LiDAR-Powered Elevation, Terrain, and Drainage Mapping — Easy, Accurate, Accessible

Privacy Policy

Effective Date: February 14, 2025

This Privacy Policy explains how Simon Knutson, doing business as Geo-Surface (“I”, “me”, “my”), collects, uses, discloses, and protects personal information when you use Geo-Surface.com (the “Site”) and related services (the “Services”). It also describes choices and rights you may have.

If anything here conflicts with a specific agreement you have with me, that agreement will prevail to the extent of the conflict.

1) Who is responsible?

Data controller: Simon Knutson (Geo-Surface), Manitoba, Canada.
Contact: Please use the contact form on the Site (no public email to reduce spam).

2) What I collect

A) Information you provide

  • Account & access data: username, display name, and similar identifiers you choose to provide.

  • Purchase/entitlement data (via resellers): when a licence is sold through a third-party merchant of record (a “Reseller”), they may share limited details so I can provision access (e.g., your name, email, plan/seat, licence status, and dates). I do not receive your full payment card details.

  • Support messages: content you submit through the Site’s contact form.

B) Technical & usage data (automatically collected)

  • Device/usage: IP address, browser type/version, operating system, referring/exit pages, timestamps, page views, and feature usage.

  • Cookies/local storage: small files used to keep you signed in, remember settings, and run analytics (if enabled).

C) User data that stays local to your browser

  • Field boundaries: geometry you draw or load in the Site is processed/stored only within your current browser session (e.g., memory/local storage) and is not uploaded to my servers unless you explicitly export or transmit it.

D) Files you may upload to my server

  • DEM uploads only: the only file you may upload to my servers is a digital elevation model (DEM) for processing into analytics layers. See Section 6 for retention.

3) Why I collect it (purposes)

  • Provide the Services: authenticate you, render maps/analytics, create variable-rate management zones (VRZ), and operate core features.

  • Account & entitlement management: verify and manage your plan or licence (including those purchased via a Reseller).

  • Support & operations: respond to requests, diagnose issues, secure the Service, prevent abuse/fraud, and generate audit/logs.

  • Analytics & improvement (optional): understand feature use to improve performance, reliability, and usability.

  • Legal & compliance: meet legal obligations and enforce Terms.

4) Lawful basis / consent (PIPEDA & other jurisdictions)

  • Consent: by using the Site/Services, you consent to collection and use for the purposes above.

  • Legitimate interests: secure operation, fraud prevention, service analytics, and improving performance/features.

  • Contract: processing needed to provide features you request (including provisioning licences via a Reseller).

  • You may withdraw consent for non-essential processing (e.g., analytics cookies) via your browser settings or the Site’s controls (if provided); essential cookies are needed to run the Site.

5) Cookies & tracking

  • Essential cookies/local storage: required for login, preferences, and core functionality.

  • Analytics (if enabled): privacy-respecting analytics may be used to measure traffic and feature usage (e.g., page views, session duration). If enabled, you can opt out by using the Site’s controls (if provided) or by blocking cookies in your browser. Blocking cookies may limit access to paid content or features.

6) DEM uploads (server-side) & retention

  • Purpose-limited licence: by uploading a DEM, you instruct and grant me a non-exclusive, royalty-free licence to host, process, cache, transform, and temporarily store the DEM solely to provide the Services you requested (e.g., analytics layers). No other uses (no resale, publication, training, or promotional use).

  • Retention: DEM files are stored on my VM only for the duration of processing and for up to two (2) hours thereafter, then scheduled for deletion via rolling jobs.

  • Backups: No backups of user DEMs are kept. Minimal operational metadata (timestamps, file size, processing status, error codes) may be retained; this metadata does not include your DEM content.

  • Human access: DEM content is not reviewed by a human unless you ask for support that requires it or I must investigate abuse/security incidents/errors.

7) Data sources referenced by the Services (not your personal data)

The Services may access or visualize public elevation data from USGS 3DEP (United States, public domain) and NRCan HRDEM (Canada, Open Government Licence—Canada with attribution). These data are public/government-provided; they are not your personal information and may be unavailable during upstream outages or policy changes.

8) Disclosure to third parties

I may share limited personal information with:

  • Service providers (processors): hosting/CDN, error logging, analytics (if enabled), authentication, email/contact infrastructure. They act under contract and may only process data to provide services to me.

  • Resellers / merchants of record: for purchases through a Reseller, I receive entitlement data from them, and I may share minimal technical information with them to resolve provisioning issues (I do not control their privacy practices; refer to their policies).

  • Legal and safety: if required by law or to protect rights, safety, or property.

  • Business changes: if I ever transfer or licence the Service to another operator, personal information may be transferred to allow continuity of service, consistent with this Policy.

I do not sell personal information.

9) International transfer

Servers, CDNs, and providers I use may be located in Canada, the United States, or other jurisdictions. Your information may therefore be transferred to and processed outside of your province or country. I use reasonable measures to protect personal information regardless of location.

10) Security

I use reasonable technical and organisational safeguards appropriate for a solo-operator service (e.g., access controls, TLS in transit, hardened configuration, rolling DEM deletions). No method of transmission or storage is 100% secure.

11) Retention (personal information)

  • Account/entitlement data: kept while you have an active account/licence and for a reasonable period thereafter for security, auditing, and legal obligations.

  • Logs/operational metadata: retained for a limited period needed for security and diagnostics.

  • Marketing preferences: retained until you change your preference or for a reasonable period.

  • DEM files: per Section 6 (max ~2 hours after processing completion).

12) Your rights & choices

Subject to applicable law, you may:

  • Access & correction: request access to, or correction of, your personal information.

  • Deletion: request deletion of personal information where it is no longer required (note: operational logs and legal records may be retained as permitted by law; DEM files follow the 2-hour deletion schedule).

  • Withdraw consent: for non-essential cookies/analytics, via browser settings or Site controls (if provided).

  • Marketing opt-out: unsubscribe using provided mechanisms (if I ever send marketing).

  • Complain: you may contact me via the Site’s form. You may also contact the Office of the Privacy Commissioner of Canada or your provincial privacy regulator.

13) Children’s privacy

The Services are not directed to minors under the age of majority in their jurisdiction. I do not knowingly collect personal information from minors.

14) Third-party purchases (Resellers)

If you purchase a licence through a Reseller (marketplace, app store, channel partner), they are the merchant of record. Your payment data is processed under their policies. They may share limited information with me for provisioning. For billing, refunds, chargebacks, and invoices, please contact the Reseller directly.

15) Automated processing & profiling

Some features (e.g., VRZ generation, terrain analytics) use algorithmic processing to produce heuristic outputs. These outputs are suggestive and do not produce legal or similarly significant effects on their own. You remain responsible for professional review and decisions.

16) Changes to this Policy

I may update this Policy from time to time. The updated Policy will be posted on this page with a new Effective Date. Your continued use of the Site after changes means you accept the updated Policy.

17) How to contact me

For privacy questions or requests, please use the contact form on the Site.

Last Updated: February 14, 2025