Privacy policy

GPXZ values privacy. We

GPXZ LLC is a US company registered in California.

Hosting and third parties

Our website, account dashboard, backend services, and everything except the API are hosted in the EU by Hetzner. API servers are hosted in the EU by Hetzner and in the US by OVH. Backups are encrypted then stored with Backblaze in the EU.

Most requests to gpxz.io are proxied by Cloudflare which provides load balancing and DDoS protection.

API servers store a list of all API keys, to authenticate requests.

Mailgun is used to send password reset and email verification emails, using their EU region.

API request logs are sent to New Relic in their EU region, with 31 day retention.

What we collect and why

When signing up for an account we request an email address. This is used to prevent abuse from people registering multiple accounts, and to contact you regarding changes to our service.

Additionally, when signing up to a paid account, you need to give your billing details to Stripe. We can't access your credit card number. While we are able to view other billing details such as your name, email and address, we don't normally look at that information.

Logs are made of requests to gpxz.io. These logs contain your IP address and the URL queried. The bodies of POST requests are not logged. Logs are used to identify issues, fix issues, and improve our service. Logs are permanently deleted after 31 days.

We don't use third party analytics (like Google Analytics) our website (or anywhere else). We track requests using a self-hosted instance of umami, an open privacy-focused analytics software program that does not store IP address or use cookies.

How we secure your data

Database backups are encrypted.

All communications between servers are encrypted.