Effective Date: April 16, 2026
We collect the following information when you use Geolocate Me: • Device credentials (device ID, authentication tokens) generated at registration • Location data (latitude, longitude, accuracy) sent periodically from your device • Timestamps associated with each location ping We do not collect your name, email address, or any other personally identifiable information. Device registration requires only a shared password, not a personal account.
Location data is used solely to provide the Geolocate Me service: • Storing your location pings so they can be queried via the API • Providing location history with time-based filtering • Returning your most recent location to authorized API consumers We do not use your location data for advertising, analytics, profiling, or any purpose other than the core tracking service.
Your location data is stored in Amazon DynamoDB with encryption at rest. All API traffic is encrypted in transit via HTTPS (TLS 1.2+). Location pings are automatically deleted after 30 days via a time-to-live (TTL) mechanism. You cannot extend this retention period. Device credentials are stored as SHA-256 hashes — we never store your tokens in plaintext.
We do not sell your location data or share it for advertising purposes. Your location data is accessible only to holders of your device’s bot token, which is generated at registration and shared at your discretion. You control who can access your location by controlling who has your bot token. When you use Geolocate Me through an AI assistant via MCP, your GPS coordinates (latitude and longitude only) may be sent to Google’s Geocoding API to convert them into human-readable place names (reverse geocoding). No user identifiers, device IDs, or tokens are included in these requests. See the Third-Party Services section below for details.
Geolocate Me uses the following third-party services: • Amazon Web Services (AWS): Cloud hosting, database storage, API gateway • Apple App Store / Google Play Store: App distribution and subscription billing • Google Geocoding API: Reverse geocoding (converting GPS coordinates to place names) When location data is accessed through an MCP-connected AI assistant, your coordinates are sent to Google’s Geocoding API (maps.googleapis.com) to resolve a human-readable address. Only latitude and longitude are sent — no user identifiers, tokens, or device information. Google’s privacy policy applies to this data: https://policies.google.com/privacy We do not share your location data with these services beyond what is necessary for service operation.
You can stop sharing your location at any time by disabling tracking in the app. Your existing location data will automatically expire after 30 days. To immediately delete all your data, you can request deletion of your device record from our database by contacting us. Once your device record is deleted, all associated location data becomes inaccessible.
Geolocate Me is not intended for children under the age of 13. We do not knowingly collect data from children. If we learn that we have collected data from a child under 13, we will delete that data promptly.
We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated effective date. Your continued use of Geolocate Me after changes are posted constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, please contact us at privacy@guleki.com.