Privacy Policy

Effective date: 2 October 2025

Who we are: GeoClue is a trading name of LUX GLOBAL LTD (“LUX GLOBAL”, “we”, “us”, “our”).
Registered office: 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom
Contact: geoclue@lux.re

GeoClue provides location-based services and tools to help users access accurate geolocation data and integrations. This Privacy Policy explains what data we collect, how we use it, and your choices.

1) Data Controller & Scope

For users in the UK/EU, LUX GLOBAL LTD is the data controller for personal data processed in connection with GeoClue. This Policy covers our website, web app, mobile apps, and related services (the “Service”). If you access third-party services (e.g., payment providers), their privacy policies also apply.

2) Data we collect

2.1 Data you provide

  • Account & profile: email, name, password (hashed), organisation, role, preferred language and notification settings.
  • Service usage content: location requests, queries, integration configurations, logs of API usage, and optional notes you create.
  • Support & surveys: messages you send us, feedback forms, bug reports.
  • Billing: subscription plan, invoices, tax/VAT details. We do not store full card numbers; payments are handled by our processor.

2.2 Data we create or collect automatically

  • Derived service data: usage metrics, geolocation query counts, request/response timings, and other performance data generated from your interactions.
  • Usage & device: IP address, device/browser type, app version, referral source, feature usage events, timestamps, and diagnostic logs.
  • Cookies & local storage: essential cookies to keep you signed in and secure; preference cookies (e.g., language, UI mode); privacy-respecting analytics where used (see §7).

2.3 Data from others

  • Invitations: if someone invites you to a team or shared account, we receive your email/name from that inviter.
  • Service providers: hosting, analytics, email, payment, and geolocation vendors may produce operational logs tied to your use.

We do not intentionally collect special category data (e.g., health, religion) or data about criminal convictions. Please avoid sharing sensitive data in your inputs.

3) How we use your data (purposes & legal bases)

  • Provide and operate the Service (Contract): authenticate you; process and respond to location queries; store configuration data; maintain account history; provide team access (if applicable).
  • Location/AI processing (Contract/Legitimate interests): process geolocation requests; optimise service accuracy and performance; detect abuse (e.g., fraudulent use). You remain responsible for how you apply results.
  • Billing & administration (Contract/Legal obligation): manage subscriptions, process payments and taxes, send transactional emails.
  • Product improvement & reliability (Legitimate interests): debug issues, monitor performance, run privacy-respecting analytics and experiments to improve accuracy and UX.
  • Communications (Consent/Legitimate interests): send onboarding tips and product updates; you can opt out of non-essential messages.
  • Legal & compliance (Legal obligation/Legitimate interests): comply with law, enforce our Terms, and protect rights, safety, and security.

4) AI & location features — important information

GeoClue may use third-party geolocation and AI-powered inference services under data-processing agreements. Outputs may be inaccurate or incomplete; use professional judgment before relying on them.

We do not permit providers to use your content to train public models; limited use to operate, secure, or improve the Service for you may apply under our processor contracts. Where available, you may request opt-out from model improvement that uses your content (anonymised/aggregated metrics may still be retained).

5) Cookies & analytics

  • Essential cookies keep you signed in and secure the Service.
  • Preferences store settings such as language and theme.
  • Analytics (if enabled) help us understand feature usage (e.g., which APIs are most used) and improve reliability. Where required, we seek consent for non-essential cookies. You can control cookies via your browser.

6) Sharing your data

We share personal data only with:
- Service providers (processors): hosting, storage/CDN, email, logging/monitoring, analytics, payments, AI inference/geolocation providers—bound by contracts to act on our instructions and protect your data.
- Corporate & legal: where required by law, to protect rights/safety, or in connection with a corporate transaction (e.g., merger/acquisition) with appropriate safeguards.

We do not sell your personal data.

7) International transfers

Your data may be processed outside the UK/EU. When we transfer personal data internationally, we rely on lawful mechanisms such as adequacy decisions, Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement (IDTA), plus additional safeguards where appropriate.

8) Security

We implement technical and organisational measures appropriate to the risk, including TLS in transit, encryption at rest where applicable, role-based access controls, and restricted access to production systems. No system is perfectly secure; please use a strong, unique password and keep your credentials safe.

9) Data retention

We retain data only as long as needed for the purposes in this Policy:
- Account & subscription: for your subscription and up to 24 months after closure (longer where law requires).
- Service logs & configuration data: while your account is active; you can delete items; residual copies may persist in backups for a limited period (typically 30–35 days).
- Derived metrics: tied to your usage; removed when the source is deleted or after account closure (see above).
- Telemetry/logs: typically up to 180 days.
- Billing records: as required by law (usually 6–7 years).

We may retain aggregated or anonymised data that does not identify you.

10) Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent where processing is based on consent. To exercise rights, contact us at geoclue@lux.re. You also have the right to complain to a supervisory authority (UK: ICO). We aim to respond within statutory timelines.

11) Children

The Service is intended for users 18+. We do not knowingly collect data from children. If you believe a minor has provided personal data, please contact us and we will delete it.

12) Do Not Track & automated decisions

Browsers’ Do Not Track (DNT) signals are not currently acted upon by our Service. We do not make solely automated decisions that produce legal or similarly significant effects about you.

13) Changes to this Policy

We may update this Privacy Policy from time to time. If changes are material, we’ll notify you (e.g., by email or in-app). The “Effective date” above shows when this version took effect. Continued use after the effective date means you accept the revised Policy.

14) Contact

Questions or privacy requests:
- Email: geoclue@lux.re
- Post: LUX GLOBAL LTD (trading as GeoClue), 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom

Last updated: 2 October 2025