Search
Pricing How it Works Coverage Contact API Docs
NL
Legal

Data Processing Agreement

Effective date: March 16, 2026 · Last updated: March 16, 2026

1. Scope & Applicability

This Data Processing Agreement ("DPA") forms part of the agreement between GeoPin ("Processor") and you, the business customer ("Controller"), and governs the processing of personal data by GeoPin on your behalf in connection with the GeoPin service.

This DPA applies to all processing of personal data by GeoPin as part of the Service, as defined in our Terms of Service. In the event of a conflict between this DPA and the Terms of Service, this DPA shall prevail with respect to data protection matters.

This DPA is designed to comply with the requirements of Article 28 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"). Business customers may request a separately executed version of this DPA. Contact info@geopin.nl for details.

2. Definitions

In deze VO hebben de volgende termen de hieronder beschreven betekenis. Niet-gedefinieerde termen hebben de betekenis die eraan wordt gegeven in de AVG of de Terms of Service.

  • "Controller" — the business customer who determines the purposes and means of the processing of personal data and on whose behalf GeoPin processes personal data.
  • "Processor" — GeoPin, which processes personal data on behalf of the Controller.
  • "Sub-processor" — a third party engaged by GeoPin to process personal data on behalf of the Controller.
  • "Personal Data" — any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.
  • "Data Subject" — the identified or identifiable natural person to whom the personal data relates.
  • "Processing" — any operation performed on personal data, as defined in Article 4(2) of the GDPR.
  • "Personal Data Breach" — a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, as defined in Article 4(12) of the GDPR.

3. Roles of the Parties

For the purposes of the GDPR:

  • The Controller (you) determines the purposes and means of the processing of personal data through the GeoPin Service. You are responsible for ensuring that you have a lawful basis to process the personal data you submit to GeoPin.
  • The Processor (GeoPin) processes personal data solely on the basis of the Controller's documented instructions, unless required by EU or Member State law.

If GeoPin considers that an instruction from the Controller infringes the GDPR or other EU or Member State data protection provisions, GeoPin shall immediately inform the Controller.

4. Processing Details

Subject matter Geolocation inference on images submitted by the Controller via the GeoPin API.
Duration For the duration of the Controller's subscription to the GeoPin service, plus any legally required retention periods.
Nature and purpose Processing of images to return estimated geographic coordinates and location metadata. Account management, invoicing and API request logging.
Types of personal data Images submitted for geolocation (which may depict identifiable individuals or identifiable locations); EXIF metadata in images; IP addresses; email addresses; API request logs; billing data.
Categories of data subjects Individuals depicted in submitted images; employees and representatives of the Controller who use the Service; individuals whose data appears in billing records.

5. Data Flow Description

The following describes the data flow through the GeoPin service from submission to response:

  1. API Request — the Controller submits an image to the GeoPin API via an encrypted HTTPS connection. The request contains the image data, the Controller's API key and HTTP metadata (IP address, user agent).
  2. Authentication & Rate Limiting — the API key is validated against our authentication database (Cloudflare D1). The request is logged (timestamp, API key hash, endpoint, IP address) for billing and abuse prevention. The image itself is not logged or stored at this stage.
  3. Inference — the image is forwarded via an encrypted connection to a GPU inference worker (RunPod). The inference worker processes the image entirely in memory, runs the geolocation model and returns the result. The image is immediately discarded from memory after processing. At no point is a persistent copy of the image created.
  4. Response — the geolocation result (coordinates, confidence score, location metadata) is returned to the Controller via the API. The result is not stored by GeoPin unless the Controller has opted into result caching (Enterprise plans only, separately configured).
  5. Logging & Billing — API Requestmetadata (exclusief de afbeelding en de responsinhoud) wordt 90 dagen bewaard voor factureringnauwkeurigheid, dienstmonitoring en misbruikdetectie. Invoicingsgegevens worden gedeeld met Moneybird voor facturering en worden 7 jaar bewaard conform Nederlandse fiscale vereisten.

6. Sub-processors

GeoPin engages the following sub-processors. The Controller authorises the use of these sub-processors as of the effective date of this DPA.

Sub-processor Purpose Data Processed Location Transfer mechanism
Cloudflare, Inc. Hosting, CDN, D1 database, R2 storage, Vectorize, Turnstile, Web Analytics All data transiting the platform; account data; API logs; analytics Global (EU preferred) EU SCCs
RunPod, Inc. GPU inference Images (in-memory only, no storage); inference results EU data centres EU SCCs
Moneybird B.V. Invoicing Name, email, address, VAT number, invoice data Nederland N/A (EEA)
Emailit Transactional email Email address, email content EU N/A (EEA)

6.1 Wijzigingen in Sub-processors

GeoPin shall notify the Controller by email at least 30 days before engaging a new sub-processor or replacing an existing one. If the Controller objects to a new sub-processor on reasonable data protection grounds, the Controller may within 14 days of notification:

  1. Request a meeting to discuss the objection and explore alternatives.
  2. If no resolution is reached, terminate the relevant Service by written notice. GeoPin shall assist with an orderly transfer of data as described in Section 12.

6.2 Verplichtingen Sub-processors

GeoPin shall impose data protection obligations on each sub-processor that are no less protective than those in this DPA, by means of a written contract. GeoPin remains fully liable to the Controller for any failure of a sub-processor to fulfil its data protection obligations.

7. Security Measures

GeoPin implements the following technical and organisational measures to protect personal data, in accordance with Article 32 of the GDPR:

7.1 Encryption

  • In transit — all data transmitted between the Controller and GeoPin, and between GeoPin and its sub-processors, is encrypted with TLS 1.2 or higher.
  • At rest — data stored in Cloudflare D1 and R2 is encrypted at rest with AES-256. API keys are hashed with a secure one-way hash algorithm for storage.

7.2 Access Control

  • Access to production systems and personal data is restricted to authorised personnel on a need-to-know basis.
  • Multi-factor authentication is required for all administrative access to the production infrastructure.
  • Access is logged and regularly reviewed.

7.3 Infrastructure Security

  • Cloudflare provides DDoS protection, WAF (Web Application Firewall) and bot management for all incoming traffic.
  • Inferenceworkers draaien in efemere containers die on-demand worden ingezet en na gebruik worden vernietigd. Er is geen permanente opslag gekoppeld aan inferentieworkers.
  • Network segmentation ensures that inference infrastructure has no access to the production database or other unrelated systems.

7.4 Image Processing Security

  • Images are processed exclusively in memory. At no point during the inference pipeline are images written to disk, object storage or any other persistent medium.
  • Inferencecontainers zijn geïsoleerd van elkaar en van het netwerk, met uitzondering van het versleutelde kanaal van en naar de API-gateway.
  • Memory allocated to inference is immediately cleared after each request completes.

7.5 Monitoring & Incident Management

  • Automated monitoring of system health, error rates and anomalous access patterns.
  • Alerts for security-relevant events, including failed authentication attempts, unusual API usage patterns and infrastructure anomalies.
  • Documented incident response procedures with defined roles and escalation paths.

7.6 Personnel

  • All personnel with access to personal data are bound by confidentiality obligations.
  • Personnel receive training on data protection requirements and security best practices.

8. Data Subject Rights

GeoPin assists the Controller in fulfilling its obligations to respond to data subject requests under Chapter III of the GDPR (access, rectification, erasure, restriction, portability and objection).

  • If GeoPin receives a data subject request directly concerning data processed on behalf of the Controller, GeoPin shall promptly forward the request to the Controller and shall not respond directly to the data subject, unless instructed by the Controller or required by law.
  • GeoPin provides reasonable technical assistance to enable the Controller to respond to data subject requests, including providing data exports in machine-readable format (JSON).
  • Since images are processed in memory and are not retained, erasure requests concerning submitted images are inherently fulfilled by the design of the Service — there are no stored image data to erase.

9. Breach Notification

In the event of a personal data breach involving personal data processed on behalf of the Controller, GeoPin shall:

9.1 Notification Timeline

  1. Within 24 hours — notify the Controller of the data breach by email to the Controller's registered email address. This initial notification shall include the nature of the data breach and the categories of data affected, to the extent known at that time.
  2. Within 48 hours — provide a more detailed notification including: the estimated number of data subjects and records affected; the likely consequences of the data breach; the measures taken or proposed to address the data breach and mitigate its effects.
  3. Ongoing — provide further updates as the investigation progresses, including root cause analysis and implemented preventive measures.

9.2 Controller Obligations

The Controller is responsible for determining whether the data breach must be notified to the relevant supervisory authority (within 72 hours pursuant to Article 33 GDPR) and/or to the affected data subjects (pursuant to Article 34 GDPR). GeoPin shall provide all reasonably necessary information to support the Controller in making this determination.

9.3 Documentation

GeoPin documents all personal data breaches, including the facts, their effects and the remedial actions taken, in accordance with Article 33(5) of the GDPR. This documentation shall be made available to the Controller upon request.

10. Audit Rights

The Controller has the right to audit GeoPin's compliance with this DPA, subject to the following conditions:

  • Audits may not be conducted more than once per calendar year, unless a data breach has occurred or a supervisory authority requires an audit.
  • The Controller must provide at least 30 days' written notice of an intended audit.
  • Audits shall be conducted during normal business hours and must not unreasonably disrupt GeoPin's operations.
  • The Controller may appoint a qualified, independent external auditor, provided the auditor signs a confidentiality agreement acceptable to GeoPin.
  • GeoPin shall make available all information reasonably necessary to demonstrate compliance with this DPA, including documentation of security measures, sub-processor agreements and data breach records.
  • The costs of the audit shall be borne by the Controller, unless the audit reveals a material breach of this DPA by GeoPin.

As an alternative to an on-site audit, GeoPin may provide the Controller with a summary of the results of a recent independent security assessment, certification or audit report (e.g. SOC 2, ISO 27001) conducted by a qualified third party, where available.

11. International Transfers

To the extent that personal data processed under this DPA is transferred outside the European Economic Area (EEA), GeoPin ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR:

  • EU Standard Contractual Clauses (SCCs) — are incorporated into GeoPin's agreements with sub-processors outside the EEA, pursuant to Commission Implementing Decision (EU) 2021/914.
  • Transfer impact assessments — GeoPin has conducted transfer impact assessments for transfers to sub-processors outside the EEA and has determined that the combination of SCCs and the technical measures described in Section 7 provide an adequate level of protection.
  • Data localisation — where technically feasible and offered by the sub-processor, GeoPin configures services to store and process data within the EEA.

12. Term & Termination

12.1 Duration

This DPA remains in effect for the duration of the Controller's subscription to the GeoPin service and shall survive termination to the extent necessary for GeoPin to fulfil its obligations hereunder, including data return or deletion.

12.2 Data Return and Deletion

Upon termination of the Controller's subscription or upon the Controller's written request:

  • GeoPin shall provide the Controller with an export of all personal data processed on behalf of the Controller, in a structured, commonly used and machine-readable format (JSON), within 30 days of the request.
  • After the data export has been confirmed or after 30 days (whichever comes first), GeoPin shall delete all personal data from its systems, except where retention is required by EU or Member State law (e.g. billing data retained for 7 years under Dutch tax law).
  • GeoPin shall provide written confirmation of deletion upon request.

12.3 Survival

Sections 7 (Security Measures), 9 (Breach Notification), 10 (Audit Rights) and 13 (Liability) shall survive termination of this DPA.

13. Liability

Each party's liability under this DPA is subject to the limitations set out in the Terms of Service, provided that:

  • Neither party shall exclude or limit its liability for a data breach caused by wilful misconduct or gross negligence.
  • GeoPin shall be liable for damage caused by processing that does not comply with the GDPR or this DPA, to the extent provided in Article 82 of the GDPR.
  • GeoPin shall be exempt from liability if it proves that it is not responsible for the event giving rise to the damage, in accordance with Article 82(3) of the GDPR.

14. Contact

For questions about this Data Processing Agreement, to request an individually executed DPA, or to exercise rights under this agreement, please contact:

GeoPin — Data Protection

The Netherlands

Email: info@geopin.nl