Privacy & Data Flow
GeoEdge AI is a network-dependent thin client. This page lists every piece of information the plugin sends to GeoEdge Cloud, what is not sent by default, and the settings that control optional data sharing.
Last updated: 2026-05-22 · Plugin version: 1.0.10
What gets sent to the server (default behaviour)
When you ask the agent to do something, the plugin sends:
| Field | Why |
|---|---|
| Your chat message (verbatim) | The agent needs the request to plan. |
| Project CRS | Coordinate-aware planning. |
| Layer list — id, name, type (vector/raster/mesh), geometry type, CRS, field names + types, feature count, geometry bbox, layer source path | Lets the agent pick the right layer and tool; source path is required for geoprocessing code generation. |
| Active layer id | Disambiguates “this layer.” |
| Viewport bbox | Spatial context for “what’s on screen.” |
| Conversation history (prior chat turns this session) | Lets the agent resolve replies to its own clarification questions. |
Plus, on every authenticated request:
| Field | Why |
|---|---|
| JWT access token | Authenticates you. |
| Plugin protocol version | Negotiates compatible server behaviour. |
| Plugin integrity hash | Confirms the installed plugin matches a published release. |
What is NOT sent (default behaviour)
By default, the plugin does not send:
- Full feature geometries.
- Attribute values from layers.
- Project file (
.qgs/.qgz) contents.
Settings toggles
In Plugins → GeoEdge AI → Settings → Privacy:
| Toggle | Default | When enabled |
|---|---|---|
| Send file paths in layer metadata | On | Layer source paths are included by default — required for geoprocessing operations (buffer, reproject, etc.). Disable to strip them from the payload. |
| Anonymous usage telemetry | Off | Sends event names, timing, and error classes — never query content. (Planned; toggle is wired but no telemetry is currently emitted.) |
| Crash reports | Off | Sends Python tracebacks with PII redaction. (Planned; toggle is wired but no reports are currently emitted.) |
All toggles persist across plugin upgrades.
Server-side retention
- Chat messages and project metadata: retained for the duration of a conversation session, then expired after 30 days for debugging and quality.
- Email verification tokens: 24-hour expiry, single-use.
- Refresh tokens: 30-day expiry, rotated on every use; revoked immediately on sign-out.
- Telemetry events (when opted in): retained 90 days.
- Crash reports (when opted in): retained 180 days.
Google User Data
GeoEdge AI offers “Sign in with Google” as an optional authentication method. When you choose this option, we receive the following data from Google:
| Data | Purpose |
|---|---|
| Email address | Used as your account identifier and for transactional emails (receipts, verification). |
| Display name | Shown in your profile within the plugin and in Stripe billing records. |
| Google account ID (sub) | Used internally to link your Google identity to your GeoEdge account, so sign-ins are matched correctly even if your email changes. |
We do not access Google Drive, Gmail, Google Calendar, or any other Google product data. No Google Refresh Token is requested or stored.
This data is used solely to create and authenticate your GeoEdge AI account. It is not used for advertising, profiling, or AI model training, and is not shared with third parties except as described in the “Third-party services” section below. You can request deletion of your account and associated Google data at any time by emailing support@geoedge.com.au.
Third-party services we use
- Resend — sends transactional emails (verification, password reset) from
support@geoedge.com.au. - Railway — hosts the backend API and this site.
- Anthropic Claude API — powers the agent. Your chat messages and layer metadata are forwarded to Claude as part of each request. Anthropic does not use this data to train their models.
- Stripe — handles billing for paid plans (no card data touches our servers).
Questions or data requests
Email support@geoedge.com.au for privacy-specific questions, data-deletion requests, or data-export requests.