Privacy Policy
Last updated: February 21, 2026
1. Introduction
At LocaMetric, we respect your privacy. This policy outlines how we collect, use, store, and protect your personal information when you use our location analysis services at locametric.com.
2. Data Controller
LocaMetric is the data controller responsible for your personal data. For any privacy-related inquiries, please contact us at info@locametric.com.
3. Information We Collect
Account Information: If you sign up via Google OAuth, we receive your name, email address, and profile picture from Google. If you register with email/password, we store your email address, name, and a securely hashed version of your password (we never store plain-text passwords). Billing Information: When you make a purchase, we collect your full name, billing address, city, postal code, and country. This information is stored in our database and shared with Stripe (our payment processor) and Billingo (our invoicing partner). Usage Data: We track how many Single Point searches, Area Analysis requests, and Top Stays searches you have performed (usage counters) to enforce plan limits. Your subscription tier is also stored. Location Searches: Coordinates you search for are processed to generate scores. These searches are not linked to your identity unless you explicitly save them to your profile.
4. How We Use Your Data
We use your data strictly to: Provide and maintain the Service, including calculating location scores and generating heatmaps. Manage your account and subscription status. Process payments and generate invoices. Enforce usage limits based on your subscription tier. Communicate with you regarding your account (e.g., service updates, payment confirmations). Improve our scoring algorithms based on aggregated, anonymized search patterns.
5. Payment Processing
Payments are processed by Stripe (stripe.com). When you make a payment, Stripe collects your payment card details directly — LocaMetric never stores, sees, or has access to your full card number, CVV, or bank details. We only store your Stripe Customer ID and Subscription ID for managing your account. Stripe's privacy policy applies to all payment data: https://stripe.com/privacy. Upon successful payment, we may generate an electronic invoice via Billingo (billingo.hu), our Hungarian invoicing partner. Billingo receives your name, billing address, email, and purchase details solely for invoice generation purposes.
6. Third-Party Services
We integrate with the following third-party services: Google — for OAuth authentication (receives your authorization, provides us your name, email, and profile picture). Stripe — for secure payment processing (receives billing and payment card data). Billingo — for electronic invoice generation (receives billing name, address, email, and purchase details). OpenStreetMap — geospatial map data source (no personal data is shared; data is available under ODbL license). Leaflet — client-side map rendering library (runs in your browser; no personal data is sent). We do not sell, rent, or share your personal data with advertisers or any other third parties not listed above.
7. Cookies
We use essential cookies to maintain your authenticated session (via NextAuth.js using JWT tokens). For detailed information about our cookie usage, please see our Cookie Policy.
8. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on our secured servers. We use Redis for temporary caching of geospatial queries (no personal data is cached). Passwords are hashed using bcrypt before storage. Authentication sessions use JSON Web Tokens (JWT). We implement industry-standard security measures to protect your personal information, but no method of transmission or storage is 100% secure.
9. Data Retention
We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where we are required by law to retain certain records (e.g., invoicing data for tax compliance). Usage counters are reset upon new purchases or subscription renewals.
10. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to: Access the personal data we hold about you. Rectification — request correction of inaccurate data. Erasure — request deletion of your data ('right to be forgotten'). Restriction — request limitation of processing of your data. Data Portability — receive your data in a structured, machine-readable format. Withdraw Consent — withdraw your consent for data processing at any time. Object — object to processing based on legitimate interests. To exercise any of these rights, please contact us at info@locametric.com. We will respond within 30 days.
11. Children's Privacy
LocaMetric is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated 'Last updated' date. We encourage you to review this policy periodically.
13. Contact
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please email us at info@locametric.com.