Legal
Privacy Policy
Last updated July 13, 2026
This Privacy Policy explains what information Loc8ID collects, how we use and share it, and the choices and rights you have. Loc8ID is a location-sharing service — turning precise coordinates into short, shareable links — so location data is central to how it works, and this policy describes exactly how we handle it.
Who we are
Loc8ID (“Loc8ID”, “we”, “us”) provides a location-sharing service — turning precise coordinates into short, shareable links — at loc8id.com. For the purposes of the EU/UK General Data Protection Regulation (GDPR), we are the “data controller” of the personal data described here. You can reach us about privacy at privacy@loc8id.com.
Information we collect
We aim to collect only what we need to run the service. Depending on how you use Loc8ID, this includes:
- Location data. The coordinates, place names, and descriptions you save or share; and, if you use “Use my location”, your device’s geolocation at that moment (only with your browser’s permission). Location is the core of the product — a Loc8ID is a saved coordinate.
- Account information. Your email address, display name, and a securely hashed password. If you sign in with Google or Facebook, we receive your name, email address, and profile picture from that provider.
- Content you create. Names, descriptions, collections, custom aliases, and any images you upload.
- Technical & usage data. IP address, an approximate country derived from it, a browser “fingerprint” used to associate anonymously-created Loc8IDs with your device, device and browser details, and product-usage events (see Analytics below).
- Billing data. If you subscribe to a paid plan, payments are processed by Stripe. We receive limited billing details (such as your plan, status, and the last four digits/brand of your card) but we never see or store your full card number.
- Cookies & similar technologies. Used for sign-in sessions and basic functionality — see our Cookie Policy.
How we use your information
- Provide the service — create, resolve, and display your Loc8IDs and collections.
- Authenticate you and keep your account secure.
- Process payments and manage subscriptions (for paid plans).
- Prevent abuse, fraud, and misuse, and protect the integrity of the platform.
- Understand usage and improve features and performance.
- Communicate with you about your account, security, and service changes.
Location data, specifically
Because Loc8ID exists to share places, it’s important to be clear:
- Coordinates you save are stored so we can generate and resolve the short link for that place.
- Anything you make public — a shared link, a public collection — is, by design, viewable by anyone who has the link. Choose what you share accordingly.
- Device geolocation is requested only when you tap “Use my location”, is used to place a single pin at that moment, and is not tracked continuously in the background.
- When you search for a place, your search text (and sometimes your approximate location, to improve nearby results) is sent to our mapping providers to return results — see sub-processors below.
Legal bases (GDPR)
Where GDPR applies, we rely on the following legal bases:
- Contract — to provide the service you sign up for.
- Consent — for device geolocation and any optional communications; you can withdraw consent at any time.
- Legitimate interests — to secure the service, prevent abuse, and improve the product.
- Legal obligation — where we must retain or disclose data by law.
Analytics
We use Umami, a privacy-focused analytics tool, to understand aggregate usage (such as which features are used). It is designed to avoid tracking individuals across sites and does not build advertising profiles.
How we share your information — sub-processors
We do not sell your personal data. We share it only to operate the service, with trusted providers that process data on our behalf, or where required by law. Our key sub-processors are:
- Stripe — payment processing for paid plans.
- Google and Facebook — optional social sign-in.
- Mapbox, Esri, and OpenStreetMap / Carto (Nominatim) — map tiles and place search; your search queries and map coordinates are sent to these providers to return results.
- Umami — privacy-focused product analytics.
- Our email provider — transactional emails (verification, password resets, receipts).
- Our hosting and storage providers — to run the service and store uploaded images.
We may also disclose information if required to comply with the law, enforce our terms, or protect the rights, property, or safety of Loc8ID, our users, or others. This list may change as the service evolves; contact us for the current set of providers.
International transfers
We and our sub-processors may process your information in countries other than your own, including outside the EEA/UK. Where we do, we take steps to ensure an appropriate level of protection (for example, relying on providers’ standard contractual clauses or equivalent safeguards).
Data retention
- We keep your account and content for as long as your account is active, and for a reasonable period afterward to meet legal, security, and operational needs.
- Anonymous Loc8IDs (created without an account) expire after 90 days of inactivity — each visit resets the timer. Signing up saves a Loc8ID to your account so it no longer expires this way.
- Technical logs are kept for a limited period for security and troubleshooting, then deleted or anonymized.
Your rights and choices
Depending on where you live, you may have the right to access, correct, delete, export (port), restrict, or object to our processing of your personal data, and to withdraw consent. If you are in California, you also have rights under the CCPA/CPRA, including the right to know and delete your information and to not be discriminated against for exercising these rights — and, as noted above, we do not sell your personal information.
You can update most account details in your settings at any time.
Request data deletion: If you signed up with Facebook, Google, or another social provider — or simply want to delete your account and all associated data — you can request data deletion here. To exercise any other right, contact us using the details below. You also have the right to lodge a complaint with your local data protection authority.
Security
We apply industry-standard measures — including encryption in transit, hashed passwords, and access controls — to protect your information. No method of transmission or storage is completely secure, however, so we cannot guarantee absolute security.
Children’s privacy
Loc8ID is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date above; material changes may be highlighted more prominently. We encourage you to review it periodically.
Contact us
Questions about this policy or your data? Email privacy@loc8id.com or get in touch here.