Legal

Privacy Policy

Effective date: 21 May 2026 · Last updated: 21 May 2026

This Privacy Policy describes how locodata.ai ("we", "us", or "our") collects, uses, discloses, and protects information about you when you use our website, dashboard, and API services (collectively, the "Service"). We are committed to handling your data with absolute corporate transparency and in compliance with applicable United States data privacy frameworks.

1. Who We Are

locodata.ai provides enriched maritime geolocation datasets and real-time shipping risk logistics telemetry. If you have any questions regarding this Privacy Policy, your data rights, or our security protocols, please contact us at: hello@locodata.ai.

2. Information We Collect

We collect only the minimum necessary data required to deliver, secure, and bill for the Service:

Account and Profile Information: When you register for an account, we collect your business email address. If you choose to authenticate via Google or LinkedIn OAuth, we receive your verified email address, full name, and professional profile metadata (such as your organization or job title, where permitted by the provider). We do not request, store, or utilize your social profile pictures or personal networks.
API Telemetry and Usage Logs: We log technical data regarding your API requests, including the specific endpoint queried, timestamp, client IP address, and response status code. This metadata is strictly utilized to enforce rate limits, calculate subscription usage, monitor for infrastructure abuse, and optimize pipeline performance. We do not monitor or store the internal logic of your proprietary code.
Payment and Billing Processing: All paid transaction processing is securely offloaded to Stripe. locodata.ai does not store, capture, or transmit any raw credit card numbers or financial security codes (CVVs) on its servers. Stripe handles all checkout experiences in full compliance with PCI-DSS standards. We receive and store only your unique Stripe Customer ID, Billing Country, and Subscription Status.
Cookies and Local Storage: We do not utilize cookies or third-party marketing tracking pixels (such as Meta or Google Ads pixels) for behavioral advertising. We utilize browser localStorage securely managed by Supabase solely to preserve your active, authenticated login session.

3. How We Use Your Information

We use your collected data strictly for the following operational and commercial purposes:

To authenticate your identity and provision your API access keys.
To manage your billing cycles, process renewals, and enforce subscription tier quotas.
To distribute critical transactional updates, system maintenance alerts, and Stripe billing receipts.
To protect the Service against infrastructure abuse, systemic dataset scraping, credential stuffing, and fraudulent activity.
To generate aggregated, non-identifiable usage statistics to benchmark platform efficiency.

WE DO NOT SELL YOUR PERSONAL INFORMATION. locodata.ai will never trade, rent, or sell your personal or professional data to third-party data brokers, advertisers, or marketing firms.

4. Third-Party Service Providers

To deliver a resilient, sub-100ms globally distributed infrastructure, we share specific metadata with trusted, enterprise-grade subprocessors. Each provider processes your data strictly under our direction and subject to their respective privacy protections:

Provider	Purpose	Data Shared
Supabase	Core Database & User Authentication	Email, internal User ID, encrypted session tokens.
Stripe	Enterprise Billing & Subscription Management	Email, company name, billing metadata, country profile.
Google Cloud (OAuth)	Third-Party Single Sign-On Option	Name, verified email address, user ID.
LinkedIn (OAuth)	Third-Party Single Sign-On Option	Name, verified email address, job title/company metadata.
Fly.io	Global Edge Server & API Infrastructure	Encrypted API request payloads, network routing data.
Cloudflare	DNS, CDN Cache, & DDoS Security Firewall	Client IP addresses, standard HTTPS request headers.
Resend	Transactional Email Delivery Infrastructure	Target email address, system notification content.

5. Data Retention

Active Accounts: We retain your account registration and OAuth profile metadata for as long as your account remains active within our database.
API Telemetry Logs: Raw technical API logs and IP addresses are automatically purged or anonymized within ninety (90) days.
Account Deletion: Upon receiving a formal account closure request, we will permanently delete or anonymize your personal account data within thirty (30) days. Exception: Financial transaction history and specific billing metadata associated with Stripe payments will be retained longer as strictly mandated by United States federal tax laws and corporate auditing obligations.

6. Data Security Measures

We implement standard industry-grade technical controls to protect your commercial data. This includes mandatory Transport Layer Security (TLS 1.3) encryption for all API transport, SHA-256 hashing for all active database API keys, strict database role isolation via Supabase row-level security (RLS), and continuous firewall monitoring via Cloudflare. Please note that no method of transmission or digital storage is 100% secure; you are responsible for keeping your generated API secret keys entirely confidential.

7. Your United States Data Privacy Rights

Depending on your jurisdiction within the United States (including but not limited to California, Virginia, Texas, and New York), you may possess specific state-level statutory rights regarding your personal data. locodata.ai extends these core transparency features globally to all registered users:

Right to Know/Access: You can request a structural breakdown of the specific personal data fields we hold about your profile.
Right to Correction: You may request updates to inaccurate or incomplete business profile data.
Right to Deletion: You can request the permanent destruction of your user profile and API credentials.
Right to Opt-Out: Because we do not sell personal data or engage in cross-contextual behavioral tracking, we do not display a "Do Not Sell My Info" button. However, you retain the absolute right to object to any automated data processing by closing your account.

To exercise any of these technical data rights, please transmit your request to hello@locodata.ai using your registered account email.

8. Children's Privacy

The Service is built exclusively as an enterprise, business-to-business (B2B) data application. We do not knowingly target or collect data from individuals under the age of sixteen (16). If we discover that an account has been registered by a minor, we will execute immediate deletion protocols.

9. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy to reflect changing global compliance frameworks. When material adjustments occur, we will post an updated "Last Updated" date at the top of this document and notify all registered primary account owners via email.

10. Legal Contact Information

For any legal inquiries, data privacy requests, or security vulnerability disclosures, please communicate directly with our operational desk at: hello@locodata.ai.