FAQ

Location data that GeoComply collects is depersonalized and used to verify for security and fraud risk prevention. Geolocation is a non-biased data point; our processes can tell us a lot about fraud risk based on where the user is transacting from and their geolocation history. This and our retention practices ensure equity, fair treatment, and respect for the privacy of those who interact with our services.

No, GeoComply does not sell personal information that it may receive from customers to any other third party. We recognize that our customers trust us to use their data respectfully and consistently within the context of which it was provided.

GeoComply may have access to certain personal data from customers’ end users, according to written agreements between GeoComply and its customers, and in reliance on full consent from the end users, and always only permitted by applicable law. These activities are explained to end users by our customers in their service agreements and privacy policies, in order to obtain their informed consent.

We use aggregate and de-personalized data of our customers and our customers’ end users in different ways. We use it to improve our products and services, for example to understand how many verification requests are being conducted within a time-period to understand whether we need to allocate more memory, processor power, or optimize database queries; and to assist our customers with understanding how their users are making use of their services such as averaging the activity on a time-of-day basis so they may understand trends.

GeoComply also aggregates data in its possession and it may share certain elements of such aggregated and de-personalized data to other organizations to provide market-based insights into the industries that we operate in (such as general online gaming activity). When doing so, we never disclose individual identities, individual travel or betting patterns, or information about specific customers and their users.

Our products and services are not designed to track the general movements or record the website habits of people on the internet. We do not collect or create profiles of individuals surrounding their likes, dislikes, websites visited, purchases made, etc. of our customers’ end users. Our customers determine where they place our technology and how it’s being used to meet their regulatory obligations and business requirements.

When our geolocation products and services are used, we obtain and verify the physical location of where users are for our customers, who decide whether access to a website, or an activity of an app (such as a wagering app) should be permitted. When we perform this activity, we don’t receive email addresses, names or other directly identifiable information – since we don’t want or need it for this purpose.

The European General Data Protection Regulation (GDPR) defines responsibilities for how GeoComply and its customers manage the personal information from European residents. We assist our customers with the ability to facilitate rights of their EU end-users (such as the right of access and deletion), as well as properly securing the personal information in our possession as required by the regulation.  To provide further assurances that personal information is adequately protected, our security program is audited annually through an independent SOC2 auditor.

GeoComply follows the CCPA and respects the privacy rights of California consumers. As “Service Providers” under the regulation, our customers determine why they require our products and services. Your right to know, right to delete, and right to opt-out will be exercised through one our customers who a user has a direct relationship with. Our clients have the responsibility under CCPA to let GeoComply know when a rights request is raised. As a Service Provider, we act on personal data on the instructions of our customers and do not share/sell it for other purposes for profit or other consideration.

In risk-sensitive industries, such as finance and online gambling, compliance with the laws of many different operating territories can be challenging. A key step to ensuring the rights and compliance considerations for clients and their end-users is understanding where devices are located. Whether the geolocation data is used for sanctions compliance, online gambling jurisdictional considerations, or to determine the rights of a web or service user, GeoComply’s technology leverages this geolocation data to help maintain the greatest assurance against fraud.

Unfortunately many individuals are altering their devices to alter their location to circumvent state or country laws and regulations, such as New Jersey Chapter 690 that requires online wagering to occur within specific areas of the state. GeoComply’s technology can be used to analyse multiple data points on a device to determine whether its location can be trusted.

By integrating our software development kits, our customers are able to provide GeoComply with their location, as well as other forms of personal data when they need to authenticate and validate their user activity is valid. Many do so out of a regulated requirement such as ensuring that wagering is done within applicable state/provincial borders; confirming identity when cashing out funds from an account; or when verifying that an user is who they say they are based on the activities being performed. Our customers authorize GeoComply to act on their behalf to analyze this data and assist with the prevention of  fraudulent behavior. We obligate our customers, through our contracts, to notify and obtain consent wherever required by law.

Our customers determine the purposes for which GeoComply processes personal and confidential information on their behalf. You will need to contact the organization where you have created an account to understand what and how your personal data is being used.

Where GeoComply and its customers are required to have a license to operate, such as in regulated sports betting and iGaming markets, there is a legal obligation to cooperate with government regulators and law enforcement agency requests. GeoComply responds to and complies with these requests in a manner that is consistent with applicable laws and regulations as well as with contractual obligations to our customers. Such requests may come from the agencies responsible for overseeing the regulated sports betting and iGaming markets.

This information may be used by these agencies to prevent or detect fraudulent or illegal activity such as money laundering, fraud, bonus abuse or other illicit activity in order to ensure the integrity of legal and regulated sports betting and iGaming. There may be other instances in which law enforcement agencies submit a legal order to GeoComply, such as subpoenas, judicial orders, and search warrants. GeoComply responds to and complies with these in a manner that is consistent with applicable laws and regulations as well as with its contractual obligations to our customers.

Our customers determine the specific purpose for using our services. Any questions you have surrounding how to exercise your data rights such as access, deletion, or correction, will need to be directed under regulations such as the GDPR, CCPA and others. We cannot act upon these requests without their instructions to do so.

If GeoComply has collected your personal data outside the use required by our customers, such as for marketing purposes please complete the form below and we’ll work with you to complete your request where we are able to do so.

If you have provided your personal information through our customers’ apps or websites, you should direct your question to them. If you have general questions about what we do and how we protect personal information, please contact us at privacy@geocomply.com.

Please visit GeoComply’s Security Portal to request a copy.

To report a vulnerability, please fill our Vulnerability Disclosure form.