Privacy Policy

1. Who we are

GeoSpot (“we”, “us”) provides member location, geofencing, and check-in services for organizations through mobile applications and related APIs operated under the geospot.live domain. This policy describes how we handle personal data when you use GeoSpot.

2. Data we collect

• Account and profile: name, contact email address, email verification status, phone number (if provided), password (stored using secure hashing), organization membership, role, optional profile photo, and sign-in identifiers from authentication methods you use (such as email and password or third-party sign-in where enabled). If your sign-in email is a forwarding or relay address that is not a direct contact address, we also store that address and, once you provide one, a separate verified contact email (which may become your primary email with the forwarding or relay address kept as a secondary address).
• Location: precise and approximate location from your device when you grant permission, including in the background where required for scheduled work geofencing and automatic check-in/out, as described in the app and your organization’s settings.
• Check-ins and activity: check-in and check-out events, timestamps, and associated location or site information as configured by your organization.
• Device and notifications: push notification tokens and related technical data needed to deliver alerts you or your organization enable.
• Technical and operational data: IP address, app version, diagnostic and error information sent to our error-monitoring providers (for example Sentry, when enabled) to diagnose crashes and reliability issues—not for advertising, and logs needed to operate and secure the service.
• Direct messages: text and other content you send in organization direct messages, message timestamps, read state, client identifiers used to prevent duplicates, and attachments (such as photos or videos) you choose to send.
• Blocking and safety:if you block another member, we store the block relationship (your account, the blocked member's account, the organization, and when the block was created) so we can enforce your choice in the app.
• Contact messages: information you submit through our contact form, such as your name, email address, organization, subject, and message.

3. How we use your data

We use personal data only to operate GeoSpot as a workforce location and check-in service—not for unrelated commercial purposes. Specifically, we use personal data to:

• Provide, maintain, and secure GeoSpot features requested by your organization.
• Authenticate users, manage accounts and organization membership, enforce roles and permissions, and verify identity—including confirming a reachable, direct contact email before you use organization features, as described in the app and our Terms and Conditions).
• Show your name and profile information to other members of organizations you belong to, so coworkers can recognize you in member lists, profiles, and messaging.
• Process location and geofence events for attendance, check-ins, and workforce visibility in line with schedules and policies your organization configures.
• Send service-related communications, such as account verification, security alerts, operational notifications, and (where allowed) push notifications tied to GeoSpot features.
• Deliver and secure direct messaging between members of the same organization, including assignment and check-in cards shown in message threads where enabled.
• Enforce block requests—for example, hiding blocked members from your member list in that organization, preventing direct messages between you and a member you blocked, and stopping direct-message push notifications from blocked members to you where applicable.
• Investigate abuse, protect users and organizations, maintain service integrity, and comply with law.
• Respond to contact, support, and privacy requests.
• Meet legal obligations and respond to lawful requests.

4. Advertising and commercial use

GeoSpot is a B2B workforce service. We do not use your personal data for advertising, retargeting, audience building, interest-based profiling, or other marketing unrelated to delivering GeoSpot.

• We do not sell personal information, and we do not share it for cross-context behavioral advertising.
• We do not use location, check-in, or workforce activity data to build advertising profiles or to monetize your data outside of providing the service.
• Contact and profile information (such as email and name) is used for identity, account management, organization membership, and service communications—not for third-party marketing lists or unrelated commercial exploitation by GeoSpot.
• Your organization may use member data for its own workforce operations under its policies; that is separate from GeoSpot’s use, which is limited to operating the platform for your organization.

5. Legal bases (EEA/UK)

Where applicable, we rely on performance of a contract (providing the service to your organization and its users), legitimate interests (security, reliability, fraud prevention, enforcing blocks and other safety controls, and proportionate workforce features—not advertising or unrelated commercial use), and consent where we ask for it in the app (for example, certain permissions or optional communications).

For blocking and related safety processing, we rely on legitimate interests in operating a safe workforce service and honoring your choice to limit contact with another member, balanced against the rights of the blocked member and your organization.

For account identity and contact-email verification (including requiring a direct, reachable contact email rather than a forwarding or relay address alone), we rely on performance of a contract and legitimate interests in operating a trustworthy workforce service, preventing abuse, and communicating with you about your account.

6. Sharing and processors

We may share data with:

• Your organization:administrators and managers may access member data needed to operate GeoSpot for their workforce. Blocking is enforced for your account; people with appropriate organization permissions may still access workforce data, including messaging or membership information, as permitted by their role and your organization's use of GeoSpot.
• Service providers: subprocessors that help us run GeoSpot under contract—for example cloud hosting and infrastructure (AWS), maps and location-related services (Google Maps where used in the app), email delivery, push notification platforms, and error monitoring (for example Sentry for crash and diagnostic reporting). These providers process data only to deliver, secure, or support the service, not for their own advertising or unrelated commercial purposes.
• Authorities: when required by law or to protect rights, safety, and security.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

7. Retention

We retain data for as long as your account or organization relationship is active and as needed to provide the service, comply with law, resolve disputes, and enforce agreements. Retention varies by data type and your organization's subscription and settings.

Direct messages and attachments.We keep direct messages and related attachments according to your organization's plan and entitlements shown in the product (for example, the last 14 days on some free-tier organizations, or longer or unlimited history on paid plans). Older messages may no longer be visible in the app when retention limits apply, even if not deleted immediately from our systems.

When you block someone.Blocking removes your access to prior direct message history with that person in that organization and prevents new direct messages between you there. It does not necessarily delete messages from GeoSpot's systems right away. We may keep messages, attachments, and related logs as described above and below.

Block records. We keep block relationships while a block is active. After you unblock someone or close your account, we may retain block records for a limited period to enforce blocks, prevent repeat abuse, resolve disputes, and meet legal obligations.

Account and verification data. We keep account, profile, and email verification records while your account is active and as needed to secure the service, resolve disputes, prevent repeat abuse or evasion of blocks or suspensions, and comply with law.

We may retain any category of data longer where required by law or reasonably necessary to establish, exercise, or defend legal claims or to protect safety and security.

8. Security

We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and secure infrastructure practices. No method of transmission or storage is completely secure.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. You may also withdraw consent where processing is consent-based (for example by revoking app permissions), subject to limitations needed to provide the service—including where we must keep data to enforce blocks, investigate abuse, or comply with law. To delete your GeoSpot Live account and associated personal data from the app, see our account deletion page. For other requests, contact your organization's administrator or reach us using the details below.

10. Children

GeoSpot is intended for workforce use and is not directed at children. We do not knowingly collect personal data from children.

11. International transfers

Data may be processed in the United States and other countries where we or our subprocessors operate. Where required, we use appropriate safeguards for cross-border transfers.

12. Changes

We may update this policy from time to time. We will post the revised version on this page and update the “Last updated” date.

13. Contact

For privacy questions or requests regarding GeoSpot, contact us at privacy@geospot.live.