GeoQ
Free API key

Legal

Privacy Policy

Last updated: 6 June 2026

This is a plain-language legal document written for clarity. It does not constitute legal advice. Defined terms are used consistently across our legal pages.

This Privacy Policy explains how GeoQ ("we", "us") processes personal data when you use our website and API (the "Service"). We aim to be plain-spoken: we built a privacy-respecting product, and this document reflects that.

1. IP addresses are personal data

We treat IP addresses as personal data (PII) under the UK GDPR and EU GDPR, and process them accordingly. This applies both to IPs you submit to the API for lookup and to IPs we observe when you use our website.

2. What we process and why

API lookups (you are the controller; we are the processor)

When you call /v1/check, you send us an IP address to analyse. Lookups are stateless: we resolve the IP against our datasets and return a result. We do not build profiles of the end-users behind the IPs you submit, and we do not enrich or sell that data.

Operational logs

To run, secure and bill the Service we keep operational logs. Any IP addresses in those logs are truncated or hashed and retained for no more than 30 days, after which they are deleted or fully anonymised. We do not retain submitted lookup IPs in identifiable form beyond this window.

Account data

For account holders we process your name, email, authentication data and billing details (handled by our payment processor) to provide and bill the Service.

3. Lawful basis

We rely on:

  • Legitimate interests (Art. 6(1)(f) GDPR) for operating, securing and improving the Service, including short-lived, truncated/hashed logging for security and abuse prevention. We have balanced this against your rights, and the minimised, time-limited nature of the data is central to that balance.
  • Contract (Art. 6(1)(b)) for providing the Service to account holders.
  • Legal obligation (Art. 6(1)(c)) where applicable (e.g. tax records).

Where you act as a controller submitting IPs to us, you are responsible for having a lawful basis for that processing and for honouring the Acceptable Use Policy — in particular the prohibition on sole-basis automated decisions about individuals.

4. Data hosting and location

The Service is hosted on Amazon Web Services in the eu-west-1 (Ireland) region. Where any processing involves transfers outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses.

5. Subprocessors

We use a small number of subprocessors to deliver the Service, including Amazon Web Services (hosting, eu-west-1) and Stripe (payment processing). See our Subprocessors page for the current list. We impose data-protection obligations on each subprocessor.

6. Retention

  • Lookup processing: stateless — not stored in identifiable form beyond the log window.
  • Operational logs containing truncated/hashed IPs: ≤ 30 days.
  • Account and billing records: for the life of the account plus any period required by law.

7. Your rights

Subject to applicable law, you have rights to access, rectify, erase, restrict and port your personal data, and to object to processing based on legitimate interests. To exercise them, contact support@geoq.io. You may also complain to your supervisory authority (in the UK, the ICO; in Ireland, the DPC).

8. Security

We use encryption in transit, access controls, key management and data minimisation. No system is perfectly secure, but minimising and time-limiting what we hold is our first line of defence.

9. Cookies

Our marketing site uses minimal, essential storage (e.g. remembering your light/dark theme). We do not use invasive third-party advertising trackers.

10. Children

The Service is for businesses and developers and is not directed at children.

11. Changes

We may update this policy; material changes will be notified by reasonable means.

12. Contact

Privacy questions or requests: support@geoq.io.