Privacy Policy

Last Updated:

At ZipcodeGPT ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how xgeo llc collects, uses, discloses, and safeguards your information when you use our ZipcodeGPT platform, including our website and mobile applications (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use our Service, we collect:

• Account Information: Email address, name, password (encrypted)
• Profile Information: Optional profile details you choose to provide
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Communications: Messages you send to us for support or inquiries

1.2 Location Information (Optional)

Our mobile app may request access to your device's location services to automatically detect your ZIP code and provide localized demographic insights. This feature is entirely optional and requires your explicit permission:

• Precise Location: GPS coordinates to determine your current ZIP code
• When Collected: Only when you actively use the location detection feature
• How to Disable: You can deny location permissions in your device settings or disable the feature within the app at any time
• If You Decline: You can still use the app by manually entering ZIP codes; no location data will be collected

1.3 Usage Information

We automatically collect certain information about how you interact with our Service:

• Activity Data: ZIP codes searched, insights generated, chat queries submitted, features accessed
• Device Information: Device type, operating system, browser type, mobile app version
• Log Data: IP address, access times, pages viewed, actions performed
• Session Data: Authentication sessions, user preferences, app settings

1.4 Information from Third-Party Services

If you choose to sign in using third-party authentication:

• Google OAuth: Name, email address, profile picture (if you choose to sign in with Google)

Additional authentication providers may be added in future updates.

1.5 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Prevent fraud and enhance security

You can control cookies through your browser settings. Note that disabling cookies may limit some functionality of our Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve Our Service

• Create and manage your account
• Process your ZIP code searches and demographic queries
• Generate AI-powered insights and analyses
• Provide chat functionality with our AI assistant
• Display relevant census data and visualizations
• Improve our algorithms and user experience

2.2 To Process Payments and Manage Subscriptions

• Process subscription payments and manage billing
• Track usage credits and quota
• Send billing notifications and receipts
• Prevent payment fraud

2.3 To Communicate with You

• Send important account and service updates
• Respond to your inquiries and support requests
• Send subscription and credit usage notifications
• Notify you of new features or significant changes (you can opt out)

2.4 For Security and Legal Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Comply with legal obligations and law enforcement requests
• Protect the rights and safety of our users and the public

3. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

• Payment Processing: Stripe (for subscription and payment processing)
• AI Services: OpenAI and Grok AI (for generating insights and chat responses)
• Cloud Hosting: Cloud infrastructure providers for data storage and processing
• Analytics: Service analytics to understand usage patterns
• Email Services: Email delivery providers for transactional emails

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

3.2 AI Processing Partners

When you use our AI-powered features (chat and insights), your queries and selected ZIP code data are sent to third-party AI services (OpenAI and Grok AI) for processing. These services:

• Process your requests to generate insights and responses
• Do not use your data to train their models (as per our agreements)
• Are bound by their own privacy policies and data processing agreements

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government or regulatory requests
• Enforcement of our Terms of Service
• Protection of our rights, property, or safety, or that of our users or the public

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide choices regarding your data.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data transmitted between your device and our servers is encrypted using TLS/SSL
• Password Security: Passwords are hashed and encrypted; we cannot access your actual password
• Secure Storage: Personal data is stored on secure servers with access controls
• Regular Audits: We regularly review our security practices and update them as needed
• Mobile App Security: Sensitive data on mobile devices is stored using secure storage mechanisms (iOS Keychain/Android Keystore)

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: We retain your data while your account is active
• Inactive Accounts: We may delete accounts inactive for more than 2 years after notice
• Usage Data: Activity logs are retained for up to 2 years for analytics and security purposes
• Payment Records: Billing records are retained for 7 years for tax and accounting compliance
• Location Data: We do not store precise GPS coordinates; only the ZIP code derived from location is stored

After account deletion, we may retain anonymized or aggregated data for analytics and legal compliance.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access and Portability

• Request a copy of the personal data we hold about you
• Export your data in a commonly used, machine-readable format

6.2 Correction

• Update or correct inaccurate personal information
• You can update most information directly in your account settings

6.3 Deletion

• Request deletion of your personal data ("right to be forgotten")
• You can delete your account at any time through account settings
• Note: We may retain certain data for legal compliance or legitimate business purposes

6.4 Objection and Restriction

• Object to processing of your data for certain purposes
• Request restriction of processing in certain circumstances

6.5 Withdraw Consent

• Withdraw consent for data processing at any time (including location access)
• This does not affect the lawfulness of processing before withdrawal

6.6 Opt-Out of Communications

• Unsubscribe from marketing emails (using the link in emails or account settings)
• Note: You cannot opt out of essential service communications (e.g., billing, security alerts)

To exercise these rights, contact us at admin@zipcodegpt.com. We will respond within 30 days.

7. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the European Union). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using our Service, you consent to such transfers. We implement appropriate safeguards to protect your data, including:

• Standard Contractual Clauses approved by the European Commission
• Ensuring our service providers comply with applicable data protection regulations
• Implementing technical and organizational security measures

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Categories of Personal Information Collected

• Identifiers (name, email, IP address)
• Commercial information (subscription details, purchase history)
• Internet activity (usage data, search queries)
• Geolocation data (ZIP code, optional precise location)

9.2 Your CCPA Rights

• Right to know what personal information we collect, use, disclose, and sell
• Right to delete personal information
• Right to opt-out of sale of personal information (Note: We do not sell your data)
• Right to non-discrimination for exercising your rights

To exercise your CCPA rights, email admin@zipcodegpt.com with "CCPA Request" in the subject line.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your data based on the following legal grounds:

• Contract Performance: To provide our Service as agreed in our Terms of Service
• Consent: For optional features like location services (you can withdraw consent anytime)
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Obligations: To comply with applicable laws and regulations

10.2 Your GDPR Rights

In addition to rights listed in Section 6, you have the right to lodge a complaint with your local data protection authority.

11. Mobile Application Specific Information

11.1 Permissions

Our mobile app may request the following permissions:

• Location Services: To automatically detect your ZIP code (optional, can be denied)
• Internet Access: Required to connect to our Service and retrieve census data
• Storage: To cache data for offline viewing and store user preferences

11.2 Device Data

The mobile app collects:

• Device model and operating system version (for compatibility and bug fixes)
• App version (to ensure you're using the latest features)
• Crash logs (to identify and fix technical issues)

11.3 Push Notifications (Future Feature)

Push notification functionality is planned for future release. When implemented, you will be able to opt-in to receive alerts about account activity, insights completion, or important updates. You will have full control to enable or disable notifications in your device settings at any time.

11.4 iOS-Specific Permissions

Our iOS app requests the following permissions:

• Location Services (When In Use Only): Required only when you tap "Use My Location" to automatically detect nearby ZIP codes. You can deny this permission and manually enter ZIP codes instead. We do not track your location in the background or store GPS coordinates.
• Internet Access: Required to retrieve census data, generate AI insights, and communicate with our servers.

All permissions are optional except for internet access, which is required for the app to function. Location permission can be denied, and you can still use all features by manually entering ZIP codes.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services (e.g., Google Maps, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website and mobile app
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification for significant changes

Your continued use of our Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Do Not Track Signals

Some browsers have "Do Not Track" features. Currently, there is no industry standard for responding to these signals. We do not currently respond to Do Not Track signals, but we limit data collection to what is necessary for our Service.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Data Protection Officer

For data protection inquiries, especially those related to GDPR, you may contact our designated data protection contact at admin@zipcodegpt.com with "DPO" in the subject line.