Privacy Policy

1. Controller

Locality is operated by Aleksandr Vladimirov, Narva, Estonia. For privacy questions or requests, contact aleks.half.time@gmail.com.

2. Service

Locality provides Estonian address search, postal lookup, reverse geocoding, API key management, usage analytics, subscription billing, and related user cabinet features.

3. Personal Data We Process

We process account data such as name, email address, password hash, selected package, subscription status, Stripe customer and subscription identifiers, and account settings. We process API key data such as key names, associated IP restrictions, request limits, creation dates, and usage counters.

We also process technical and usage data such as IP address, request timestamp, endpoint, response status, response time, result count, error reason, and regional analytics for successful geocoding requests.

4. API Request Data

API requests may include address text, postal codes, latitude, longitude, locality values, and API keys. We process this data to return API results, authenticate requests, enforce package limits, prevent abuse, troubleshoot errors, and show usage history in the cabinet.

5. Cookies and Browser Storage

The user cabinet uses an authentication cookie to keep users signed in. Browser storage may be used for interface preferences such as menu state. These technologies are used to provide the requested service and maintain account security.

6. Legal Bases

We process account, API, package, and billing data to perform the service contract. We process security logs, rate-limit data, abuse-prevention data, and operational diagnostics based on legitimate interests in keeping the service reliable and secure. We process accounting and billing records where required by legal obligations.

7. Payments

Payments and subscriptions are handled by Stripe. Locality stores Stripe identifiers and subscription status, but does not store full card numbers. Stripe processes payment data under its own privacy and security terms.

8. Anti-Abuse and Captcha

Registration and abuse-prevention features may use Cloudflare Turnstile or similar security checks. These checks help distinguish legitimate users from automated abuse and may process technical data required for verification.

9. Processors and Transfers

We use service providers for hosting, infrastructure, payment processing, and security checks. Infrastructure is operated in Europe where practical. Some providers, such as Stripe or Cloudflare, may process data outside the European Economic Area using appropriate safeguards, such as standard contractual clauses or equivalent transfer mechanisms.

10. Retention

Account data is kept while the account remains active and for a reasonable period afterward where needed for security, dispute handling, billing, or legal compliance. Billing records may be retained as required by accounting and tax rules. API usage logs and analytics are retained as needed for quota enforcement, troubleshooting, service monitoring, and dashboard reporting.

11. Security

We use technical and organizational measures intended to protect accounts, API keys, subscription data, and request logs. Users are responsible for keeping login credentials and API keys confidential and for rotating keys if access may have been compromised.

12. Your Rights

Under the GDPR, you may have the right to request access, correction, deletion, restriction, portability, or objection to processing of your personal data. Where processing is based on consent, you may withdraw consent at any time. To exercise these rights, contact us at the email address above.

13. Complaints

You may contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with a data protection authority. In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), www.aki.ee.

14. Changes

We may update this Privacy Policy when the service, legal requirements, or processing practices change. The latest version is published on this page.