// PRIVACY
Privacy & Data Flow
GeoEdge AI is a network-dependent thin client. This page lists every piece of information the plugin sends to GeoEdge Cloud, what is not sent by default, and the settings that control optional data sharing.
Last updated: 2026-05-18 · Plugin version: 1.0.7
What gets sent to the server (default behaviour)
When you ask the agent to do something, the plugin sends:
| Field | Why |
|---|---|
| Your chat message (verbatim) | The agent needs the request to plan. |
| Project CRS | Coordinate-aware planning. |
| Layer list — id, name, type (vector/raster/mesh), geometry type, CRS, field names + types, feature count, geometry bbox, layer source path | Lets the agent pick the right layer and tool; source path is required for geoprocessing code generation. |
| Active layer id | Disambiguates “this layer.” |
| Viewport bbox | Spatial context for “what’s on screen.” |
| Conversation history (prior chat turns this session) | Lets the agent resolve replies to its own clarification questions. |
Plus, on every authenticated request:
| Field | Why |
|---|---|
| JWT access token | Authenticates you. |
| Plugin protocol version | Negotiates compatible server behaviour. |
| Plugin integrity hash | Confirms the installed plugin matches a published release. |
What is NOT sent (default behaviour)
By default, the plugin does not send:
- Full feature geometries.
- Attribute values from layers.
- Project file (
.qgs/.qgz) contents.
Settings toggles
In Plugins → GeoEdge AI → Settings → Privacy:
| Toggle | Default | When enabled |
|---|---|---|
| Send file paths in layer metadata | On | Layer source paths are included by default — required for geoprocessing operations (buffer, reproject, etc.). Disable to strip them from the payload. |
| Anonymous usage telemetry | Off | Sends event names, timing, and error classes — never query content. (Planned; toggle is wired but no telemetry is currently emitted.) |
| Crash reports | Off | Sends Python tracebacks with PII redaction. (Planned; toggle is wired but no reports are currently emitted.) |
All toggles persist across plugin upgrades.
Server-side retention
- Chat messages and project metadata: retained for the duration of a conversation session, then expired after 30 days for debugging and quality.
- Email verification tokens: 24-hour expiry, single-use.
- Refresh tokens: 30-day expiry, rotated on every use; revoked immediately on sign-out.
- Telemetry events (when opted in): retained 90 days.
- Crash reports (when opted in): retained 180 days.
Network endpoints
The plugin connects to:
- https://publicapi.geoedge.com.au/v1/auth/* — login, token refresh, verify, password reset, OAuth.
- https://publicapi.geoedge.com.au/v1/agent/stream — agent SSE channel.
- https://publicapi.geoedge.com.au/v1/agent/cancel — cancel a turn.
- https://publicapi.geoedge.com.au/v1/agent/capabilities — protocol negotiation.
- https://publicapi.geoedge.com.au/v1/usage — token balance display.
- https://publicapi.geoedge.com.au/v1/plans — plan info display.
No other domains are contacted by the plugin.
Third-party services we use
- Resend — sends transactional emails (verification, password reset) from
support@geoedge.com.au. - Railway — hosts the backend API and this site.
- Anthropic Claude API — powers the agent. Your chat messages and layer metadata are forwarded to Claude as part of each request. Anthropic does not use this data to train their models.
- Stripe — handles billing for paid plans (no card data touches our servers).
Questions or data requests
Email support@geoedge.com.au for privacy-specific questions, data-deletion requests, or data-export requests.