POIscoredev

Privacy Policy

Last updated: 6 June 2026

POIscore ("we", "us") provides a customizable points-of-interest scoring API. This policy explains what personal data we collect, why, and the rights you have over it under the EU General Data Protection Regulation (GDPR).

1. Data we collect

  • Account data — your name and email address, provided at sign-up.
  • Authentication data — a hashed password (scrypt; we never store it in plaintext) and, if you enable it, two-factor authentication secrets.
  • Billing data — handled by Stripe. We store a Stripe customer ID, your plan, subscription status, and invoice metadata. We never see or store full card numbers.
  • Usage data — API request counts and timestamps, used for quota enforcement and analytics.
  • Technical data — IP address and request metadata in server logs, used for security (rate limiting, abuse detection).

2. How we use your data

  • To provide and secure your account and the API service.
  • To enforce plan quotas and process billing through Stripe.
  • To send transactional email (verification, password reset, billing notices).
  • To detect and prevent abuse and fraud.

Our legal bases are contract performance (providing the service you signed up for), legitimate interest (security and abuse prevention), and legal obligation (tax records).

3. Data sharing

We do not sell your data. We share data only with processors required to run the service: Stripe (payments), and our email provider (transactional email). The points-of-interest data served by the API comes from public open data sources (OpenStreetMap, Wikidata, Wikipedia) and contains no personal data about you.

4. Retention

We keep your account data for as long as your account is active. See our Data Retention Policy for specific retention periods. When you delete your account, your personal data is erased and related records (API keys, profiles, usage events, subscriptions) are removed via cascading deletion. Invoice records may be retained where required for tax/accounting law.

5. Your rights

Under GDPR you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data (edit your profile in Account).
  • Erasure — delete your account and data from the Account page ("Danger zone").
  • Portability — request an export of your data.
  • Objection / restriction — object to certain processing.

To exercise rights we don't yet automate, email us at the address below.

6. Security

Passwords are hashed, all traffic is encrypted in transit (HTTPS), optional two-factor authentication is available, and access to systems is restricted. No system is perfectly secure, but we follow industry best practices to protect your data.

7. Contact

For privacy questions or to exercise your rights, contact privacy@poiscore.com. You also have the right to lodge a complaint with your local data protection authority.