GeotechZone

Privacy Policy

Last updated: June 2025

Geotechzone (“we”, “us”, “our”) is committed to protecting your personal information. This policy explains what data we collect, why, how long we retain it, and your rights under applicable law.

1. Data we collect

  • Account data: your name and email address, provided during registration.
  • Authentication data: a hashed (Argon2id) version of your password. We never store your password in plain text.
  • Usage data: IP addresses, browser user-agent strings, and login timestamps, collected for security monitoring and abuse prevention.
  • Communication preferences: whether you have verified your email and consented to account-related emails.

2. Why we collect it

  • To create and manage your account.
  • To verify your identity and protect your account from unauthorised access.
  • To send you transactional emails (email verification, account status updates).
  • To detect and prevent fraud, spam, and abuse.

We do not sell your personal data. We do not use your data for advertising or tracking.

3. Third-party services

We use the following third-party services to operate Geotechzone:

  • Neon (database): your account data is stored in a PostgreSQL database hosted by Neon. Data is stored in the AWS ap-southeast-2 (Sydney) region. Neon Privacy Policy
  • Resend (email delivery): we use Resend to send transactional emails. Your email address is transmitted to Resend for delivery purposes only. Resend Privacy Policy
  • Cloudflare Turnstile (bot protection): login and registration forms use Cloudflare's Turnstile widget to prevent automated abuse. Cloudflare may process your IP address and browser data as part of this check. Cloudflare Privacy Policy
  • Upstash (rate limiting): we use Upstash Redis to enforce rate limits on authentication endpoints. IP addresses may be stored briefly for this purpose. Upstash Privacy Policy
  • Sentry (error monitoring): application errors may include request metadata. We configure Sentry to minimise personal data in error reports. Sentry Privacy Policy

4. Data retention

  • Active accounts: retained for as long as your account is active.
  • Sessions: login sessions expire after 30 days of inactivity.
  • Email verification tokens: expired after 24 hours.
  • Security and audit logs: retained for up to 12 months for security and compliance purposes.
  • Deleted accounts: personal data is removed within 30 days of account deletion.

5. Cookies

We use a single session cookie (__session) to keep you logged in. This is a strictly necessary cookie — it does not track you for advertising purposes. It expires after 30 days. We do not use any analytics or third-party tracking cookies.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data; to restrict or object to processing; or to data portability.

To exercise any of these rights, please contact us at privacy@geotechzone.com. We will respond within 30 days.

7. Security

We take reasonable technical and organisational measures to protect your data, including password hashing (Argon2id), HTTPS-only communication, and access controls. No system is perfectly secure; if you discover a vulnerability, please contact us responsibly.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account. The “last updated” date at the top of this page will always reflect the current version.

9. Contact

Questions or concerns? privacy@geotechzone.com