Privacy Policy

This Privacy Policy explains how GetParcelData, operated by IT Services Lukasz Jocz (“GetParcelData,” “we,” “us,” or “our”), collects, uses, and shares personal information when you visit getparceldata.com (the “Site”), use our API, or otherwise interact with us. It also describes the choices and rights you have regarding that information.

Scope. This policy covers personal information about website visitors and customers. It does not cover information contained in public parcel and property records that we aggregate and license — those records describe real property and are obtained from government sources; they are governed by the open-data and public-records regimes of the originating jurisdictions, not by this policy.

1. Information we collect

We collect the following categories of personal information:

• Information you provide directly — your name, email address, company name, and any message content you submit through our contact form, data request modal, or email correspondence.
• Account and billing information — when you purchase a product or service, billing name, billing address, payment-method details (handled by Stripe; we never receive full card numbers), invoice history, and tax identifiers.
• API usage data — API keys, request metadata (timestamp, endpoint, response code, request size) and the IP address from which requests are made.
• Site usage and device data — IP address, user-agent, referrer, pages viewed, time on page, and interaction events, collected via server logs and analytics (see Section 5).
• Cookies and similar technologies — small files set by our Site or our subprocessors to remember preferences and measure usage. See Section 5.

We do not knowingly collect personal information from children under 16. We do not collect special categories of personal data (health, biometric, etc.).

2. How we use information

We use personal information to:

• Respond to inquiries, quote requests, and support tickets.
• Provision API access, issue API keys, and deliver requested data.
• Process payments and send invoices and receipts.
• Operate, secure, and improve the Site and API — including diagnosing errors, preventing abuse, and rate-limiting.
• Send transactional email (e.g. account, billing, delivery, security notices) and, where permitted, occasional product updates you can opt out of at any time.
• Comply with legal obligations and enforce our terms.

Legal bases (GDPR). Where the GDPR applies, we rely on: (a) contract — to provide the services you request; (b) legitimate interests — to secure the Site, prevent fraud, and improve our product; (c) legal obligation — for tax and accounting records; and (d) consent — for non-essential cookies and marketing email, which you can withdraw at any time.

3. How we share information

We do not sell personal information. We share personal information only with the subprocessors listed in Section 4, with professional advisers (accountants, lawyers) under confidentiality, with authorities when required by law, or with a successor entity in the event of a business transfer. Each disclosure is limited to what is necessary for the stated purpose.

4. Subprocessors

We rely on the following service providers to operate the Site and deliver our services. Each is bound by a data-processing agreement and processes personal data only on our instructions.

International transfers from the EEA / UK rely on Standard Contractual Clauses or equivalent safeguards published by each provider.

5. Cookies and analytics

We use a small number of strictly necessary cookies to operate the Site, and analytics cookies via PostHog to understand aggregate usage and improve the product. Where required by law, we will request your consent for non-essential cookies before they are set. You can clear cookies at any time through your browser settings; doing so may affect Site functionality.

6. Data retention

We retain personal information only as long as needed for the purposes described: inquiry records for up to 24 months after last contact; customer billing records for the period required by tax law (typically 5–7 years); API usage logs for up to 12 months; analytics events for up to 12 months in aggregated form. After retention expires, data is deleted or irreversibly anonymized.

7. Security

We protect personal information with industry-standard safeguards including TLS encryption in transit, encryption at rest at our subprocessors, scoped API keys, least-privilege access controls, hardware-key multi-factor authentication for administrative accounts, and routine review of access logs. Payment-card data is handled entirely by Stripe; we do not store full card numbers on our systems. No system is perfectly secure — if we become aware of a breach affecting your personal data, we will notify you and the relevant authority as required by applicable law.

8. Your rights

Subject to applicable law (including the GDPR and the California Consumer Privacy Act), you have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Delete personal information, subject to legal retention requirements;
• Restrict or object to certain processing;
• Receive a portable copy of information you provided to us;
• Withdraw consent where processing is based on consent; and
• Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email contact@getparceldata.com. We will respond within 30 days.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page with a new “Last updated” date and, where appropriate, by email to active customers. Continued use of the Site after changes take effect constitutes acceptance.

10. Contact

Data controller: IT Services Lukasz Jocz (operating as GetParcelData)
Email: contact@getparceldata.com