Privacy Policy

Account information you give us. When you request API access, sign up for crime alerts, or contact us, we collect: name, business name, email address, phone number (optional), business address (optional), and the information you put in your message.

Payment information. Subscription payments are processed by our payment processor (Stripe). SpotCrime does not store full card numbers or bank credentials. We retain only the last four digits, brand, expiration, and a Stripe customer reference for billing and support.

API usage information. When your Third Party Application calls the SpotCrime API we log: the API key used, the request method and endpoint, request parameters (including coordinates / radius / date range), source IP address, response code, response time, and timestamp. These logs are required to enforce the SpotCrime API License Agreement, prevent abuse, bill your account, and support you.

Website analytics. The SpotCrime.io website uses Google Analytics 4 (via Google Tag Manager, container GTM-WN4J6RTM) to record aggregated, pseudonymized visitor behavior: page views, referrer, approximate location (city-level), device type, and on-page interactions. IP addresses are anonymized by GA4 before storage.

Cookies and similar technologies. We use first-party cookies set by Google Tag Manager / GA4 for analytics, and Vercel may set cookies for site routing and abuse prevention. We do not use cookies for cross-site behavioral advertising. You can block analytics cookies via your browser settings or a tracker-blocker extension; the site remains functional.

What we don’t collect. We do not collect Social Security numbers, government IDs, biometric identifiers, precise device-level geolocation, health information, or the contents of any data your Third Party Application stores about its own end Users.

• Provide, operate, and improve the API and SpotCrime.io.
• Enforce the SpotCrime API License Agreement, including rate-limit and quota enforcement.
• Bill, collect payment, and process subscription renewals.
• Investigate and prevent abuse, fraud, security incidents, and violations of our terms.
• Respond to your support requests and account inquiries.
• Send service-related communications (billing receipts, security notices, material policy changes). We may also send occasional product updates to active customers; you can opt out at any time.
• Comply with legal obligations and respond to valid legal process.

We do not sell or rent your personal information. We do not use your API usage data, contact information, or analytics data for cross-context behavioral advertising.

We share limited information with the following service providers, only as necessary to operate the service:

• Hosting and infrastructure. Vercel Inc. (site and API hosting).
• Payments. Stripe, Inc. (subscription billing and tax handling).
• Email delivery. Resend Inc. (transactional and customer email).
• Analytics. Google LLC (GA4 via Google Tag Manager).
• Crime data sources. Public law-enforcement feeds, public news sources, and public-records data, used for the SpotCrime Data and Content that the API returns. We do not share your account information with these data sources.

We may disclose information when we believe in good faith that disclosure is required by law (subpoena, court order, valid law-enforcement request), necessary to enforce our agreements, or necessary to protect rights, property, or safety. We may also disclose information in connection with a merger, acquisition, financing, or sale of business assets, in which case we will require the receiving party to honor this Privacy Policy.

• Account records: retained while your account is active and for up to seven (7) years after closure, for tax and dispute-resolution purposes.
• API request logs: retained for at least ninety (90) days as required by the SpotCrime API License Agreement, and up to thirteen (13) months for security and audit.
• Website analytics: retained according to Google Analytics 4 defaults (14 months at the event level, longer for aggregated reports).
• Email correspondence: retained for up to three (3) years.

We delete or anonymize information sooner if it is no longer needed for the purposes for which it was collected.

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS), encryption of sensitive credentials at rest, principle-of-least-privilege access controls for SpotCrime personnel, and routine review of vendor security posture. No method of transmission or storage is perfectly secure. If we become aware of a security incident materially affecting your data, we will notify you in compliance with applicable law.

Depending on where you reside, you may have the right to:

• Know what personal information we hold about you and how it is used.
• Request a copy of your information in a portable format.
• Request correction of inaccurate information.
• Request deletion of your information (subject to legal retention obligations).
• Opt out of certain uses of your information.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local supervisory authority (EU/UK residents).

To exercise any of these rights, email Feedback@spotcrime.com with the subject “Privacy Rights Request.” We will verify your identity before responding and will respond within the timeframe required by applicable law. We will not discriminate against you for exercising a privacy right.

Do Not Sell or Share (California). SpotCrime does not sell personal information and does not share personal information for cross-context behavioral advertising. No opt-out is required because the underlying activity does not occur.

The SpotCrime.io website and the SpotCrime API are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, contact us and we will delete it.

SpotCrime is based in the United States. If you access the API or website from outside the U.S., your information will be transferred to and processed in the U.S., where data-protection laws may differ from those in your jurisdiction. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards including the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable.

The SpotCrime.io website may link to third-party websites or services that we do not operate. This Privacy Policy does not apply to those third parties. Customers who build Third Party Applications using the SpotCrime API are responsible for their own privacy practices with respect to their end Users, as described in the SpotCrime API License Agreement.

We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date above and, where appropriate, notify you by email or through a notice on the website. Continued use of the API or website after the Effective Date constitutes acceptance of the updated Privacy Policy.

Privacy questions or requests should be sent to: