Privacy policy

When you create an account: email, first name, last name, region (Global / Italia), password (hashed with bcrypt). Stored on our private database.

When you chat with the AI: we count tokens and cost (no message content) per request to monitor usage. We may save the question and AI answer in our private knowledge base to serve repeat questions instantly without re-paying the AI provider — but never if the question or answer looks like personal data (emails, IBAN, credit cards, codice fiscale, IDs, passwords).

Anonymous trial use: if you use the chat without an account, we set a random anonymous cookie (gsa_anon) to track free-trial usage. No identity is collected.

Cookies we use:
• gsa_session — authenticated session (essential, HttpOnly, 30 days)
• gsa_anon — anonymous trial counter (essential, 1 year)
• gsa_locale — language preference (essential, 1 year)
• gsa_consent — your cookie choice (essential, 1 year)

• We do not save full conversation transcripts on the server.
• We do not save messages or answers detected as containing personal data.
• We do not sell or share data with third parties.
• We do not use third-party analytics (no Google, no FB).

All data is stored on a single private VPS server we operate (in the EU). The AI provider (Anthropic) processes your messages to generate responses but does not retain them for training, per their API terms.

You have the right to:

• Access the data we hold about you.
• Correct or update your account information.
• Delete your account and all associated data (email, name, usage history).
• Export your data in a machine-readable format.
• Withdraw consent at any time.

For any of these requests, contact hello@geosurveyai.com.

Passwords are hashed with bcrypt (12 rounds). Sessions use signed JWTs over HTTPS-only HttpOnly cookies. We disable password-based SSH on our servers and use only key-based auth.

If we update this policy, we'll change the "Last updated" date at the top. Material changes will be communicated via email to registered users.