Skip to content

Privacy Policy

Last updated: 24 April 2026

This policy explains what FreshGeo does with personal data. We’ve written it in plain English because legal pages shouldn’t need a decoder ring.

If something isn’t clear, email us at privacy@freshgeo.com and a human will reply.

Who we are

FreshGeo Ltd is a company registered in England and Wales (the “controller” under UK GDPR and EU GDPR for the data described below). Our registered office is in London, United Kingdom.

What this policy covers

This policy covers personal data we collect when you:

  • Visit freshgeo.com
  • Create an account or trial
  • Use our data-API product
  • Contact support or sales
  • Receive marketing from us

It does not cover data you submit through our API for lookup (we process that on your behalf as a processor — see our DPA).

What we collect

We only collect what we need.

Account data. Name, work email, company name, job title, password hash, and any profile details you add.

Billing data. Billing address, VAT number, plan, invoices. Card details are handled by Stripe — we never see your full card number.

Usage data. API calls made, endpoints hit, volume, response times, IP address, user agent, logs of dashboard actions. We use this to run the service, bill you correctly, and investigate abuse.

Support data. Anything you send us in tickets, email or chat.

Marketing data. If you opt in, your email and engagement with our newsletters.

Cookies. Strictly necessary cookies and first-party analytics only. See our Cookie Policy.

Public-web data

FreshGeo’s product is built partly on data we collect from publicly available sources on the internet. If that dataset contains personal data (for example, a public business listing with a contact name), we process it as controller under a legitimate-interest basis, and we honour objection and erasure requests. Email privacy@freshgeo.com with the subject line “Public data request” and we’ll action it within 30 days.

Why we process your data

PurposeLawful basis
Run the service you signed up forContract
Bill youContract / legal obligation
Keep the service secure, prevent abuseLegitimate interest
Improve the product with aggregated usage patternsLegitimate interest
Send you product-critical emails (outages, security)Legitimate interest
Send you marketingConsent (opt-in; opt-out anytime)
Comply with tax, accounting, law-enforcement requestsLegal obligation

Who we share data with

We share data only with:

  • Sub-processors who help us run the service (AWS, Stripe, Postmark, Sentry). Current list at freshgeo.com/subprocessors.
  • Professional advisers (lawyers, accountants, auditors) under confidentiality.
  • Acquirers if we’re bought or merged — we’ll tell you before your data moves.
  • Authorities when a valid legal request compels us.

We do not sell your personal data. Ever.

International transfers

Our primary data centre is in London (eu-west-2). We operate read replicas in the US and Germany for resilience and latency. Transfers outside the UK/EEA rely on the UK International Data Transfer Agreement (IDTA), EU Standard Contractual Clauses (2021), plus supplementary measures (encryption, access controls).

How long we keep it

  • Account data: duration of your account, plus 30 days after closure.
  • Billing records: 7 years (UK tax law).
  • Usage logs: 13 months rolling.
  • Support tickets: 3 years.
  • Marketing lists: until you unsubscribe.
  • Backups: purged on a rolling 35-day cycle.

Your rights

You can:

  1. Ask for a copy of your data (access).
  2. Correct inaccurate data (rectification).
  3. Ask us to delete it (erasure — subject to legal retention).
  4. Object to processing based on legitimate interest.
  5. Ask us to restrict processing while we investigate.
  6. Port your data to another provider.
  7. Withdraw consent for marketing at any time.

Email privacy@freshgeo.com. We respond within 30 days.

You also have the right to complain to the UK ICO (ico.org.uk) or your EU supervisory authority.

Security

We encrypt data in transit (TLS 1.2+) and at rest (AES-256). We run least-privilege access, audit logging, and annual penetration tests. SOC 2 Type II audit is in progress — report available under NDA on request. ISO 27001 alignment is underway for 2026.

If we ever suffer a breach that affects you, we’ll notify you and the ICO within 72 hours of becoming aware.

Children

FreshGeo is a B2B product. It’s not intended for anyone under 16. We don’t knowingly collect data from children.

Changes

If we change this policy in a way that materially affects you, we’ll email account admins at least 14 days before it takes effect. Minor edits may be made without notice.

Contact

privacy@freshgeo.com — for anything on this page.