← Back to GeoToken

Privacy Policy

Last Updated: October 3, 2025

Welcome to GeoToken. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (“Services”). Please read this policy carefully. If you have questions, contact us at support@geotoken.world.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, display name, profile photo (optional), birth year, profession, hobbies, and other profile details you choose to share.
  • User Content: Photos, videos, captions, stories, and other content you upload to token journeys.
  • Location Data: GPS coordinates when you plant, discover, or replant a token (with your explicit permission).
  • Communications: Messages you send through our in-app messaging system, support inquiries, and feedback.
  • Payment Information: When purchasing physical tokens, payment details are processed by our payment provider. We do not store full credit card numbers.

1.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers, mobile network information.
  • Usage Data: App features used, interaction patterns, session duration, crash reports, performance metrics.
  • Log Data: IP address, access times, app version, referring/exit pages.
  • Push Notification Tokens: Device tokens to deliver notifications about token activity, friend requests, and messages.

1.3 Information from Third Parties

  • Social Login: If you sign in with Google, Apple, or Facebook, we receive basic profile information (name, email, profile photo) as permitted by the provider.
  • Analytics Services: We use third-party analytics to understand app usage and improve performance.

2. How We Use Your Information

We use collected information for the following purposes:

  • Provide Services: Create and manage your account, display token journeys, enable QR scanning and discovery features.
  • Social Features: Connect you with friends, facilitate messaging, show nearby tokens and user activity.
  • Notifications: Send push notifications about token discoveries, friend requests, messages, and account activity.
  • Improve Experience: Analyze usage patterns, debug issues, optimize performance, develop new features.
  • Safety & Security: Detect fraud, enforce terms of service, protect against abuse and unauthorized access.
  • Communications: Send service announcements, respond to support requests, provide updates about policy changes.
  • Legal Compliance: Comply with legal obligations, respond to lawful requests, protect our rights and property.
  • Marketing: With your consent, send promotional communications about new features or products (you can opt out anytime).

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

3.1 With Other Users

Content you post to token journeys (photos, stories, locations, usernames) is visible to other users who discover those tokens. Your profile information (display name, avatar, bio) is visible to friends and users who interact with your tokens.

3.2 With Service Providers

We share information with trusted third-party providers who help us operate GeoToken:

  • Supabase: Database hosting, authentication, file storage
  • Expo: Push notification delivery
  • Mapbox: Map rendering and geocoding services
  • Sentry: Error monitoring and crash reporting
  • Vercel: Web hosting and content delivery
  • Payment Processors: Secure payment processing for token purchases

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

3.3 For Legal Reasons

We may disclose information if required by law or in response to:

  • Legal process (subpoenas, court orders, government requests)
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety, or that of our users
  • Investigation of fraud, security issues, or illegal activity

3.4 Business Transfers

If GeoToken is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.

4. Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active. After account deletion, most data is removed within 30 days.
  • Journey Content: Remains part of token history until you remove it or request deletion. Content may persist in backups for up to 90 days.
  • Log Data: Typically retained for 90-180 days for security and debugging purposes.
  • Legal Obligations: Some data may be retained longer if required by law or to resolve disputes.

5. Your Rights and Choices

5.1 Account Management

  • Update Information: Edit your profile, name, bio, and preferences in app settings.
  • Delete Content: Remove journey entries, photos, and stories at any time.
  • Deactivate Account: Temporarily disable your account from settings.
  • Delete Account: Permanently delete your account and associated data by contacting support@geotoken.world.

5.2 Privacy Controls

  • Location Permissions: Control location access through device settings. Deny or revoke at any time.
  • Push Notifications: Toggle notification categories (friend requests, messages, token events) in app settings.
  • Marketing Communications: Opt out of promotional emails via unsubscribe links.

5.3 Legal Rights (Region-Specific)

For EU/UK Users (GDPR):

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion (right to be forgotten)
  • Portability: Receive your data in machine-readable format
  • Restriction: Limit how we process your data
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for data processing

For California Users (CCPA/CPRA):

  • Right to Know: Request disclosure of data collected, used, shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of data “sales” (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices
  • Right to Correct: Request correction of inaccurate data
  • Right to Limit: Limit use of sensitive personal information

To exercise these rights, email support@geotoken.world with your request. We will respond within 30 days (or as required by applicable law).

6. Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication with password hashing
  • Row-level security policies on database access
  • Regular security audits and penetration testing
  • Access controls limiting employee data access
  • Automated backups with encryption

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Use strong passwords and do not share your account credentials.

7. Children's Privacy

GeoToken is not intended for children under 13 years old (or 16 in the EU). We do not knowingly collect personal information from children. If we discover we have collected data from a child without parental consent, we will delete it promptly. Parents who believe their child has provided information should contact us at support@geotoken.world.

8. International Data Transfers

GeoToken operates globally. Your information may be transferred to and processed in countries other than your own, including the United States and Canada. These countries may have data protection laws different from your jurisdiction.

For EU users: We ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission when transferring data outside the EEA.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

  • Essential Cookies: Required for website functionality (authentication, security)
  • Analytics Cookies: Google Analytics to understand website usage (anonymized IP)
  • Preference Cookies: Remember your settings and choices

You can control cookies through browser settings. Note that disabling cookies may affect website functionality.

10. Do Not Track Signals

We do not currently respond to “Do Not Track” browser signals, as there is no industry consensus on how to interpret them. You can use the privacy controls described above to manage data collection.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be announced via:

  • In-app notification
  • Email to registered users
  • Prominent notice on our website

The “Last Updated” date at the top will always reflect the most recent version. Continued use after changes become effective constitutes acceptance of the updated policy. If you disagree with changes, discontinue use and delete your account.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

Email: support@geotoken.world

Mail: GeoToken Inc., Newfoundland & Labrador, Canada

Data Protection Officer: support@geotoken.world

For EU/UK Users: You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

By using GeoToken, you acknowledge that you have read and understood this Privacy Policy.