Geo
← Volver a todas las políticas

Aviso de Privacidad

v2.2 Vigente desde: 2026-06-15 ID de registro: pol_priv_22

1. Our privacy model in one line

Privacy by default, P2P by design: your raw location never leaves your device, public presence is aggregate-only (counts, not identities), and what an organization can see about you inside a Private Space is disclosed up front and never merged back into the public app.

2. Who is responsible for your data

  • Public app. There is no central server holding your public events or social graph; data lives on devices and propagates peer-to-peer. Geo operates only bootstrap nodes and an optional super-peer relay (for push and Private Spaces).
  • Private Spaces. The organization is the controller of the personal data it collects about its members within its space (alias, role, optional verified email, in-space activity). Geo operates the managed super-peer as a processor on the org's behalf and provides the moderation/compliance tooling.

3. What is processed, and where

Data Where it lives Visibility
Raw GPS / precise location On your device only Never transmitted off-device
Geofenced presence validation Derived on device; signed proof propagates Aggregate-only in public
Alias + device public key Gossiped to peers Public alias is not a legal identity
Public presence/attendance Peers / public topics Aggregate only (anti-stalking)
Private Space membership cert Issued by super-peer, held on device Org organizers/mods see identity
In-space arrival/departure, view-vs-attend Within the space namespace Members: aggregate · Org: as disclosed
Optional verified email (Private Spaces) Control plane Org + Geo-ops compliance
Consent records, policy acceptances Control plane Geo-ops (compliance)

4. The privacy hard wall (public ⇄ private)

Private-space identity, arrival/departure, and in-space relationships are never merged into the public reputation, presence, or co-attendance graph — and public anonymity rules never silently override what a space discloses. The two scopes are cryptographically and operationally separated. Org analytics are aggregates within a single space; Geo-ops moderation sees per-case identity only as needed to take an action, and that access is recorded in an immutable audit log.

5. How we use data

  • Operate the network (discovery, relay, push) and Private Spaces you join.
  • Validate that contributions are authentic (everything is cryptographically signed).
  • Keep the service safe: moderation, abuse-signal triage, and illegal-content handling on Geo-managed relays.
  • Meet legal obligations (records of consent, lawful requests, breach notifications).

We do not sell personal data, and we do not build advertising profiles.

6. Legal bases (where GDPR or similar law applies)

Performance of the contract (providing the service you joined), legitimate interests (network integrity, safety/moderation), consent (where required, e.g. optional email verification), and legal obligation (illegal-content reporting, lawful requests).

7. Retention

  • Public content has no central retention — it persists only as long as peers hold it.
  • Private Space operational data is retained per the space's configured retention window (set by the org; enforced by an automated per-space deletion job).
  • Compliance records (audit log, consent records, DSAR records) are retained as required for legal/accountability purposes even after a space is offboarded.

8. Your rights

With respect to personal data we hold about you in the control plane, you may request:

  • Access / confirmation that we process data about you, and a copy.
  • Rectification of inaccurate or incomplete data.
  • Erasure when no longer necessary, when consent is withdrawn, or when processing is unlawful — subject to legal-retention exceptions described in §7.
  • Restriction of processing while a dispute or verification is pending.
  • Portability in a structured, machine-readable format, and transmission to another controller where technically feasible.
  • Objection to processing based on legitimate interests, including direct marketing such as the waitlist.
  • Withdrawal of consent at any time, where processing is based on consent (waitlist marketing, optional email verification). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

We do not subject you to decisions based solely on automated processing that produce legal or similarly significant effects.

We verify your identity before fulfilling a request; erasure requires step-up authentication by the handling officer. Requests, verification, and outcomes are logged. We respond within the statutory window that applies to your jurisdiction (see §13) — by default within 30 days, extendable once where the request is complex.

To exercise a right, use the contact channel in §12. For data an organization controls inside its private space, the organization is the first point of contact.

9. Illegal content, law enforcement, transparency

  • CSAM and other illegal content is escalated through a restricted process with evidence preservation, chain-of-custody, and reporting to the appropriate authority.
  • Law-enforcement requests are logged and answered only to the extent legally required.
  • We maintain an internal transparency report (reports received, cases opened, actions taken, escalations, DSARs, LE requests).

10. Security

Cryptographic identities and signatures, per-member certificates with revocation, tenant isolation in the control plane, an append-only hash-chained audit log, rate limiting and security headers on admin surfaces, and signed inbound/outbound webhooks.

11. Children

Geo is not directed to children under the age of digital consent. CSAM is strictly prohibited and reported (see §9 and the Terms §7).

12. Changes and contact

We version this Notice (see README.md); material changes are published as a new version with an effective date and prompt re-acceptance. Contact for privacy questions and DSARs is published with the app and on our website's contact page.

13. Rights by jurisdiction

The rights in §8 apply globally as a matter of policy. Where local law grants you additional or specific rights, those apply on top. The supervisory authorities below are where you may lodge a complaint if you believe we have not met our obligations.

European Economic Area (EU/EEA) — GDPR

Regulation (EU) 2016/679 (the General Data Protection Regulation). Your rights are as enumerated in §8 (Articles 15–22, plus Article 7(3) for withdrawal of consent). You have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement (Article 77). Find your national authority at the European Data Protection Board (EDPB).

Where we are not established in the EU, we maintain a representative under Article 27; their contact details are published on our website's contact page.

United Kingdom — UK GDPR + Data Protection Act 2018

The same rights as under the EU GDPR apply. The supervisory authority is the Information Commissioner's Office (ICO) at https://ico.org.uk. We maintain a UK representative under UK GDPR Article 27; their contact details are published on our website's contact page.

California — CCPA / CPRA

California residents have the rights to know, delete, correct, opt out of the sale or sharing of personal information, and non-discrimination. We do not sell personal data and do not engage in "sharing" for cross-context behavioral advertising (Cal. Civ. Code §1798.140). You may complain to the California Privacy Protection Agency (CPPA).

Argentina — Ley N° 25.326

The Ley de Protección de los Datos Personales (Law 25.326, 2000) recognizes the rights of access, rectification, update, suppression, and confidentiality (Articles 14–16), along with the constitutional acción de habeas data. The supervisory authority is the Agencia de Acceso a la Información Pública (AAIP) (Decreto 746/2017). Argentina has an adequacy decision from the European Commission, simplifying transfers from the EU. Reforms proposed in 2024–2026 add portability and objection to automated decisions; we will conform as those amendments take effect.

Brazil — LGPD (Lei N° 13.709/2018)

The Lei Geral de Proteção de Dados Pessoais has been in force since September 2020. Data subjects have the rights listed in Article 18, namely: confirmation that processing exists; access; correction; anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data; portability; deletion of data processed with consent; information about public and private entities with which we have shared the data; information about the possibility of not providing consent and the consequences; and revocation of consent. The supervisory authority is the Autoridade Nacional de Proteção de Dados (ANPD). We have appointed an Encarregado (DPO) under Article 41; their contact details are on our website's contact page.

Chile — Law N° 19.628 → Law N° 21.719 (effective 1 December 2026)

Until 1 December 2026, Law 19.628 (1999) "Sobre Protección de la Vida Privada" applies. From 1 December 2026, Law 21.719 (published 13 December 2024) replaces and substantially expands it: full ARCO + portability + objection rights, 72-hour breach notification, a new Agencia de Protección de Datos Personales (APDP) with fining authority up to 20,000 UTM, and a regime aligned with the GDPR. We will be in compliance by the effective date.

Uruguay — Ley N° 18.331

The Ley de Protección de Datos Personales y Acción de Habeas Data (Law 18.331, 2008, as amended by Law 19.670/2018 and Decree 64/020) recognizes the ARCO rights (access, rectification, update, inclusion, suppression) along with the acción de habeas data. The supervisory authority is the Unidad Reguladora y de Control de Datos Personales (URCDP). Uruguay has an adequacy decision from the European Commission (2012). A Data Protection Officer must be appointed by data controllers performing certain activities (Law 19.670, Article 40); we have done so where required.

Other jurisdictions

Where you reside in a jurisdiction not listed above (e.g. LGPD-equivalent laws in Mexico, Colombia, Peru, Ecuador; PIPEDA in Canada; PIPA in South Korea; APPI in Japan; POPIA in South Africa), the rights in §8 apply to you as a matter of policy, and you may contact us through the channel in §12 to exercise them. We make a good-faith effort to comply with applicable local requirements; if your local law grants stronger rights than §8, those stronger rights prevail.