Privacy Policy

This Privacy Policy explains how Polyfence ("we", "us", or "our") collects, uses, and protects your data when you use the Polyfence platform at polyfence.io, our REST API, and related services (collectively, the "Service").

If you use our open-source SDKs (Flutter, React Native, native Kotlin/Swift, or embedded C), a separate SDK Privacy Policy covers the SDK's anonymous telemetry. You do not need a Polyfence account to use the SDKs.

Information we collect

Account information

When you create an account via GitHub OAuth, Google OAuth, or magic link email, we receive and store:

• Email address
• Display name and avatar (from your OAuth provider)
• Authentication provider identifier (e.g., GitHub user ID)

We only request the minimum OAuth scopes needed for authentication. We do not access your repositories, contacts, or other provider data.

Zone data

When you create geofence zones through the dashboard or API, we store:

• Zone geometry (circle center/radius or polygon coordinates)
• Zone metadata (name, tags, custom properties)
• Creation and modification timestamps

Zone data belongs to you. It is isolated to your account and never shared with other users or used for any purpose beyond providing the Service.

API keys

API keys are stored as SHA-256 hashes, not in plaintext. We cannot retrieve your key after creation — only you see the full key at the time it's generated. Keys are revocable at any time through the dashboard.

Data connector credentials

If you configure data connectors (ETL imports), the API keys and credentials you provide for external services are encrypted at rest using AES-256-GCM encryption. These credentials are only decrypted at sync time and are never logged or exposed in API responses.

Usage & log data

We collect operational data to monitor the health and security of the Service:

• API request logs (endpoint, method, status code, timestamp — no request bodies)
• Rate limiting metadata (request counts per time window)
• Feature usage (tier limit checks, feature access patterns)
• Error reports (stack traces, request context — sent to Sentry)

Cookies & local storage

We use essential cookies only — no marketing or tracking cookies:

• Authentication session — managed by Supabase Auth, required to keep you logged in
• Early Access notice — remembers that you dismissed it, so it stays hidden

We also keep a few interface preferences in your browser’s local storage — these stay on your device and are never sent to our servers:

• Theme — light or dark mode
• UI state — such as your map view, dismissed notices, onboarding progress, and the last Wi-Fi network used during device setup

How we use your data

We use your data exclusively to provide, secure, and improve the Service:

• Provide the Service — authenticate you, store and serve your zones, process API requests
• Billing — manage your subscription tier and process payments
• Security — rate limiting, CSRF protection, abuse detection, error monitoring
• Support — respond to your inquiries and debug issues
• Improve the Service — analyze aggregate usage patterns (never individual data) to guide product decisions

We do not sell your data, use it for advertising, profile you, or share it with data brokers. Ever.

Third-party services

The Service relies on the following third-party providers. Each receives only the minimum data needed for their function:

We do not use Google Analytics, Mixpanel, Amplitude, or any third-party analytics or advertising tools.

Data security

We take security seriously at every layer:

• Encryption in transit — all connections use TLS/HTTPS, enforced via HSTS headers
• Encryption at rest — database encrypted at rest; connector credentials use AES-256-GCM
• API key hashing — SHA-256 hashed with timing-safe comparison to prevent enumeration
• Security headers — CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy on all responses
• CSRF protection — Origin/Referer validation on all state-changing requests
• SSRF protection — DNS resolution validation at fetch time for data connectors
• Rate limiting — per-account rate limits based on your subscription tier to prevent abuse
• Tenant isolation — every database query is scoped to your account; no cross-tenant data access is possible

Data retention

We retain data only as long as needed:

• Account & zone data — retained while your account is active
• API logs — retained for operational monitoring and security purposes; anonymized at collection (IP addresses truncated, user-agents stripped to platform only)
• Error reports (Sentry) — retained for 90 days per Sentry's default policy
• Rate limit data — ephemeral, expires within seconds
• Revoked API keys — soft-deleted (hash retained for abuse prevention), never reactivated

When you delete your account, all your data — zones, API keys, logs, profile, and connector configurations — is permanently and irreversibly deleted via cascading deletion. There is no recovery. If we terminate your account for cause (e.g., Terms of Service violations), we may retain data as required by law or for legitimate security purposes before deletion.

Your rights

Regardless of where you're located, we provide the following rights to all users:

Access & export

You can export all your zone data at any time via the Export button on the Zones page (GeoJSON or CSV format). For a full data export covering your entire account, email hello@polyfence.io.

Correction

You can update your zone data and account details directly through the dashboard at any time.

Deletion

Go to Account → Profile → Delete Account to permanently remove all your data. This is immediate and irreversible. You can also request deletion by emailing hello@polyfence.io.

If you only want to purge stored device positions (without closing your account), visit Account → Privacy & Data and use the "Delete stored positions" action. This clears the last-known coordinates for every device in your account and is independent of the retention toggle.

Portability

Zone data can be exported in machine-readable GeoJSON or CSV format. For other data, contact us and we'll provide it within 30 days.

Objection & restriction

If you object to how we process your data, contact hello@polyfence.io. We'll respond within 30 days.

Legal basis for processing (GDPR)

If you're in the European Economic Area or UK, we process your data under the following legal bases:

• Contract performance (Article 6(1)(b)) — account data, zone storage, API access, and billing are necessary to provide the Service you signed up for
• Legitimate interest (Article 6(1)(f)) — security monitoring, rate limiting, error tracking, and aggregate usage analysis to maintain and improve the Service
• Legal obligation (Article 6(1)(c)) — retaining financial records as required by tax and accounting regulations

Classification of data fields under GDPR can vary by context and jurisdiction; consult qualified counsel if your use of the Service requires a formal data protection assessment.

California residents (CCPA)

If you're a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information and have never done so. Whether specific data fields qualify as personal information under CCPA can depend on context; consult counsel if your use case requires a formal determination.

To exercise your CCPA rights, email hello@polyfence.io or use the account deletion feature in the dashboard.

End-user location data

Mobile SDKs (on-device)

The Polyfence mobile SDKs (Flutter, React Native, native Kotlin/Swift) perform all geofencing on-device. GPS coordinates and geofence events are processed locally on your users' devices and are never transmitted to Polyfence servers.

Server-side evaluate API (IoT & embedded)

If you use the server-side evaluate endpoint (POST /api/v1/evaluate), your application sends device coordinates to Polyfence for zone evaluation. What happens to those coordinates depends on a single account-level setting:

What we collect by default

• Zone events — ENTER / EXIT / DWELL transitions. References to zones; never coordinates.
• Account & billing — your email, payment info, audit log.
• Anonymous mobile-SDK telemetry — aggregate accuracy averages, event frequencies, etc. NEVER coordinates, NEVER identifiers. Collected by default; one line of code disables it.

What we collect ONLY when you opt in

• Raw latitude / longitude positions — the retention feature for fleet, agriculture, asset, anywhere you need hosted history. Off by default; turn it on at Account → Privacy & Data. The setting is reflected in API responses via GET /v1/account/retention and on every GET /v1/devices/{deviceId} row. Even with retention on, we keep only the most recent point — never a track or route.

What we never collect

• Device identifiers beyond what you give us
• Position history without explicit opt-in — even with retention on, we keep only the most recent point, never a track or route
• PII from device names (unless firmware_visible_name is on, which is itself an opt-in)
• Anything from the polyfence-embedded C library — it doesn't phone home, by design

You are the data controller for any location data your application sends to the evaluate API. You are responsible for obtaining appropriate consent or legal basis from your end users before transmitting their coordinates to Polyfence. We process this data solely on your behalf to provide the geofencing Service.

Embedded SDK (on-device)

The Polyfence embedded C library runs entirely on your hardware (Raspberry Pi, ESP32, etc.). All geofencing is performed locally. No data is transmitted to Polyfence servers unless your application explicitly calls the server-side evaluate API.

Regardless of which integration path you use, you are responsible for your own privacy policy and compliance with applicable location data regulations.

Open-source SDK telemetry

Our open-source SDKs (Flutter, React Native, native Kotlin/Swift) collect anonymous performance telemetry (enabled by default, opt-out with one line of code). This telemetry contains no location data, no PII, and no user identifiers.

Categories of data collected:

• Session metadata: Duration, zone count, accuracy profile, update strategy, bridge platform, core engine version
• Activity patterns: Activity distribution (still/walking/driving), stationary ratio
• GPS performance: Average poll interval, interval distribution, accuracy, detection latency
• Zone interactions: Zone transitions, dwell durations, boundary events, false event count
• Battery impact: Battery level at start/end, charging status during session
• Device context: Device category (not specific model), OS major version

For the full field list, opt-out instructions, and data retention, see the Telemetry Reference on GitHub.

Children's privacy

The Service is designed for developers and businesses. We do not knowingly collect data from children under 13 (or the applicable age of consent in your jurisdiction). If you believe a minor has created an account, contact us and we'll delete it promptly.

Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. For material changes, we'll notify you by email. For minor updates, we'll update the "Last Updated" date at the top of this page.

Where the law requires stronger notice or consent for material changes, we will comply. Continued use of the Service after changes constitutes acceptance of the updated policy.