Recent searches
Search options
@opencage@en.osm.townAfter a few weeks of #geoweirdness threads, this weekend let's switch things up and do some #geoeducation
One topic that often comes up around location data is privacy 
If you accurately know where someone spends their time, you can often figure out who they are. Users of our geocoding API have to send us location info. So, how can they ensure privacy?
2/ From day one, we've known one of the key value propositions of our geocoding API is that some customers really do NOT want to share data with Google and other internet giants.
So privacy has been a continual focus for us, not an afterthought.
We're a 
German legal entity thus fully compliant with GDPR.
Here's our GDPR policy: https://opencagedata.com/gdpr
and you can easily see all the details of exactly who we are on our about page: https://opencagedata.com/about
3/ But let's get into what we actually do about privacy.
It starts with our website, where we don't use Google Analytics or any other trackers.
Instead, we use privacy-focused Fathom Analytics so we can anonymously see what is happening on the site without tracking anyone. Our Fathom account is configured so that all data stays in the EU .
EDIT: here's a Fathom referral code if you want a discount: https://usefathom.com/ref/Q1OOEC
4/ Our website and API are of course both available via HTTPS (happily this has increasingly become the norm on the web)
5/ When you sign up for a free trial of our service all you need is a working email.
Inactive free trial accounts get deleted after 6 months. Of course, you can also delete your account sooner anytime you like.
And don't worry 
, signing up doesn't put you on our marketing list. We have no marketing list 
6/ If you become a paying customer we do legally have to store a record of the transaction, but you can, with the single click of a button, delete your payment info once you stop being a customer.
https://blog.opencagedata.com/post/delete-your-card-details
All card billing is done via our payment processor Stripe, we never hold a record of your card details.
7/ So now let's get into the geocoding API itself.
First up, please send us only location information, never details of who is at that location. Besides privacy concerns it just makes geocoding much harder.
Please see: https://opencagedata.com/guides/how-to-format-your-geocoding-query
8/ Next, if you use the optional "no_record" parameter in your API call, we will keep ... absolutely no record of what your query was. None. Nada. Zilch.
9/ Finally, we do our best to educate users of the API about privacy implications of location data.
For example here is a guide to NOT showing precisely geocoded locations
https://opencagedata.com/guides/how-to-preserve-privacy-by-showing-only-an-imprecise-location
10/ Digital privacy is a continually evolving issue. New technology makes so much possible, but also exposes us to new risks. It's a topic that is never "done".
We welcome (and pay for) suggestions as to how we can improve security. Here's our bug bounty program, at the bottom you can find a list of bug reports we've paid for:
https://opencagedata.com/security-bounty
Here's a report we wrote about our experiences running a bug bounty program as a smaller company:
https://blog.opencagedata.com/post/running-a-security-bounty-program-as-a-bootstrapped-business-lessons-learned
11/ Thanks for reading and sharing
Please get in touch if you have any questions (or suggestions) about our approach to privacy or security (or anything else).
We have more threads about #geoeducation, the #geoweirdness of specific countries, border disputes, geocoding, etc linked on our blog: https://blog.opencagedata.com/geothreads
Stay safe and private!
Final bonus toot - what to do if you want the benefits of tracking where you’ve been without the privacy risk? 
Please check out our friends at @owntracks https://owntracks.org an open source, privacy-focused journey tracking and sharing software