Privacy policy
GPXZ values privacy. We
- limit the amount of user data stored
- minimise data sent to third party services
- are transparent about the personal data we do collect
GPXZ, LLC is a US company registered in California.
Hosting
Our website, account dashboard, backend services, and everything except the API are hosted in the EU (Germany) by Hetzner. API servers are hosted in the EU by Hetzner and in the US by OVH. Backups are encrypted then stored with Backblaze in their EU (Amsterdam) location.
Most requests to gpxz.io are proxied by Cloudflare which provides load balancing, DDoS protection, and caching.
API keys are sent to the API servers to authenticate requests.
Mailgun is used to send password reset and email verification emails, using their EU region.
What we collect and why
When signing up for an account we request an email address. This is used to prevent abuse from people registering multiple accounts, and to contact you regarding changes to this service.
Additionally, when signing up to a paid account, you need to give your billing details to Stripe. We can't access your credit card number. While we are able to view other billing details such as your name, email and address, we don't normally look at that information.
Logs are made of requests to gpxz.io. These logs contain your IP address and the URL queried. Logs are used to identify issues, fix issues, and improve our service. Logs are permanently deleted after 31 days.
We don't use third party analytics (like Google Analytics) our website (or anywhere else). We track requests using a self-hosted instance of umami, an open privacy-focused analytics software program that does not store IP address or use cookies.
How we secure your data
All data is encrypted via SSL/TLS between our servers and your browser. Backups are encrypted.