Privacy Policy

1. Overview of Data Protection

We take the protection of your personal data very seriously. This Privacy Policy explains how your information is processed when using GISpo. Our core architecture is designed to focus purely on functional utility, with privacy and security embedded by default.

The responsible party (Controller) for processing personal data under the General Data Protection Regulation (GDPR) is:

Levin Cioffi
Badenyx
c/o Postflex #9658, Emsdettener Str. 10
48268 Greven
Germany
Email: levin@badenyx.studio

2. Transient File Data Processing (Zero-Retention Data Streaming)

Since our SaaS provides translation mechanisms for geospatial file formats (e.g. Shapefile, GeoJSON, KML, GPX), we process file buffers supplied by you. This processing relies on a strict zero-retention architecture:

  • Isolated Ephemeral Processing: Files uploaded for format translation are sent securely to our isolated Fly.io backend container.
  • RAM In-Memory Stream: Files are processed entirely in volatile memory (RAM) and directly streamed back to your local client without caching or permanent disk storage.
  • Zero-Retention Policy: No uploaded geospatial vectors, projection boundaries, coordinates, meta-records, or spatial properties are stored, cached, or persisted on our servers. All temporary stream buffers are instantly wiped when the conversion completes or terminates.
  • No Attribute Logging: Content within the GIS files, shapefile DBF databases, or GPX GPS trace logs is never saved, parsed for analytics, or cataloged.
  • Verschlüsselte Übermittlung (HTTPS): All connections and files transfers are encrypted using TLS/HTTPS standards to prevent interception by third parties.

3. Infrastructure Hosting (Vercel)

Our Next.js application front-end is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA.

When you visit or use our platform, Vercel automatically collects connection metadata to maintain web security and ensure operational stability (Server Logs). These records contain:

  • Browser type and version
  • Host operating system
  • Referrer URL (previously visited website)
  • Host address of the accessing client
  • Date and time of server requests
  • IP address

Vercel processes this metadata based on legitimate interests (Art. 6 Abs. 1 lit. f GDPR). We have executed a Data Processing Agreement (DPA) with Vercel to guarantee that all connection data is secured in accordance with European data protection agreements (EU Standard Contractual Clauses).

4. Browser States & Cookie Exclusions

To provide a modern, programmatic experience, we exclude all persistent tracking, cookie-based advertisement, and third-party analytics telemetry.

We may use standard client-side storage technologies (such as browser localStorage or sessionStorage) strictly to preserve local state preferences (e.g. active tab selections, list views, or file metadata) within your browser environment. This storage process runs locally on your client machine, requires no external trackers, and is never transmitted back to us.

5. Your Legal Rights under GDPR

Under the GDPR, you possess the following rights regarding any personal data we may collect:

  • Right to access your stored data (Art. 15 GDPR).
  • Right to rectification of incorrect data (Art. 16 GDPR).
  • Right to erasure ("Right to be forgotten" - Art. 17 GDPR) – as we wipe all converted spatial datasets immediately, there is no physical file history or coordinates history stored.
  • Right to restriction of data processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object to data processing (Art. 21 GDPR).
  • Right to lodge a complaint with a supervisory data protection authority (Art. 77 GDPR).