This policy describes how we collect, use, and share information when you use Locara AI to identify the location of photos using geolocation, reverse geocoding, and AI image recognition. If you are reading this on behalf of an organization, "you" means that organization and its end users. Capitalized terms not defined here have the meanings given in our Terms of Use.
Who we are
Information we collect
We collect the following categories of information when you use the Service:
1) Images & related metadata
- User submitted photos you upload or capture within the app.
- EXIF and other embedded metadata (e.g., GPS coordinates, device make/model, timestamp, orientation). Where possible, you can choose to strip metadata before upload.
- Derived artifacts we generate such as photo hashes, cropped thumbnails, scene descriptors, feature vectors, and inferred places/POIs.
2) Location data
- Precise location (GPS/Wi-Fi/IP based) if you grant permission to improve reverse geocoding, disambiguate scenes, or tag results.
- Approximate location inferred from IP when precise location is not available.
You can disable precise location in your device/browser settings; the core image recognition still works, though accuracy may decline.
3) App, device, and usage data
- Log data (IP address, device identifiers, browser type, pages viewed, referrer/UTM, timestamps).
- App telemetry (crash reports, performance metrics) and cookie/SDK data for authentication, security, and analytics.
4) Account & support information
- Account profile (name, email, auth provider IDs) and subscription/billing details (handled by PCI compliant processors).
- Communications with us (support tickets, feedback, survey responses).
How we use information (purposes & legal bases)
We process information to:
- Provide and improve the Service, including recognizing scenes/POIs, reverse geocoding results, deduplication, and search.
- Authenticate and secure accounts, prevent fraud/abuse, and ensure platform integrity.
- Measure performance and fix bugs (analytics, crash logs).
- Communicate with you about changes, support, and marketing (with consent where required).
- Comply with law, enforce Terms, and protect rights.
AI & model usage
- We use AI image recognition to generate scene descriptors and place/POI candidates.
- Model training: By default, we do not use your photos or personal data to train our internal or third party foundation models unless you opt in. Enterprise/workspace admins may configure stricter settings.
- Third party processors: We may send images or descriptors to vendors (e.g., cloud vision APIs, geocoding/places APIs) solely to perform the requested analysis under strict data processing terms.
Data retention
- Photos and derived artifacts: Photos are not retained after the close of your session. Derived artifacts such as limited logs are retained for security or legal compliance.
- Account data: Retained as needed for legal/accounting obligations - up to 7 years for billing records.
We may retain non-identifiable aggregates (e.g., model accuracy metrics, generic POI counts) that cannot reasonably be linked back to you.
Sharing and disclosure
We do not sell your pictures or any information about your travels, pictures, or personal information. We share information only with:
- Service providers/processors (cloud hosting, CDN (content delivery networks), logging, analytics, geocoding/places, AI inference, email, payments) under DPAs (data processing agreements) and confidentiality.
- Enterprise/workspace owners (if you use a managed account) according to admin controls and your organization's policies.
- Legal and safety disclosures if required by law, to protect rights, or to investigate abuse.
International transfers
We store and process data in the United States and other regions. Where data moves outside your region, we use an appropriate transfer mechanism (e.g., EU Standard Contractual Clause under GDPR [General Data Protection Regulations], UK IDTA/Addendum [UK International Data Transfer Agreement], and adequacy decisions) and implement supplementary safeguards.
Children's privacy
The Service is not intended for children under 13 (or older where local law requires). We do not knowingly collect personal information from children. If you believe a child provided personal data, contact us to delete it.
Security
We use administrative, technical, and physical safeguards including encryption in transit and at rest, access controls, network isolation, and regular security testing. No system is 100% secure; please use strong passwords and enable multi-factor authentication.
Cookies & similar technologies
We use cookies/SDKs for authentication, preference storage, analytics, and security. See our Cookie Notice for details and controls, including opt-out choices where required by law.
Third party services we rely on (illustrative)
- Cloud hosting/CDN (content delivery network): AWS CloudFront
- Geocoding/Maps/Places: OpenStreetMap Nominatim
- AI image recognition: ChatGPT 5.0
- Analytics/Crash reporting: Plausible, PostHog, Sentry
- Email: AWS SES
We require vendors to use your information only to provide services to us and to protect it appropriately.
Your content visibility
Private by default: Uploaded photos and results are private to your account/workspace.
Data Subject Requests (DSRs)
Submit privacy requests in app or by email at privacy.locara@cognizantcloud.com. We will verify your identity and respond within required timeframes.
Changes to this policy
We may update this policy from time to time. Material changes will be announced via email or in-app notice. Your continued use after the effective date means you accept the updated policy.