Privacy Policy

This Privacy Policy describes how Geocast handles personal data across every part of our service. Geocast has three different audiences, and this policy is organized around them. Use the "Who are you?" guide to jump to the section that applies to you.

Who are you?

• An operator or team member at a property using Geocast (a hotel, museum, winery, or other business). Read Section 01: Operators and their teams, then Section 04: Your privacy rights.
• A guest visiting a property powered by Geocast (you scanned a QR code, listened to a story, opened the Geocast app, or otherwise engaged with the experience as a visitor). Read Section 02: Guests, then Section 04: Your privacy rights.
• A visitor to geocast.ai (you came to our website, read our marketing pages, signed up for a newsletter, or otherwise interacted with our public web presence without using the service). Read Section 03: Visitors to geocast.ai, then Section 04: Your privacy rights.

If more than one applies to you, read each section that applies. Section 04 applies to everyone.

Plain-language overview

Before the legal detail, here is the short version of how Geocast handles personal data.

Geocast is a story layer for properties: hotels, museums, wineries, and other businesses that want to tell their story to their guests. Operators sign up for a paid subscription and create stories at their property. Guests visit those properties and experience the stories.

Geocast collects different kinds of data from each audience. From operators, what is needed to provide a SaaS product: account information, billing details, the content they upload, and how they use the admin app. From guests, what is needed to deliver the right story at the right place: which stories they played, where they were on the property, and (for the native app) some background location data while they are at the property. Beacon detection happens on the guest's own device. Geocast does not stream continuous location. The property sees aggregate engagement, not surveillance of individual guests. From visitors to geocast.ai, standard website analytics, plus anything they explicitly provide.

You have rights over the personal data Geocast holds about you, including the right to access, correct, delete, and (in many jurisdictions) port your data. Section 04 describes those rights in detail.

If you have a privacy question, email legal@geocast.ai. We respond within the timeframes required by the privacy laws that apply to you.

This section applies to property operators and their team members who create accounts, log in, and use the Geocast admin app to manage their property's experience.

1.1Personal data we collect about operators

When you create an Operator account or use the admin app, Geocast collects the following categories of personal data.

Account information

• Name
• Email address
• Phone number (optional)
• Password (stored as a one-way hash, never in plain text)
• Role within your organization (e.g., owner, manager, content editor)
• Property association (which property or properties you administer)

Billing information

• Billing contact name and email
• Billing address
• Payment method details (handled and stored by our payment processor; Geocast retains only a token reference, never card numbers)
• Tax identification, where applicable

Authentication and security data

• Login timestamps and IP addresses
• Two-factor authentication tokens, if enabled
• Session cookies and tokens
• Device and browser fingerprints used for security and fraud prevention

Usage data

• Pages and features you access in the admin app
• Actions you take (creating a story, publishing a guide, configuring a beacon)
• Time spent on different surfaces
• Errors you encounter

Content and configuration data

• Stories, guides, experiences, and other content you create or upload
• Configuration choices (which beacons, which voices, which experience types)
• Internal notes and team collaboration content
• Operator Content as defined in the Operator Terms of Service

Communication data

• Email correspondence with Geocast support
• In-app chat or comment threads with the Geocast team
• Customer feedback and survey responses
• Records of any phone or video calls with the Geocast team (with consent)

Biometric data (voice cloning, optional)

• Voice samples (audio recordings) from individuals whose voice is being cloned for narration, where the operator chooses to use voice cloning. Detailed handling is described in 1.7 below.

1.2How we use operator personal data

• To provide the service. Authenticating you, displaying your content, billing your subscription, generating AI content from your inputs, and otherwise operating the admin app and the guest-facing experience your property runs.
• To maintain account security. Detecting and preventing unauthorized access, fraud, abuse, and security incidents.
• To communicate with you. Sending service announcements, billing receipts, security notices, and support responses. Sending marketing communications about new Geocast features (you can opt out at any time).
• To improve the service. Analyzing how operators use the admin app to identify usability issues, prioritize features, and improve performance. This analysis is done in aggregate where possible.
• To comply with legal obligations. Tax reporting, regulatory inquiries, court orders, and similar legal requirements.
• To enforce our Terms. Investigating breaches of the Operator Terms of Service or this Privacy Policy.

1.3Legal bases for processing (GDPR and equivalent)

Where GDPR or equivalent law applies to your processing, Geocast relies on the following legal bases:

• Contract performance. Most processing is necessary to perform our contract with you (the Operator Terms of Service). This includes account, billing, and service operation.
• Legitimate interests. Some processing relies on Geocast's legitimate interests in operating and improving the service, preventing fraud, and protecting the company. Examples: security analytics, aggregate usage analysis, marketing communications to existing customers.
• Consent. Where consent is the appropriate basis, Geocast obtains it explicitly. Examples: optional marketing communications to non-customers, certain non-essential cookies on the marketing site.
• Legal obligation. Where processing is required by law (tax, regulatory, response to lawful requests).

You have the right to object to processing based on legitimate interests, and to withdraw consent where consent is the basis. See Section 04.

1.4What operators see about their guests

This is important. Read carefully.

When guests use the Geocast experience at your property, Geocast collects data about those guests (described in Section 02). Geocast shares some of this data with you in your role as the property operator.

What you see by default

• Aggregate engagement statistics. How many guests played each story, completion rates, popular Hidden Cards, average time spent in each guide, weekly and monthly trends. These statistics are not tied to individual guests.
• Pseudonymous session-level patterns (for native app users). Session IDs that show the journey of an anonymous guest through your property, useful for understanding flow and identifying friction points. Session IDs are not connected to any identifying information about the guest. Session IDs rotate periodically.

What you do not see by default

• Individual guest identities (names, emails, account information)
• Continuous location tracking of any guest
• Cross-property guest behavior (the same guest visiting another Geocast property)
• Persistent identifiers that would let you re-identify a guest across visits

When you may see identified guest data

• Event Experiences with passcode access. When you run an Event Experience (a wedding, corporate event, private gathering) and gate it with a passcode, the guests who enter that passcode are identified by your event roster, not by Geocast. Geocast may transmit that identification context with their interaction data, because the guest has affirmatively joined a private context you control.
• Guest opt-in features. If a future product feature lets guests sign in (saved stories, ratings, multi-property history), that sign-in is opt-in, and the guest is told what the property will see.
• At the guest's explicit request. A guest contacting your front desk to ask "what stories did I play yesterday" gives you implicit permission to look up their session.

You as operator are responsible for

• Not attempting to re-identify pseudonymous session data
• Not combining Geocast data with check-in records, room key swipes, or other identifying information without the guest's consent
• Not transmitting Geocast guest data to third parties beyond what is necessary for property operations
• Honoring guest privacy requests that are routed to you

The Operator Terms of Service contains the contractual obligation that mirrors this policy. The two documents are designed to align.

1.5Whom we share operator data with

Geocast shares operator personal data only with:

• Sub-processors who help us operate the service. See Section 05.
• Other team members on your account. Account owners and team members see each other's basic account information and activity within the same account.
• Legal and regulatory authorities when required by law (court order, valid subpoena, regulatory inquiry).
• Successors in a corporate transaction. If Geocast is merged, acquired, or sold, the successor entity may receive operator data subject to this Privacy Policy. We commit to giving operators advance notice of any such transaction where practicable.

Geocast does not sell operator personal data. Geocast does not share operator personal data with advertisers, data brokers, or any third party for their independent marketing purposes.

1.6AI and your operator data

Geocast does not use Operator Content or operator personal data to train AI models.

The strict version of this rule: Operator Content (your uploaded photographs, archival materials, drafted stories before publication, internal notes, configuration data) and operator personal data (account information, billing details, communications with Geocast, usage data) are not used to train, fine-tune, or improve any general-purpose AI model. None of this is shared with Anthropic, ElevenLabs, or other AI providers as training data. None of it appears in datasets used to build foundation models or to generate content for any other property.

The narrow operational exception: Geocast uses aggregated, anonymized statistical analysis of operator usage patterns to improve the admin app, identify usability issues, and prioritize features. This analysis does not retain identifying information and does not produce training data for general-purpose models.

Generated Content is treated differently. Generated Content (AI-drafted stories, procedural imagery, voice narration outputs) is owned by Geocast under the Operator Terms of Service. Geocast may use Generated Content in aggregate to improve the Story Writing Agent, the Imagery Agent, and other AI tools that produce Generated Content. This use is bounded by two principles: it operates on Geocast-owned outputs, not on operator inputs; and it never reproduces Generated Content from one property at another property without the originating property's authorization.

Voice clones are treated as biometric data. See 1.7.

This means: the archival material you upload, the stories you draft, your internal team conversations, and your account activity are not raw material for any AI product Geocast or our sub-processors build.

1.7Biometric data and voice cloning

If your property uses voice cloning to create a custom narrator voice for stories at your property, the underlying voice samples are biometric data. Geocast handles biometric data with additional care because state biometric laws (including the Illinois Biometric Information Privacy Act, Texas's Capture or Use of Biometric Identifier Act, Washington's biometric law, and others) impose strict requirements on its collection, retention, and disclosure.

What is collected. Voice samples (audio recordings) of the person whose voice is being cloned. Samples are typically a few minutes of read-aloud speech in a quiet environment. The samples are processed by ElevenLabs to produce a voice model that can synthesize speech in that voice.

Who provides consent. The individual whose voice is being cloned (the "voice subject") must provide written, informed consent before any voice samples are collected. The operator is responsible for obtaining this consent from the voice subject, whether the voice subject is the operator, a staff member, a contractor, a hired voice actor, or any other natural person. Geocast provides operators with a consent form template that meets BIPA and equivalent state law disclosure requirements.

What the consent covers. The consent form discloses:

• The specific purpose of collection (creating a voice model for narration at the property)
• The length of time the voice samples and resulting voice model will be retained
• That the voice samples and voice model will not be sold, leased, traded, or otherwise profited from
• That the voice samples and voice model will not be disclosed to any third party except sub-processors necessary to provide the voice cloning service (currently ElevenLabs), legal authorities under valid process, or successors in a corporate transaction
• The voice subject's right to revoke consent and have the voice samples and voice model deleted

Retention. Voice samples are retained only as long as needed to maintain the voice model for the property's use. When the property terminates the voice clone, terminates its Geocast subscription, or when the voice subject revokes consent, Geocast initiates the deletion process from production systems and aims to delete within 30 days. Backup retention follows the standard 12-month horizon. The voice model itself (the trained synthesis output) is treated the same way.

No sale, no profit, no third-party disclosure. Geocast does not sell, lease, trade, or otherwise profit from voice samples or voice models. Geocast does not share voice samples or voice models with third parties except as described above.

Voice subject rights. The voice subject (the person whose voice is cloned) has the same rights described in Section 04, including the right to access, correct, delete, and revoke consent. The voice subject can exercise these rights directly with Geocast at legal@geocast.ai, regardless of which operator initiated the clone.

Operator responsibility. Operators using voice cloning are responsible for:

• Obtaining proper written consent from the voice subject before requesting a voice clone
• Honoring the voice subject's revocation of consent if it is given
• Not requesting voice clones of any person who has not provided consent
• Not using the voice clone for purposes outside what was disclosed to the voice subject

The Operator Terms of Service incorporates these requirements as contractual obligations.

This section applies to guests who visit a property using Geocast. You are a guest if you scanned a QR code at a property, opened a deep link, used the Geocast guest app or web experience, or otherwise engaged with the property's stories as a visitor.

2.1Personal data we collect about guests

Geocast collects different categories of guest data depending on whether you use the mobile web experience or the native app, and depending on what you do during your visit.

Always collected when you use the experience

• Device identifiers. A randomly generated session token associated with your device for the duration of your visit. This is not tied to your identity unless you sign in (see below). Session tokens rotate periodically.
• Story interaction data. Which stories you played, completion percentages, Hidden Cards you discovered, ratings you give, time spent on each story.
• Device and browser information. Operating system, browser, device model, screen size, language preference. Used to deliver the right experience and to debug issues.
• General location. The country and city your IP address resolves to. Used for translation defaults and regional content.
• Property context. The property and Experience you are using. The property is identified by their Geocast account; you are identified to the property as described in 1.4.

Collected in the mobile web experience (browser only, while open)

• Foreground location while the experience is open. GPS or browser location is used to determine when you are near outdoor stories. Location is not collected when the browser tab is closed. Typical precision is roughly the precision your browser exposes to web pages (often 10 to 50 meters in good GPS conditions, less precise indoors).
• Cookies and similar technologies. A small number of cookies are used to maintain your session and remember your language preference. The mobile web experience does not use third-party advertising cookies.

Collected in the native app (with your permission)

• Bluetooth proximity events. When your device detects a Geocast beacon at a property, your device records the proximity event locally. Beacon detection range is typically a few meters to roughly 30 meters depending on the beacon and the environment. Beacon detection happens on your device. The property and Geocast learn that you played a story, not that you stood in a hallway for ten minutes. Continuous location is not transmitted.
• Background location at properties (with permission). If you grant background location permission, the app uses location to deliver proximity-aware story moments while your device is in your pocket or screen-locked. Background location is property-scoped: the app activates near a Geocast property and goes dormant when you leave. Typical precision is GPS-level (10 to 50 meters in good conditions, less precise indoors).
• Push notification tokens. A device-specific token used to deliver push notifications. You can disable notifications at any time.
• Crash reports and performance telemetry. Anonymous data about app crashes and performance issues. No personal content is collected in these reports beyond what is needed to debug.

Sensitive personal information classification

Both beacon proximity events and GPS location data fall within radii that classify them as "sensitive personal information" under California's CPRA (precise geolocation within a 1,750-foot radius) and analogous categories under Virginia's VCDPA, Colorado's CPA, Connecticut's CTDPA, and other state privacy laws. Geocast handles this category with the additional protections those laws require:

• Collection happens only with your affirmative permission (OS-level prompt for the native app; browser permission for the mobile web)
• Use is limited to delivering the experience and to the narrow operational improvements described in 2.3
• The data is not used to infer your identity, your demographics, or any other characteristic beyond what is necessary to deliver story moments
• You can disable location features at any time, and the app will continue to function in foreground-only or no-location modes (with reduced proximity-triggered behavior)
• You have the right to limit our use of sensitive personal information under applicable state laws (see Section 04)

Collected only with your explicit action

• Account information (if a future product feature lets you sign in). Currently the guest experience does not require an account. If we add this in the future, this policy will be updated and your consent will be required.
• Ratings, comments, and feedback you submit through the experience.
• Communication with guest support. Email correspondence if you contact guest-support@geocast.ai.

What we do not collect

• Your name (unless you provide it through a feature that asks for it)
• Your email or phone number (unless you provide it)
• Your continuous physical location (we collect only proximity events and foreground/permissioned background location)
• Your behavior outside the property (we do not track you when you are not at a Geocast property)
• Your behavior on other apps or websites
• Your social media activity
• Your contacts, photos, or other on-device data

2.2How we use guest personal data

• To deliver the experience. Showing you the right stories at the right time and place. This includes proximity detection, story selection, language localization, and personalization within the property.
• To improve the experience. Analyzing in aggregate how guests use the service so we can make stories more discoverable, fix bugs, and refine the proximity logic. This analysis does not target individual guests.
• To share aggregate insights with the property. As described in 1.4, the property sees aggregate engagement, not individual surveillance.
• To maintain the service's security and integrity. Detecting abuse, preventing fraud, addressing technical issues.
• To communicate with you when necessary. Push notifications related to the property's experience (story arrivals, Hidden Card reveals, Today Feed updates, weather and condition overrides). Responses to support inquiries you initiate.
• To comply with legal obligations. Limited and rare for guest data, but possible (court orders, regulatory inquiries).

2.3AI and your guest data

Geocast does not use your data to train AI models.

The strict version of this rule: Geocast does not use guest personal data, audio recordings, content interactions, or any other guest-generated information to train, fine-tune, or improve any general-purpose AI model. Your data is not part of training datasets shared with Anthropic, ElevenLabs, or any other AI provider. Your data is not used to generate content for any other property.

The narrow operational exception: Geocast uses aggregated, anonymized statistical analysis to improve service operation. Examples include:

• Tuning beacon proximity detection so beacons trigger reliably for everyone
• Refining which Today Feed items get surfaced based on which items get tapped versus skipped, in aggregate
• Detecting and fixing bugs based on operational telemetry
• Improving recommendation logic across all guests in aggregate

This exception is bounded to service operation. It does not produce a model that can be used elsewhere. It does not generate content for other properties. The aggregate signals never identify you individually.

Anonymization standard. When Geocast describes data as "aggregated and anonymized" in this policy, we mean it has been processed to make re-identification practically impossible. This standard tracks the GDPR Recital 26 definition: data is anonymized when "the data subject is not or no longer identifiable" considering all means reasonably likely to be used to attempt re-identification. In practice, Geocast applies privacy-engineering techniques including the removal of direct identifiers, the removal or generalization of quasi-identifiers (device IDs, session tokens, precise timestamps, precise location), aggregation thresholds (a statistic is published only when it covers a group large enough that no individual can be inferred), and limits on the granularity of any released aggregate. Where these techniques are applied, the resulting data is no longer personal data under most privacy frameworks and is not subject to the rights described in Section 04. Where these techniques cannot be applied (for example, because a data set is too small to anonymize meaningfully), the data continues to be treated as personal data subject to all the protections in this policy.

This means: when you experience a Geocast-powered property, your interactions are not raw material for someone else's AI product. They serve only to deliver and improve the experience itself.

2.4Push notifications

Geocast may send push notifications related to the property's experience. These can include:

• Story arrivals when you are near a Castpoint
• Hidden Card reveals
• Today Feed updates relevant to the time of day or weather
• Storm advisories or condition overrides at the property

Push notifications are one-way. Geocast is not a way for you to message the property, and the property cannot use Geocast to have a conversation with you.

You can disable push notifications at any time in your device settings or in the app's privacy controls. Disabling notifications does not affect your ability to use the experience; it only changes how stories surface to you.

Push notifications use device-specific tokens (Apple's APNs or Google's FCM, depending on your device) to deliver the message. Geocast does not share notification content with third parties.

2.5Whom we share guest data with

Geocast shares guest personal data only with:

• The property you are visiting, in the form described in 1.4 (aggregate engagement plus pseudonymous session patterns; identified data only with your consent or in passcode-gated Event Experiences).
• Sub-processors who help us operate the service. See Section 05.
• Legal and regulatory authorities when required by law.
• Successors in a corporate transaction, subject to the same protections described in 1.5.

Geocast does not sell guest personal data. Geocast does not share guest personal data with advertisers, data brokers, or any third party for their independent marketing purposes.

If a future product feature lets a guest opt into something that involves additional sharing (for example, a multi-property loyalty feature that shares your visits across properties), you will be told exactly what is shared and asked to opt in explicitly.

This section applies to people who visit the Geocast marketing website, sign up for our newsletter, fill out a contact form, or otherwise engage with our public web presence without creating an Operator account or using the guest experience.

3.1Personal data we collect from website visitors

When you visit geocast.ai, Geocast may collect:

• Standard web analytics. IP address (anonymized to the city level for analytics purposes), browser type, device type, pages visited, time spent, referring website, country.
• Cookies and similar technologies. First-party cookies for site preferences and analytics. The marketing site does not use third-party advertising cookies, retargeting pixels, or social media tracking widgets.
• Information you provide. Email address if you sign up for a newsletter, name and email if you submit a contact form, content of any message you send us.

3.2How we use visitor data

• To operate and improve the marketing site. Standard analytics on traffic patterns and content engagement, in aggregate.
• To respond to your inquiries. When you contact us through the site.
• To send marketing communications you signed up for. Newsletters, product updates, events. You can unsubscribe at any time using the link in every email.
• To detect abuse. Standard security monitoring of public-facing surfaces.

3.3Cookies on geocast.ai

Geocast uses a small set of cookies on the marketing site:

• Strictly necessary cookies. Required for the site to function (session, security tokens, language preference).
• Analytics cookies. Used to count visits and understand which content is effective. Analytics cookies are first-party and aggregated.
• No advertising cookies. Geocast does not run advertising campaigns that require third-party cookies on geocast.ai. We do not place retargeting pixels.

A cookie banner is shown to visitors in jurisdictions where consent is required (EU, UK, and similar). Visitors in those jurisdictions can accept, reject, or customize cookie preferences. Strictly necessary cookies are exempt from consent requirements per ePrivacy Directive guidance.

Opt-out preference signals. geocast.ai recognizes the Global Privacy Control (GPC) and similar opt-out preference signals from your browser. When detected, the signal is treated as an opt-out request for sale and sharing of personal information for visitors who are residents of California, Colorado, Connecticut, and other jurisdictions that recognize universal opt-out mechanisms. Because the marketing site does not currently engage in sale or sharing of personal information for cross-context behavioral advertising, the practical effect of the signal is to confirm your preference. The signal is honored automatically without requiring you to take additional action.

3.4Whom we share website visitor data with

Geocast shares website visitor data only with:

• The analytics provider running the website's anonymized traffic analysis.
• The email service provider that handles newsletter delivery and marketing email (only for visitors who sign up).
• Hosting and security providers that operate the underlying infrastructure.
• Legal and regulatory authorities when required by law.

Geocast does not sell website visitor data.

This section describes the rights you have over personal data Geocast holds about you. Different rights apply in different jurisdictions; this section covers the major frameworks. If your jurisdiction provides rights not listed here, those rights still apply to you.

4.1Rights everyone has

Regardless of where you live, every person whose personal data Geocast holds has the right to:

• Know what we collect. Request information about what categories of personal data we hold, how we use it, and whom we share it with.
• Access your data. Request a copy of the personal data we hold about you in a portable format.
• Correct your data. Request correction of inaccurate or incomplete personal data.
• Delete your data. Request deletion of your personal data, subject to limited exceptions (legal hold, records we are required to keep by law, ongoing fraud investigation).
• Withdraw consent. Where we rely on consent, withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Lodge a complaint with a privacy regulator in your jurisdiction.

4.2Rights for residents of California (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know. What categories of personal information we collect, the sources, the purposes, and the categories of third parties we share with. This information is provided in this Privacy Policy and is also available on request.
• Right to access. Request the specific pieces of personal information we hold about you, going back 12 months.
• Right to delete. Subject to standard exceptions.
• Right to correct. Inaccurate personal information.
• Right to opt out of sale or sharing. Geocast does not sell personal information and does not share it for cross-context behavioral advertising. There is nothing to opt out of, but the right is reserved.
• Right to limit use of sensitive personal information. Sensitive personal information collected by Geocast includes precise geolocation (2.1) and biometric voice samples (1.7) for operators who use voice cloning. You have the right to direct Geocast to limit the use of this information to what is necessary to provide the service. Email legal@geocast.ai to exercise this right.
• Right to non-discrimination. Geocast will not deny services, charge different prices, or provide different quality of service because you exercised a privacy right.

Coverage of B2B and employee data

California's CCPA business-to-business and employee data exemptions expired on January 1, 2023. As a result, the rights described above apply to operator account holders, team members, billing contacts, and other personnel of properties using Geocast on the same basis as they apply to individual consumers.

If you are an employee or team member of a property using Geocast, direct your data subject request to your employer (the property) first.

Your employer is the data controller for the personal data they upload, manage, and process within the Geocast service, and Geocast acts as the processor on their instructions. Geocast will assist your employer in fulfilling verified requests, but cannot independently verify the identity of property employees or determine the appropriate response without controller direction. If you are a California-resident operator account holder (the contractual customer) whose data Geocast holds for billing or account purposes, you can exercise CCPA rights directly with Geocast.

Global Privacy Control (GPC) and opt-out preference signals

Geocast recognizes the Global Privacy Control and similar opt-out preference signals as a valid request to opt out of the sale and sharing of personal information for California residents (and Colorado residents under the CPA, where applicable). When the GPC signal is detected on geocast.ai or in any Geocast service surface that supports it, Geocast treats the signal as an opt-out request from that browser. Because Geocast does not currently sell or share personal information for cross-context behavioral advertising, the practical effect of the signal is to confirm and document your opt-out preference; no behavioral data flow is interrupted because none exists. Geocast will continue to honor GPC and equivalent signals as the underlying laws and technical standards evolve.

Authorized agents

You can use an authorized agent to make a privacy request on your behalf. To process a request from an authorized agent, Geocast requires:

• A signed, dated written authorization from you naming the agent and granting them permission to make the specific request, OR a valid power of attorney covering personal information requests
• Verification of your identity directly with Geocast, separate from the agent's submission
• Verification of the agent's identity

These requirements protect you against fraudulent requests made by third parties impersonating an authorized agent. Geocast may decline to process a request from an agent if any of these elements is missing or if we cannot verify the documentation.

To exercise California rights, email legal@geocast.ai with "California privacy request" in the subject line. We respond within 45 days as required by CCPA, with a possible 45-day extension for complex requests.

4.3Rights for residents of the European Economic Area, the United Kingdom, and Switzerland (GDPR / UK GDPR / revFADP)

If you are a resident of the EEA, UK, or Switzerland, you have rights under GDPR, UK GDPR, or the revised Swiss Federal Act on Data Protection:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure / right to be forgotten (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object to processing based on legitimate interests or for direct marketing (Article 21)
• Rights related to automated decision-making, including profiling (Article 22). Geocast does not currently make decisions about you based solely on automated processing that produce legal or similarly significant effects.
• Right to withdraw consent at any time where consent is the legal basis (Article 7)
• Right to lodge a complaint with your supervisory authority

To exercise GDPR rights, email legal@geocast.ai. We respond within 30 days as required by GDPR, with a possible 60-day extension for complex requests.

If you are in the EEA and need to contact our EU representative or our supervisory authority, contact information is available on request from legal@geocast.ai.

4.4Rights for residents of other US states with privacy laws

If you are a resident of a US state with a comprehensive privacy law, you have rights under that state's law. Geocast honors these rights, including:

• Virginia (VCDPA, effective 2023): right to access, correct, delete, opt out of sale, opt out of targeted advertising, opt out of profiling
• Colorado (CPA, effective 2023): right to access, correct, delete, opt out of sale, opt out of targeted advertising, opt out of profiling, with universal opt-out mechanism support
• Connecticut (CTDPA, effective 2023)
• Utah (UCPA, effective 2023)
• Texas (TDPSA, effective 2024)
• Oregon (OCPA, effective 2024)
• Montana (MCDPA, effective 2024)
• Florida (FDBR, effective 2024 with applicability thresholds)
• Tennessee, Indiana, Iowa, Delaware, New Hampshire, New Jersey, Kentucky, Maryland, Minnesota, Rhode Island, Nebraska, and other states with privacy laws taking effect through 2025 and 2026

Each state's law has slightly different specifics on rights, response timeframes, and applicability. Geocast honors the rights provided by the law applicable to you. Email legal@geocast.ai with your state and the right you wish to exercise; we respond within the timeframe required by your state's law (typically 30 to 45 days).

4.5Rights for residents of Canada (PIPEDA, Quebec Law 25)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws, including Quebec's Law 25:

• Right to access your personal information
• Right to correction
• Right to withdraw consent
• Right to portability (Quebec Law 25)
• Right to deindexation (Quebec Law 25)

Email legal@geocast.ai to exercise these rights. We respond within 30 days.

4.6Rights for residents of Australia (Privacy Act 1988)

Australian residents have rights under the Privacy Act 1988 and the Australian Privacy Principles, including the right to access, correction, and complaint to the Office of the Australian Information Commissioner.

4.7Rights for residents of Brazil (LGPD)

Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD), including access, correction, anonymization or deletion, portability, information about sharing, and revocation of consent.

4.8How to make a privacy request

For any privacy right described above, email legal@geocast.ai with:

• The right you want to exercise
• Your name and the email address associated with your interaction with Geocast (so we can locate your data)
• Any additional information that helps us verify your identity

Geocast verifies the identity of every requester before disclosing or deleting personal data. The verification process protects you from someone else making a request impersonating you. We may ask for additional information to confirm identity, in proportion to the sensitivity of the data and the request.

We respond to requests within the timeframe required by the privacy law applicable to you. If we cannot honor a request (because it falls under an exception, because we cannot verify your identity, or for any other lawful reason), we will tell you why and what your options are.

You always have the right to lodge a complaint with the privacy regulator in your jurisdiction if you are not satisfied with our response.

Geocast uses third-party service providers ("sub-processors") to operate the service. Each sub-processor is bound by contractual data protection obligations and processes personal data only on our instructions and only for the purposes described in this policy.

5.1Sub-processors that handle personal data directly

The following sub-processors are involved in handling identifiable or pseudonymous personal data:

• Anthropic (large language model inference for content generation, US-based)
• ElevenLabs (voice synthesis for audio narration; US/EU-based depending on workload)
• Amazon Web Services (or equivalent hosting, compute, and storage; regional based on data location)
• Stripe (payment processing for operator subscriptions, US-based)
• Email service provider (transactional and marketing email, US-based; current provider listed on the sub-processor page)
• Apple Push Notification Service and Google Firebase Cloud Messaging (push notification delivery to native app users)

Each provider is bound by a Data Processing Agreement that limits their use of personal data to providing the contracted service. None of them use Geocast data to train AI models, build advertising profiles, or for any independent purpose.

5.2Operational categories

The following operational categories are also part of the service infrastructure. Specific vendors in these categories are listed on the sub-processor page and may change without an update to this Privacy Policy:

• Application monitoring and error tracking
• Web analytics for the marketing site (aggregated, no individual tracking)
• Customer support tooling
• DNS, security, and CDN edge services

Operational sub-processors handle only limited operational data (request logs, error traces, infrastructure metrics) and have no access to identifiable user content beyond what is incidental to their function.

5.3Sub-processor list and changes

The current full list of sub-processors, including vendor name, function, and processing region, is published at geocast.ai/legal/sub-processors. The page is the source of truth and is updated as sub-processors change.

Notice and right of objection. When Geocast adds or replaces a sub-processor that handles personal data covered by this Privacy Policy, we provide notice via a banner in the Geocast admin app and by updating the sub-processor page at geocast.ai/legal/sub-processors. Operators who wish to receive sub-processor changes by email can subscribe to the sub-processor change feed from the admin app. Operators have the right to object to a sub-processor change for a period of 30 days following the banner posting and the sub-processor page update. If an operator objects and Geocast cannot reasonably accommodate the objection, the operator may terminate the affected portion of the service without penalty and receive a pro-rated refund for the unused portion of the current billing term.

Operational categories. Changes within operational categories described in 5.2 (application monitoring, web analytics, customer support tooling, DNS/security/CDN edge services) do not trigger the advance-notice obligation if the change does not materially expand the categories of personal data processed or the regions of processing. The sub-processor page is updated to reflect these changes when they occur.

Routine changes. Changes that do not affect the categories of personal data processed, the purposes of processing, or the regions of processing (such as a sub-processor renaming itself, restructuring corporate ownership, or moving offices within the same region) are reflected on the sub-processor page without separate notification.

5.4Other third parties

In addition to sub-processors, Geocast may share personal data with:

• Legal and regulatory authorities when required by valid legal process (court order, subpoena, regulatory inquiry). Geocast pushes back against overbroad requests and notifies the affected user when legally permitted.
• Successors in a corporate transaction. If Geocast is merged, acquired, or sold, the successor entity may receive personal data subject to this Privacy Policy. Where practicable, advance notice will be given.
• Professional advisors (auditors, lawyers, accountants) under confidentiality obligations.

Geocast does not sell personal data to anyone. Geocast does not share personal data with advertisers, data brokers, or any third party for their independent marketing purposes.

Geocast is a US company with users worldwide. Some processing happens in the United States, some in the European Union, and some in other regions, depending on the sub-processors involved and the data subject's location.

6.1Region-aware processing

Where infrastructure permits, Geocast processes personal data in the region closest to where it is collected. Operator and guest data from properties in the European Economic Area is hosted in EU regions where the underlying infrastructure supports it. Voice synthesis, language model inference, and other compute may route to regional endpoints when available.

Some processing inherently spans regions. Anthropic's language model inference, for example, is currently US-based for the model classes Geocast uses. Some sub-processors operate primarily in the United States.

6.2Transfer mechanisms

When personal data is transferred from the EU/EEA, UK, or Switzerland to the United States or another third country, Geocast relies on one or more of the following legal mechanisms:

• EU Standard Contractual Clauses (SCCs), in the form approved by the European Commission (Decision 2021/914), incorporated by reference into our contracts with sub-processors.
• UK Addendum to the EU SCCs, or the UK International Data Transfer Agreement (IDTA), for transfers from the United Kingdom.
• Swiss Addendum to the SCCs, for transfers from Switzerland.
• EU-US Data Privacy Framework certification, where the receiving sub-processor has self-certified under the framework.
• Other approved transfer mechanisms as adopted by the relevant authorities.

6.3Transfers from other jurisdictions

For transfers from Canada, Brazil, Australia, or other jurisdictions with international transfer rules, Geocast relies on adequacy decisions, contractual safeguards, or other lawful mechanisms as required by the applicable law.

6.4Documentation

Geocast maintains internal records of cross-border data transfers, including the legal mechanism, the destination, and any supplementary measures (encryption, access controls). This documentation is available to regulators on request and to data subjects who have a substantial interest, on request to legal@geocast.ai.

Geocast retains personal data only as long as necessary for the purposes described in this policy, the contractual relationship, and legal obligations. Specific retention periods apply by category.

7.1Operator data

• Operator account data. Retained while the subscription is active. On subscription termination, retained for the 90-day wind-down period described in the Operator Terms of Service Section 11.4. After wind-down, Geocast initiates the deletion process from production systems and aims to complete deletion within 30 days. Backup copies may be retained for up to 12 months for legal hold and disaster recovery, then deleted in the ordinary backup rotation.
• Operator Content (uploads, archival materials, drafts). Same as account data: tied to subscription, 90-day wind-down, deletion initiated thereafter with a 30-day target, 12-month backup horizon.
• Generated Content. Retained as Geocast property under the IP allocation in the Operator Terms of Service. The operator's license to use Generated Content terminates per the Operator Terms of Service.
• Voice samples and voice models. Retained only as long as needed to maintain the voice clone for the property's use. Geocast initiates the deletion process from production systems and aims to delete within 30 days of voice clone termination, subscription termination, or voice subject revocation of consent. Backup retention follows the standard 12-month horizon. See 1.7.
• Billing records. Retained for 7 years for tax and audit compliance.
• Operator support correspondence. 36 months from last contact, then deleted unless required for an ongoing legal matter.

7.2Guest data

• Guest interaction data (story plays, completion rates, beacon proximity events, Hidden Card discoveries). 24 months from collection in identifiable or pseudonymous form, after which Geocast initiates the process of transforming the data to fully anonymized aggregate statistics with no per-session detail. Aggregate statistics are kept indefinitely.
• Guest device and session identifiers. 12 months from last use, then rotated or deleted.
• Guest GPS and location data. Raw GPS pings are retained no longer than 30 days for proximity calculation and debugging, after which Geocast initiates the deletion process. Resulting story-played events follow guest interaction data retention.
• Guest support correspondence. 24 months from last contact, then deleted unless required for an ongoing legal matter.
• Push notification tokens. Retained while the app is installed and tokens are valid. Invalidated tokens are deleted promptly.

7.3Website visitor data

• Marketing site analytics. 13 months in identifiable form, then aggregated.
• Newsletter subscriber data. Retained until you unsubscribe, after which Geocast initiates the deletion process and aims to complete it within 30 days (except where retention is required for legal compliance).
• Contact form submissions. 24 months from last interaction, then deleted unless required for an ongoing matter.

7.4Operational data

• Logs and error telemetry. 90 days for general operational logs. Up to 12 months for security-relevant events.
• Authentication logs. 12 months for routine logs; longer for events under investigation.
• Backup copies across all categories. Up to 12 months, after which they are deleted in the ordinary backup rotation.

7.5Legal hold

Where Geocast becomes aware of pending or actual legal proceedings, personal data relevant to those proceedings is preserved beyond the standard retention windows for as long as the legal hold is necessary. Once the hold is released, normal retention applies.

8.1Security measures

Geocast maintains administrative, technical, and physical safeguards designed to protect personal data, including:

• Encryption. Personal data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
• Access controls. Access to personal data is restricted to personnel who need it for service operation. Access is logged and reviewed.
• Authentication. Multi-factor authentication is required for administrative access to systems containing personal data.
• Vendor management. Sub-processors are evaluated for security posture before onboarding and reviewed periodically.
• Incident response. Geocast maintains a documented incident response process for security events.

No system is perfectly secure. Geocast continues to invest in security as the company grows.

8.2Breach notification

If Geocast becomes aware of a personal data breach affecting your data, we will notify you in accordance with applicable law and the following commitments:

• To operators (controllers). Within 72 hours of becoming aware of a breach affecting your guests or your account, Geocast will notify you via email to the billing contact and via a banner in the admin app. The notification will describe the nature of the breach, the categories and approximate number of data subjects affected, the categories and approximate number of records affected, the likely consequences, the measures taken to address the breach, and contact information for further questions.
• To data subjects directly. Where a breach poses a high risk to your rights and freedoms, Geocast will notify you directly without undue delay. The mechanism depends on what data was affected (email if your email is in scope, in-app banner, property-mediated notification, etc.).
• Strictest applicable timeframe. Geocast commits to comply with the strictest applicable notification timeframe in each specific case. Where applicable laws require faster notification than the timelines above, we comply with the faster requirement.

8.3What to do if you suspect a breach

If you suspect a security or privacy issue with Geocast, email legal@geocast.ai. We investigate every report. Responsible disclosure is welcomed.

9.1Age limits

The Geocast guest experience is designed for users aged 13 and older. The Operator account is available only to adults aged 18 and older.

If you are between 13 and 18, please use the guest experience with the awareness of a parent or legal guardian.

If you are under 13, you may use the guest experience only when supervised by a parent or legal guardian who has agreed to the Guest Terms of Use on your behalf. The kids' guides and family content available at some properties are designed for supervised use.

If you are an EU resident under 16, additional parental consent applies to any data processing beyond what is strictly necessary to deliver the experience.

9.2COPPA compliance (US)

Geocast complies with the Children's Online Privacy Protection Act (COPPA). Geocast does not knowingly collect personal information from children under 13 without verifiable parental consent.

If a parent or guardian believes their child under 13 has provided personal information to Geocast without consent, contact legal@geocast.ai and we will delete the information promptly.

9.3Property responsibilities

Properties offering kids' guides and family content are responsible for designing those experiences with the supervised-use assumption. Properties should not configure experiences that require independent under-13 behavior (no chat features, no user-generated content from minors, no profiling).

Geocast may update this Privacy Policy from time to time. When material changes are made:

• The version date at the top of this page is updated
• Material changes are communicated via in-app banner in the Geocast admin app (for operators) and via the guest experience (for guests) the next time you use the service
• Where a material change reduces your rights or expands processing in a way that requires consent under applicable law, we will obtain your consent before the change takes effect

The current version of this Privacy Policy is always available at geocast.ai/legal/privacy. Previous versions are available on request to legal@geocast.ai.

For privacy questions, requests, or concerns:

• Privacy and security: legal@geocast.ai
• Guest support: guest-support@geocast.ai
• Operator support: support@geocast.ai

For privacy regulator complaints

• California: California Privacy Protection Agency (CPPA) or California Attorney General
• EU: Your local Data Protection Authority
• UK: Information Commissioner's Office (ICO)
• Other jurisdictions: Your applicable privacy regulator