not need to leave the customer boundary by default when a customer uses evidence commitments, policy results, and retained verification material. This is a design posture; specific behavior depends on the customer’s configuration and deployment model.

4. Data retention

Account and contact data: retained while the account is active and for 7 years after closure (tax/financial records). Service logs: 90 days rolling. Billing records: 7 years. Evidence bundles can be customer-held; GeoClear retention of evidence-related artifacts depends on the customer’s deployment model and configuration. You may request earlier deletion at any time, subject to applicable record-keeping obligations.

5. Sub-processors

We use Amazon Web Services (cloud hosting and data storage), Stripe (payment processing), Resend and SendGrid (transactional email), Sentry and Axiom (observability and security monitoring), and Upstash (cache/queue). Each is contractually bound to the same data-protection standards required of GeoClear.

6. California residents, CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights regarding your personal information. You have the right to:

To exercise any of these rights, email privacy@geoclear.io from the email on your account, or provide equivalent verification. We will respond within 45 days (extendable to 90 days for complex requests with notice). You may also designate an authorized agent to submit requests on your behalf; we will verify the agent's authorization.

7. EU / UK residents, GDPR

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the rights under GDPR / UK GDPR to: access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection. GeoClear is the data controller for your account data and a data processor for personal data you submit through our API. Our lawful basis for processing is the performance of our contract with you (service delivery) and legitimate interests (abuse prevention, service reliability). International transfers rely on Standard Contractual Clauses (SCCs).

To exercise your rights or lodge a complaint with your local supervisory authority, contact privacy@geoclear.io. We respond within 30 days.

8. Data Processing Addendum (DPA) for business customers

If you are processing personal data through the Service on behalf of your end users and need a DPA for GDPR Article 28 or CCPA Service Provider requirements, email legal@geoclear.io to request one. Our DPA incorporates the European Commission's Standard Contractual Clauses (2021/914) for international transfers and designates GeoClear as a Processor / Service Provider with appropriate technical and organizational measures.

9. Children

The GeoClear Service is a B2B API intended for businesses and developers. It is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.

10. Security

All traffic is TLS-encrypted. API credentials are protected using one-way cryptographic controls and are not stored in plaintext. Database access uses IAM-scoped short-lived credentials (no static passwords). See Security & Trust for details.

11. Web analytics

We use Google Analytics 4 (GA4) on geoclear.io to measure aggregate site usage, pageviews, demo starts, content downloads, and conversion events. The following discipline applies and is enforced in code:

12. Changes to this policy

We will post any material changes at geoclear.io/privacy with 30 days' advance notice to the email on record. The "Last updated" date at the bottom of this page reflects the current effective version. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

Privacy questions or rights requests: privacy@geoclear.io. Legal matters: legal@geoclear.io. Security reports: security@geoclear.io.

Data controller: GeoClear, Inc., Commonwealth of Virginia, United States.

Last updated: 2026-05-08 · positioning-language cleanup 2026-05-31; substantive legal review pending