Privacy Policy

This Privacy Policy covers all data processing activities performed by Oceanir in connection with the Services, whether the data is collected online (through the website, APIs, or applications), offline (through customer support, events, or business development), or through third-party integrations. It does not cover the practices of third parties that we do not own or control, or individuals that we do not employ or manage.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services. If you are accessing the Services on behalf of an organization, you represent that you have authority to bind that organization to this Privacy Policy.

This Privacy Policy is designed to comply with the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), the Montana Consumer Data Privacy Act (MCDPA), and other applicable federal, state, and international privacy laws and regulations.

Oceanir follows privacy-by-design principles. Privacy considerations are embedded into the architecture of our systems, the design of our features, and the development of our machine learning models from the earliest stages. We conduct privacy impact assessments for new features and regularly audit our data processing activities to ensure compliance with this Policy and applicable law.

When you create an account, we collect:

• Email address: Used as your primary account identifier, for login, password resets, transaction receipts, and service communications.
• Password: We never store your password in plaintext. Passwords are hashed using bcrypt with a cost factor of 12 before storage. We cannot retrieve your original password.
• Display name: An optional name you choose to display on your profile and within team workspaces.
• Profile image: An optional avatar you may upload, stored in compressed WebP format.

Depending on your chosen authentication method, we may collect:

• OAuth tokens: If you sign in with Google, we receive your Google account email and profile name. We do not receive or store your Google password.
• Passkey credentials: If you use WebAuthn/passkeys, we store a public key credential ID and public key. Your private key never leaves your device.
• Session tokens: Encrypted session identifiers stored in HTTP-only, secure, SameSite cookies with a maximum lifetime of 30 days.
• Captcha verification: We use Cloudflare Turnstile to verify you are human during registration. Turnstile does not use cookies and does not track users across sites.

When you use our geo-estimation analysis features, we collect:

• Uploaded images: JPEG, PNG, WebP, HEIC, or other supported image formats submitted for analysis. Images are compressed and resized server-side before processing.
• File metadata: File name, file size, MIME type, image dimensions, and upload timestamp. We do not read or process EXIF metadata from your images.
• Analysis results: The geo-estimation prediction output including predicted coordinates (rounded for privacy), confidence scores, city/country labels, landmark identifications, and reasoning summaries generated by our Orca models.

When you purchase credits or subscribe to a paid plan, we collect:

• Billing information: Your billing name and address are collected by our payment processor, Polar. We do not directly collect or store your full credit card number, CVV, or bank account details.
• Transaction records: We store a record of each transaction including the amount paid, currency, timestamp, subscription plan, credit quantity, Polar transaction ID, and payment status.
• Credit balance: Your current credit balance and a history of credit usage (debits per analysis, credits from purchases) are maintained in our database.
• Subscription status: Your current plan tier (free, pro, teams), billing cycle, renewal date, and cancellation status.

We automatically collect certain technical information when you access the Services:

• IP address: Your Internet Protocol address, which may indicate your approximate geographic location. We use IP addresses for rate limiting, abuse detection, and to comply with export control regulations.
• Browser information: Browser type, version, and engine (e.g., Chrome 121, Safari 17.2).
• Operating system: OS name and version (e.g., macOS 15.3, Windows 11, iOS 18).
• Device type: Whether you are accessing from a desktop, laptop, tablet, or mobile device.
• Screen resolution: Display dimensions and pixel density.
• Referring URL: The web page or search engine that directed you to our Services.
• Language & timezone: Your browser's language preference and local timezone offset.

We collect information about how you interact with the Services:

• Page views: Which pages and features you visit, and how long you spend on each.
• Feature usage: Which tools and features you use (e.g., satellite view, street view, map analysis, property search), frequency of use, and interaction patterns.
• API calls: For API users, we log endpoint paths, request timestamps, response codes, and latency metrics. We do not log request bodies or image payloads in our usage logs.
• Search queries: If you use our city search or location search features, we log the search terms to improve search relevance.
• Error events: Client-side and server-side errors are logged to help us identify and fix bugs. Error logs may include the page URL, error message, stack trace, and browser details.
• Session information: Session start time, session duration, pages per session, and session identifiers.

We collect information when you communicate with us:

• Support requests: Emails, contact form submissions, and any attachments you send to our support team.
• Feedback: Product feedback, feature requests, and bug reports you submit through in-app feedback mechanisms.
• Newsletter preferences: If you subscribe to our newsletter, we collect your email address and communication preferences. We use a double opt-in process for newsletter subscriptions.

If you use Oceanir Teams, we additionally collect:

• Team name and settings: The name of your team workspace, team avatar, and administrative preferences.
• Member information: Email addresses of invited team members, their roles (admin, member, viewer), and invitation status.
• Seat allocation: Number of seats purchased and assigned within your team plan.
• Shared analyses: When team members share analysis results within the team workspace, we store the sharing metadata (who shared, when, with whom).

For clarity, Oceanir does not collect:

• Social Security numbers or government-issued identification numbers.
• Biometric data (fingerprints, facial recognition templates, retinal scans). While we process images that may contain faces, we do not extract or store biometric identifiers.
• Health or medical information.
• Financial account numbers (bank account, credit card numbers are handled exclusively by Polar).
• EXIF metadata from your images (camera info, GPS tags, timestamps). We do not read or process EXIF data.
• Precise real-time location data from your device (we do not request GPS permissions).
• Keystrokes, mouse movements, or screen recordings.
• Contacts or address book data from your device.

This is the core purpose of our data processing. We use your Account Data to authenticate you, your User Content to generate geo-estimation predictions, your payment data to process transactions, and your preferences to customize your experience. Without this processing, we cannot provide the Services to you.

When you upload an image for analysis, your image is sent to our inference servers where our Orca machine learning models process it to generate a geo-estimation prediction. The image is held in memory during processing and written to temporary encrypted storage for the duration of the analysis pipeline. The analysis typically completes in 3–15 seconds. After the analysis is complete, the temporary copy is queued for deletion.

We use your Account Data to manage your account, including authentication, password resets, email verification, session management, subscription management, credit balance tracking, and team administration. We use your email address to send transactional emails (password resets, purchase receipts, subscription confirmations) and, if you opt in, promotional communications.

We use Technical Data, Usage Data, and IP addresses to detect and prevent unauthorized access, abuse, fraud, and other malicious activity. This includes rate limiting, bot detection, credential stuffing protection, and monitoring for suspicious account behavior. We use Cloudflare Turnstile for CAPTCHA verification during registration and may challenge suspicious requests.

We use aggregated, anonymized Usage Data to understand how users interact with our platform, identify popular features, detect usability issues, and inform product development decisions. We use PostHog for product analytics. PostHog processes event data on our behalf and does not sell or share user data. You can opt out of analytics tracking in your account settings.

We monitor API response times, error rates, page load performance, and infrastructure health to ensure the Services operate reliably. Performance data is aggregated and does not include User Content or Personal Data beyond anonymized Technical Data.

When you contact our support team, we use your Account Data and the content of your communications to investigate and resolve your issue. Support conversations may be retained for quality assurance and training purposes, with Personal Data redacted after the support ticket is resolved.

We process data as necessary to comply with applicable laws, regulations, legal processes, and government requests. This includes maintaining audit logs, responding to subpoenas and court orders, enforcing our Terms of Service, complying with export control regulations, and reporting illegal content (such as CSAM) to the National Center for Missing and Exploited Children (NCMEC) and relevant law enforcement authorities.

We use your email address to send you: (a) transactional emails required for the operation of the Services (password resets, purchase receipts, subscription changes, security alerts); (b) service announcements about material changes to the Services, planned maintenance, or policy updates; and (c) if you opt in, promotional emails about new features, product updates, and educational content. You may unsubscribe from promotional emails at any time by clicking the unsubscribe link in any email or updating your preferences in your account settings. Transactional and service emails cannot be opted out of while you maintain an active account.

Images are uploaded from your device to our servers over an encrypted TLS 1.3 connection. During upload, images pass through Cloudflare's edge network, which may temporarily cache the encrypted request in the point-of-presence (PoP) nearest to you. Once received by our application servers, the image is validated for format, file size (maximum 25MB), and dimensions before being passed to the analysis pipeline.

Your image is processed by our Orca series machine learning models running on GPU-accelerated inference servers. During inference, the image is held in GPU memory and system RAM. The inference process is stateless: each analysis request is independent and the model does not retain information between requests. The model outputs a structured prediction including geographic coordinates, confidence score, country/city classification, and reasoning text. Inference typically completes in 3–15 seconds depending on image complexity and server load.

To protect privacy and prevent precise location tracking, all geographic coordinates in Analysis Results are rounded to approximately 100-meter precision. This means that even if our model internally generates a more precise prediction, the coordinates stored and displayed to you are intentionally reduced in precision. This rounding is applied server-side before results are stored or transmitted to your device.

During the analysis pipeline, your image is written to temporary encrypted storage (AES-256 encrypted at rest) for the duration of processing. This temporary copy exists solely to support the multi-step analysis pipeline (image validation, preprocessing, inference, post-processing). The temporary copy is marked for deletion immediately after the analysis is complete and is purged within 1 hour.

If you have analysis history enabled in your account settings (it is disabled by default for new accounts), we store a thumbnail of your uploaded image (compressed, resized to a maximum of 400px on the longest edge, WebP format) along with the Analysis Results. This history is encrypted using a per-user AES-256-GCM encryption key derived from your account. Analysis history is retained for a maximum of 30 days and is automatically deleted after this period. You can manually delete individual history entries or your entire history at any time from your account settings.

All images, whether in transit, in temporary processing storage, or in analysis history, are encrypted. In transit: TLS 1.3. At rest: AES-256 block-level encryption on storage volumes. For analysis history: additional application-layer AES-256-GCM encryption with per-user keys. This means that even in the unlikely event of a storage-level breach, your images cannot be read without your account's encryption key.

For clarity, Oceanir does not:

• Read, extract, or process EXIF metadata from your images.
• Run facial recognition, facial detection, or biometric identification on your images.
• Extract or store text from your images (OCR) unless text recognition is part of the geo-estimation signal.
• Share, sell, or distribute your images to third parties.
• Use your images for advertising or marketing purposes.
• Make your images publicly accessible or searchable.
• Retain your original full-resolution images beyond the temporary processing window.

Your Account Data, transaction records, credit balances, team configurations, and analysis metadata are stored in a PostgreSQL relational database hosted on Railway's managed infrastructure within the United States. The database uses TLS-encrypted connections, AES-256 disk encryption at rest, automated daily backups with 30-day retention, and point-in-time recovery capability. Database access is restricted to our application servers via private networking; there is no public internet access to the database.

Image thumbnails stored as part of analysis history are kept in Cloudflare R2 object storage. R2 provides S3-compatible storage with built-in encryption at rest, no egress fees, and data residency within Cloudflare's global network. Access to stored objects requires time-limited signed URLs generated server-side; objects are not publicly accessible. Signed URLs expire after 15 minutes and are single-use.

Our application servers run on Railway's platform within the US-West region. The application is containerized and runs in isolated environments with no persistent local storage. Each deployment creates a fresh container image, and no user data is stored on the application server filesystem beyond the temporary processing window described in Section 5.4.

Static assets (JavaScript, CSS, fonts, public images) are served through Cloudflare's content delivery network (CDN). Cloudflare's edge network also provides DDoS protection, Web Application Firewall (WAF), bot management, and TLS termination. Cloudflare may temporarily cache encrypted request data at edge nodes, but this data is not logged or retained beyond the request lifecycle.

Our machine learning models run on dedicated GPU servers provisioned for inference workloads. These servers are stateless: they process individual analysis requests and do not maintain any user data between requests. Model weights are loaded into GPU memory at server startup and are the proprietary property of Oceanir. The inference infrastructure is isolated from the primary database and has no direct access to stored user data.

We maintain encrypted automated backups of our primary database with the following schedule: continuous write-ahead log (WAL) archiving for point-in-time recovery, daily full snapshots retained for 30 days, and weekly snapshots retained for 90 days. Backups are encrypted with separate encryption keys from the primary database and stored in a geographically separate location. We test backup restoration procedures quarterly to ensure data recoverability.

User data is logically isolated at the application level. Each user's data is identified by their unique account ID, and all database queries are scoped to the authenticated user. Team data is additionally scoped to the team ID. There is no shared data space between users or teams. API keys and session tokens are unique per user and cannot be used to access another user's data.

We process your data as necessary to perform our contract with you (the Terms of Service). This includes: creating and managing your account, processing your uploaded images to deliver geo-estimation predictions, maintaining your credit balance, processing payments, providing customer support, and enforcing our Terms of Service.

We process certain data based on our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include: ensuring the security of our Services and preventing fraud, abuse, and unauthorized access; monitoring and improving the performance and reliability of our Services; understanding how users interact with our Services to inform product development; sending you service-related communications; and defending our legal rights. We conduct balancing tests to ensure our legitimate interests do not override your rights.

For certain processing activities, we rely on your explicit consent. This includes: sending you promotional and marketing emails (opt-in required); using your images for model training (opt-in in account settings); and processing non-essential cookies and tracking technologies. You may withdraw your consent at any time through your account settings or by contacting us. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

We process data as necessary to comply with legal obligations, including: maintaining financial records for tax and accounting purposes; responding to valid legal process (subpoenas, court orders); reporting illegal content to law enforcement (e.g., CSAM); complying with export control regulations; and retaining data as required by applicable data retention laws.

In rare circumstances, we may process data to protect the vital interests of an individual, such as disclosing information to law enforcement in emergency situations involving imminent danger to life or serious physical injury.

We use Polar as our payment processor for subscriptions and credit purchases. When you make a purchase, Polar collects your payment card details, billing address, and processes the transaction. We receive a transaction confirmation, order ID, and payment status from Polar. We do not have access to your full card number. Polar's processing of your payment data is governed by Polar's own privacy policy.

Our application and database are hosted on Railway. Railway provides the compute and storage infrastructure but does not access, process, or analyze our application data. Railway's role is limited to providing infrastructure services. Railway is contractually obligated to maintain appropriate security measures and does not use our data for its own purposes.

Cloudflare provides our CDN, DDoS protection, DNS, bot management, Turnstile CAPTCHA, R2 object storage, and WAF services. Cloudflare processes Technical Data (IP addresses, request headers, TLS parameters) as part of providing these security services. Cloudflare does not have access to decrypted application data or User Content. Cloudflare's processing is governed by their Data Processing Addendum.

We use PostHog for product analytics to understand how users interact with our Services. PostHog receives anonymized event data (page views, feature usage, session data) with your account ID pseudonymized. PostHog does not receive User Content, images, or Analysis Results. You can opt out of PostHog analytics in your account settings. PostHog processes data as our processor under a Data Processing Agreement.

We use Amazon Simple Email Service (SES) to send transactional and, if opted in, promotional emails. Amazon SES receives your email address and the email content for delivery. Amazon SES processes this data solely for the purpose of email delivery and is contractually prohibited from using it for any other purpose.

Our city analysis interfaces use Mapbox GL and Google Maps to display maps and satellite imagery. When you view a map, your browser makes direct requests to Mapbox and Google servers to load map tiles. These requests include your IP address and the geographic coordinates of the map viewport. Mapbox and Google may use this data in accordance with their respective privacy policies. We do not send your User Content or Analysis Results to Mapbox or Google.

We will disclose your data to law enforcement, government authorities, or other third parties when we believe in good faith that disclosure is: (a) required by valid legal process (subpoena, court order, search warrant); (b) necessary to detect, prevent, or address fraud, abuse, security, or technical issues; (c) necessary to prevent imminent harm to persons or property; (d) required to report illegal content such as CSAM to NCMEC and law enforcement; or (e) necessary to protect the rights, property, or safety of Oceanir, our users, or the public. We will attempt to notify affected users of legal requests unless prohibited by law or court order.

If Oceanir is involved in a merger, acquisition, reorganization, dissolution, bankruptcy, or sale of all or a portion of its assets, your Personal Data may be transferred as part of that transaction. We will provide notice via email and/or a prominent notice on our website before your Personal Data becomes subject to a different privacy policy. In such event, your data will continue to be protected in accordance with this Privacy Policy until a successor entity assumes responsibility and provides you with notice of any changes.

We may share your data with third parties when you have given us explicit consent to do so. For example, if you authorize a third-party integration or request that we share specific data with a partner, we will share only the data you have authorized.

For transfers of Personal Data from the European Economic Area (EEA), United Kingdom (UK), or Switzerland to the United States or other countries not deemed to provide an adequate level of data protection, we rely on the following transfer mechanisms: (a) Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914); (b) the UK International Data Transfer Agreement or UK Addendum to the EU SCCs; (c) any applicable adequacy decisions; or (d) your explicit consent where no other mechanism is available.

We maintain Data Processing Agreements (DPAs) with all processors that handle Personal Data on our behalf. These DPAs include the SCCs and impose obligations on our processors to implement appropriate technical and organizational measures to protect your data, process data only on our documented instructions, assist us in responding to data subject requests, and notify us promptly of any data breaches.

Your data may be processed in the following countries: United States (primary application, database, and inference infrastructure), and the global network of Cloudflare edge nodes (for CDN, security, and performance services, where data is cached temporarily at the nearest point-of-presence). We do not store persistent user data outside the United States except for Cloudflare R2 objects which may be replicated across Cloudflare's global network.

Your account information (email, display name, preferences, subscription status) is retained for the duration of your account plus 90 days after account deletion. The 90-day grace period allows for account recovery if you change your mind and prevents abuse by users who repeatedly create and delete accounts. After 90 days, your Account Data is permanently and irreversibly deleted from our production database.

Original full-resolution images uploaded for analysis are not permanently stored. They exist only in temporary encrypted storage during the analysis pipeline and are purged within 1 hour of analysis completion. If you have analysis history enabled, compressed thumbnails (maximum 400px, WebP format) are retained for up to 30 days, then automatically deleted. You can delete your history at any time. If analysis history is disabled, no image data is retained beyond the temporary processing window.

Geo-Estimation predictions and analysis metadata are retained for the same period as analysis history (up to 30 days). Aggregated, anonymized analysis statistics (total analyses per region, model accuracy metrics) may be retained indefinitely for product improvement purposes, but these statistics cannot be linked back to individual users or images.

Payment and transaction records are retained for 7 years to comply with tax and financial record-keeping requirements under applicable US federal and state laws. This includes transaction amounts, dates, subscription changes, and credit purchase history. After 7 years, transaction records are permanently deleted.

Security logs (authentication events, failed login attempts, API access logs, rate limiting events) are retained for 1 year for security audit and forensic investigation purposes. After 1 year, security logs are permanently deleted. In the event of an active security investigation, relevant logs may be preserved beyond the standard retention period until the investigation is complete.

Customer support tickets and communications are retained for 2 years after the ticket is resolved, to provide context for future support interactions and for quality assurance purposes. Personal Data within support tickets is redacted 90 days after resolution, with only the issue description and resolution retained.

Encrypted database backups are retained for 30 days (daily) and 90 days (weekly). When a user deletes their account, their data is removed from production immediately. The data will persist in backups until those backups expire per the retention schedule above, but backups are encrypted, access-controlled, and only accessed for disaster recovery purposes.

When you request deletion of your data (via account settings or by contacting us), we will: (a) delete your data from production systems within 30 days; (b) delete your data from backup systems as backups naturally expire (within 90 days); and (c) send you confirmation once production deletion is complete. Some data may be retained beyond these periods where we have a legal obligation to do so (e.g., transaction records for tax purposes).

• In transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 with forward secrecy. We enforce HTTP Strict Transport Security (HSTS) with a maximum age of 1 year, includeSubDomains, and preload directives. All API endpoints require HTTPS; plaintext HTTP requests are rejected.
• At rest: All database volumes, object storage, and backup storage use AES-256 encryption at rest. Encryption keys are managed by our infrastructure providers and rotated regularly.
• Application-layer: Sensitive data (analysis history thumbnails) is additionally encrypted at the application layer using AES-256-GCM with per-user encryption keys derived from the user's account. This provides defense-in-depth: even if storage-level encryption is compromised, application-layer encryption protects individual user data.
• Password hashing: Passwords are hashed using bcrypt with a cost factor of 12. We never store, log, or transmit plaintext passwords.

• Principle of least privilege: Access to production systems and user data is restricted to the minimum number of personnel necessary to operate the Services.
• Multi-factor authentication: All team members with access to production infrastructure are required to use multi-factor authentication.
• Private networking: Our database and internal services communicate over private networks that are not accessible from the public internet.
• API key security: API keys are hashed before storage. We display only the first and last 4 characters of API keys after creation.

• DDoS protection: Cloudflare provides enterprise-grade DDoS mitigation for all traffic to our Services.
• Web Application Firewall: Cloudflare WAF rules protect against common web attacks including SQL injection, XSS, CSRF, and directory traversal.
• Bot management: We use Cloudflare Bot Management and Turnstile to detect and block automated attacks, scrapers, and credential stuffing attempts.
• Rate limiting: API endpoints are rate-limited per user and per IP to prevent abuse and ensure fair resource allocation.
• Container isolation: Each deployment runs in an isolated container with no persistent local state and minimal attack surface.

• Logging: Security-relevant events (authentication attempts, API access, permission changes, data exports) are logged and retained for 1 year.
• Alerting: Automated alerts are configured for anomalous activity patterns, including unusual login locations, spike in failed authentication attempts, and abnormal data access patterns.
• Incident response: We maintain a documented incident response plan that includes procedures for identification, containment, eradication, recovery, and post-incident review.
• Vulnerability management: We monitor dependencies for known vulnerabilities, apply security patches promptly, and conduct periodic security reviews.

If you discover a security vulnerability in our systems, we encourage responsible disclosure. Please report vulnerabilities to security@oceanir.ai. Good-faith security researchers acting in accordance with responsible disclosure practices will not be subject to legal action. We aim to acknowledge vulnerability reports within 48 hours and provide a resolution timeline within 7 days.

You have the right to request a copy of the Personal Data we hold about you. You can access most of your data directly through your account settings (profile information, analysis history, transaction history, preferences). For a comprehensive data export, contact us at privacy@oceanir.ai. We will provide your data in a commonly used, machine-readable format (JSON) within 30 days of a verified request.

You have the right to request correction of inaccurate or incomplete Personal Data. You can update your profile information, display name, and preferences directly in your account settings. For data that cannot be self-corrected, contact us and we will make corrections within 30 days.

You have the right to request deletion of your Personal Data. You can delete your account through your account settings, which will trigger deletion of your Account Data, User Content, analysis history, and associated metadata from production systems within 30 days. Some data may be retained where we have a legal obligation (e.g., transaction records for 7 years). Anonymized or aggregated data that cannot be linked to you is not subject to erasure requests.

You have the right to receive your Personal Data in a structured, commonly used, machine-readable format (JSON), and to transmit that data to another controller. This right applies to data you have provided to us and that we process based on consent or contractual necessity. Contact us at privacy@oceanir.ai to request a portable data export.

You have the right to request that we restrict the processing of your Personal Data in certain circumstances, including: (a) while we verify the accuracy of data you have contested; (b) if processing is unlawful and you oppose erasure; (c) if we no longer need the data but you need it for legal claims; or (d) while we verify whether our legitimate interests override yours following an objection.

You have the right to object to processing of your Personal Data based on legitimate interests or for direct marketing purposes. If you object to processing for direct marketing, we will stop immediately. If you object to processing based on legitimate interests, we will stop unless we can demonstrate compelling legitimate grounds that override your interests.

Where we process your data based on consent, you may withdraw that consent at any time. You can withdraw consent for: marketing emails (unsubscribe link or account settings); model training (account settings); and non-essential cookies (browser settings or our cookie preferences). Withdrawal does not affect the lawfulness of processing before withdrawal.

If you believe we have violated your privacy rights, you have the right to lodge a complaint with a supervisory authority. For EU residents, you can file a complaint with your local Data Protection Authority. For UK residents, contact the Information Commissioner's Office (ICO). For US residents, you may contact the FTC or your state Attorney General.

To exercise any of these rights, contact us at privacy@oceanir.ai. We will verify your identity before processing your request. Verification may include confirming your email address and, for sensitive requests, additional identity verification. We will respond to verified requests within 30 days (or 45 days for complex requests, with prior notification of the extension). We do not charge a fee for processing rights requests unless requests are manifestly unfounded or excessive.

In the preceding 12 months, we have collected the following categories of Personal Information as defined by the CCPA:

• Identifiers: Email address, display name, IP address, account ID, session identifiers.
• Commercial information: Records of products or services purchased (subscription plans, credit purchases), transaction history.
• Internet or electronic network activity: Browsing history on our Services, search history within our platform, interaction with our Services.
• Geo-Estimation data: Approximate location inferred from IP address. We do not collect precise GPS location from your device.
• Sensory data: Images you upload for analysis (audio, electronic, visual, thermal, olfactory, or similar information).
• Inferences: Geo-Estimation predictions and analysis results derived from your uploaded images.

Oceanir does not sell your Personal Information as defined by the CCPA. Oceanir does not share your Personal Information for cross-context behavioral advertising as defined by the CPRA. We have not sold or shared Personal Information in the preceding 12 months.

• Right to Know: You may request that we disclose what Personal Information we collect, use, disclose, and sell about you.
• Right to Delete: You may request deletion of your Personal Information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate Personal Information.
• Right to Opt-Out of Sale/Sharing: You may direct us not to sell or share your Personal Information. As we do not sell or share, this right is automatically honored.
• Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive Personal Information to purposes necessary for providing the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes.

You may designate an authorized agent to exercise your CCPA/CPRA rights on your behalf. Authorized agents must provide proof of authorization (a signed written authorization or power of attorney) when submitting requests. We may also require you to verify your identity directly with us before processing a request from an authorized agent.

Oceanir is the data controller for the Personal Data processed through the Services. For inquiries about data processing, contact our Data Protection Officer at dpo@oceanir.ai.

A summary of the lawful basis we rely on for each processing activity:

• Account creation & management: Contractual necessity.
• Image analysis & geo-estimation: Contractual necessity.
• Payment processing: Contractual necessity.
• Security & fraud prevention: Legitimate interest.
• Product analytics: Legitimate interest (with opt-out).
• Marketing emails: Consent (opt-in).
• Model training with your data: Consent (opt-in).
• Tax & financial records: Legal obligation.
• Law enforcement response: Legal obligation / vital interests.

As described in Section 9, your data is transferred to the United States for processing. We rely on Standard Contractual Clauses (SCCs) as the legal mechanism for these transfers. Copies of the SCCs are available upon request by contacting dpo@oceanir.ai.

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals, including our image analysis pipeline and AI model training processes. DPIAs are reviewed and updated annually or when significant changes are made to processing activities.

Virginia residents have the right to confirm whether we are processing their personal data, access their data, correct inaccuracies, delete their data, obtain a portable copy, and opt out of targeted advertising, sale of personal data, and profiling. We do not sell personal data or engage in targeted advertising or profiling as defined by the VCDPA.

Colorado residents have similar rights to Virginia residents under the Colorado Privacy Act, including the right to opt out of targeted advertising and the sale of personal data. Colorado residents may also appeal our decision regarding a rights request.

Connecticut residents have the right to access, correct, delete, and port their data, and to opt out of targeted advertising, sale, and profiling. We comply with all provisions of the CTDPA.

We also comply with the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), the Montana Consumer Data Privacy Act (MCDPA), and any other state privacy laws that may apply to our processing activities. If you have questions about your rights under your state's privacy law, contact us at privacy@oceanir.ai.

During account registration, users represent and warrant that they are at least 18 years of age. We do not employ age verification technology beyond this self-declaration but reserve the right to implement additional age verification measures if required by law or if we have reason to believe a user is under 18.

We comply with the Children's Online Privacy Protection Act (COPPA). If we discover that we have inadvertently collected Personal Data from a child under 13, we will delete that information as quickly as possible, typically within 48 hours of discovery. We do not target advertising to children and do not knowingly allow minors to create accounts.

If you are a parent or guardian and believe your child under 18 has provided Personal Data to Oceanir, please contact us immediately at privacy@oceanir.ai. We will promptly investigate and, if confirmed, delete the child's account and all associated data.

Oceanir's geo-estimation capabilities are powered by our proprietary Orca series machine learning models. These are deep neural networks trained on large datasets of geotagged imagery to predict the geographic origin of visual media. The Orca models analyze visual features in images — architectural styles, vegetation patterns, road signage, terrain features, atmospheric conditions, and other environmental cues — to generate geo-estimation predictions.

Our models are primarily trained on publicly available geotagged imagery, licensed datasets, and imagery collected with consent. Training data undergoes a rigorous curation process that includes: removal of images containing identifiable faces (using automated face detection during preprocessing), removal of images containing visible license plates, exclusion of images from sensitive locations (military installations, private residences where individuals are identifiable), and geographic balancing to reduce bias toward over-represented regions.

By default, your uploaded images are NOT used to train our models. If you opt in to model training in your account settings, your images may be included in future training datasets. Before inclusion, images undergo the same curation pipeline described above (face removal, license plate removal, etc.) and are anonymized so they cannot be linked back to your account. You can opt out of model training at any time in your account settings. Opting out does not affect your ability to use the Services or the quality of results you receive. Images previously included in training datasets before opt-out cannot be retroactively removed from already-trained models, but they will be excluded from all future training runs.

Our geo-estimation predictions are generated by automated processing. These predictions are probabilistic statistical outputs based on pattern matching — they are NOT statements of fact. Confidence scores indicate the model's certainty and should be interpreted accordingly. We do not make automated decisions that produce legal effects or similarly significant effects on individuals. Our predictions are informational tools, not definitive conclusions.

We are aware that machine learning models can exhibit geographic, cultural, and demographic biases. We actively work to identify and mitigate bias in our models through: geographically balanced training data; regular bias audits comparing model accuracy across different regions, climates, and development levels; and ongoing research into fairness-aware training techniques. Despite these efforts, our models may perform differently across different geographic regions. We are transparent about known accuracy variations in our documentation.

Our models are designed to identify geographic locations, not individuals. The models do not perform facial recognition, person identification, or behavioral profiling. If a model output incidentally identifies a specific address or property, the coordinate rounding described in Section 5.4 reduces precision to prevent identification of individual properties or persons.

We publish information about our models' general architecture, training methodology, accuracy benchmarks, and known limitations in our blog and documentation. We do not disclose model weights, training data compositions, or specific architectural details, as these are proprietary trade secrets. If you have questions about our AI systems, contact us at privacy@oceanir.ai.

We use automated processing for the following purposes:

• Geo-Estimation prediction: Automated analysis of uploaded images to generate geographic coordinate predictions.
• Rate limiting: Automated throttling of API requests that exceed plan limits.
• Bot detection: Automated identification of non-human traffic using Cloudflare's bot management.
• Fraud detection: Automated monitoring for suspicious account activity (e.g., credential stuffing, account takeover attempts).
• Content moderation: Automated scanning for illegal content (CSAM) before images are processed by our analysis models.

We do not use automated profiling to make marketing decisions, serve targeted advertising, determine pricing, or evaluate personal aspects of users (such as economic situation, health, personal preferences, interests, reliability, behavior, location, or movements). We do not build behavioral profiles of our users.

None of our automated processing produces decisions with legal or similarly significant effects on individuals. However, if you believe an automated decision has affected you and you would like human review, you may contact us at privacy@oceanir.ai and we will review the decision manually.

• Session cookies: HTTP-only, secure, SameSite=Lax cookies that maintain your authentication state. These expire when you log out or after 30 days of inactivity.
• CSRF tokens: Protect against cross-site request forgery attacks. These are session-scoped and expire with your session.
• Cookie consent: A cookie that records your cookie preferences. This expires after 1 year.

We use PostHog for product analytics. PostHog may set cookies or use local storage to track session information. This tracking is anonymized and can be disabled in your account settings. We do NOT use Google Analytics, Facebook Pixel, or any advertising-related tracking technologies.

We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies. We do not participate in ad networks or sell data to advertisers. Your browsing activity on Oceanir is not shared with advertising platforms.

We respond to Do Not Track browser signals. When we detect a DNT signal, we limit tracking to essential cookies only and do not load analytics scripts. Some features that rely on analytics data may be limited when DNT is enabled.

We honor the Global Privacy Control (GPC) signal as a valid opt-out request for the sale or sharing of personal information under applicable privacy laws, including the CCPA/CPRA. When we detect a GPC signal, we treat it as a request to opt out of any sale or sharing of personal information (though, as noted, we do not sell or share personal information).

When you click a link to a third-party website, you leave our Services and are subject to the third party's privacy policy. We are not responsible for the privacy practices of third-party websites and encourage you to read their privacy policies before providing any personal information.

Our city analysis interfaces embed map tiles from Mapbox and Google Maps. When maps are loaded, your browser makes direct requests to these providers. These requests include your IP address and the geographic viewport being viewed. We do not control what data Mapbox or Google collect through these requests. See Mapbox's and Google's privacy policies for details.

If we provide social sharing functionality, clicking a share button will open the respective social platform in a new window. No data is shared with social platforms until you actively click a share button and confirm the share action.

Upon detecting a potential data breach, we will immediately activate our incident response plan. We will assess the nature and scope of the breach, determine what data was affected, identify the likely cause, and take steps to contain and remediate the breach.

Where required by GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals. For California residents, we will comply with California's breach notification requirements under Civil Code Section 1798.82. We will also comply with breach notification requirements of other applicable state and international laws.

If a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay via email and/or prominent notice on our website. The notification will include: a description of the breach, the types of data affected, likely consequences, measures we have taken to address the breach, and recommendations for steps you can take to protect yourself (e.g., password change).

Following any breach, we will conduct a thorough post-incident review to identify root causes, assess the effectiveness of our response, and implement improvements to prevent similar incidents in the future. Findings from post-incident reviews are documented and used to update our security measures, policies, and procedures.

For material changes that significantly affect how we collect, use, store, or share your Personal Data, we will provide prominent notice at least 30 days before the changes take effect. Prominent notice may include: a banner on our website, an email notification to your registered email address, an in-app notification, or a combination of these methods.

Minor changes such as clarifications, grammatical corrections, formatting improvements, or changes that do not materially affect your rights may be posted without advance notice. We encourage you to review this Privacy Policy periodically.

We maintain a version history of this Privacy Policy. Previous versions are available upon request by contacting privacy@oceanir.ai. The “Last Updated” date at the top of this page indicates when the most recent revision was published.

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree with a revised Privacy Policy, you must stop using the Services and may request deletion of your account and data.

For general privacy questions, data subject requests, or concerns about our data practices, contact our Privacy Officer at privacy@oceanir.ai. We aim to respond to all inquiries within 5 business days.

Our Data Protection Officer (DPO) can be reached at dpo@oceanir.ai. The DPO is responsible for overseeing our data protection strategy, ensuring compliance with applicable privacy laws, conducting privacy impact assessments, and serving as the point of contact for supervisory authorities.

For legal inquiries, subpoenas, court orders, or law enforcement requests, contact legal@oceanir.ai.

To report a security vulnerability, contact security@oceanir.ai. For urgent security matters, include “URGENT” in the subject line.

For general product support inquiries, contact support@oceanir.ai or visit our support page.