Privacy Policy

Last updated: March 5, 2026

1. Data Controller

Geoktimonas ("we", "us", "our") operates the website geoktimonas.com. For any data protection enquiries, contact us at contact@geoktimonas.com.

2. Legal Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal bases:

• Consent (Art. 6(1)(a)): When you sign in with Google, you consent to the collection of your profile information. You may withdraw consent at any time by deleting your account.
• Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service — saving parcels, managing lists, and posting sale listings.
• Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention, and service improvement.

3. Personal Data We Collect

We collect and process the following categories of personal data:

• Identity data: Full name, email address, and profile picture (from Google Sign-In).
• Contact data: Phone number, if you provide it when creating a sale listing.
• Usage data: Saved parcels, lists you create or are shared with, and sale listings you post.
• Uploaded content: Parcel certificate images and photos you upload for sale listings.
• Technical data: Browser local storage tokens for authentication session management. We do not collect IP addresses, device fingerprints, or use analytics trackers.

4. How We Use Your Data

• Authentication: To verify your identity and provide access to personalised features.
• Sale Listings: Your name, profile picture, and contact information (phone number) are displayed publicly on sale listings you create.
• Shared Lists: Your name and email may be visible to users you share lists with, or who share lists with you.
• Admin Review: Sale listings are reviewed by an administrator before publication. The administrator can see your listing data and email address.
• Transactional Emails: We send emails via Resend for account registration, listing submission confirmations, and listing approval/rejection notifications.

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share data only with the following:

• Cloudflare, Inc. — Infrastructure provider (hosting, database, object storage). Cloudflare processes data as a data processor under their Privacy Policy and is compliant with EU-US Data Privacy Framework.
• Google LLC — Authentication provider (Google Sign-In). Google's Privacy Policy applies to the sign-in process.
• Resend, Inc. — Transactional email delivery. Your email address is shared with Resend solely for sending service-related emails. See Resend's Privacy Policy.
• Cyprus Department of Lands and Surveys (DLS) — Parcel data is queried from the DLS public API. No personal data is sent to DLS.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically to Cloudflare, Google, and Resend servers. These providers participate in the EU-US Data Privacy Framework and implement appropriate safeguards (Standard Contractual Clauses) as required under GDPR Chapter V.

7. Data Retention

• Account data (name, email, profile picture): Retained for as long as your account is active.
• Saved parcels and lists: Retained until you delete them or request account deletion.
• Sale listings: Retained until you delete them, they are rejected by an admin, or you request account deletion. Publicly visible listing data (title, price, location, photos) may be cached by search engines.
• Uploaded images: Retained as long as the associated sale listing exists. Deleted when the listing is removed.

Upon account deletion, all personal data is permanently removed within 30 days.

8. Cookies & Local Storage

We do not use cookies. We use browser localStorage solely to store your authentication token for session persistence. No third-party tracking, advertising, or analytics scripts are used.

9. Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate personal data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to restriction (Art. 18): Request restriction of processing of your data.
• Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email contact@geoktimonas.com. We will respond within 30 days as required by GDPR.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted data transmission (HTTPS/TLS).
• Secure authentication via Google OAuth 2.0 with JWT token verification.
• Access controls restricting database and storage access to authorised services only.
• Regular review of data processing practices.

11. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

12. Supervisory Authority

If you are in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. For Cyprus, this is the Commissioner for Personal Data Protection (dataprotection.gov.cy).

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through a notice on the Service. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact

For any privacy-related questions, data requests, or complaints:

Email: contact@geoktimonas.com