Privacy Policy

Last updated: April 2026

What data we collect

When you use the geeViz Agent, we collect and process the following:

• Your messages — sent to Google Gemini (via the Gemini API) to generate responses. Messages are not retained by Google beyond the API request lifecycle per the Gemini API Terms. Your messages are also screened by Google Cloud Model Armor for content safety before reaching the language model.
• Your Google identity — email address from Google Sign-In, used solely for access control via Identity-Aware Proxy (IAP). We do not share, sell, or use your email for marketing.
• Session data — chat history (messages, tool calls, tool responses), generated maps, charts, thumbnails, and reports are stored in a database and storage bucket associated with the service. Sessions can be deleted by the user at any time.
• Custom scripts — if you save a script, the code, parameter definitions, and your current parameter values are stored in a SQLite database on the server. Scripts are associated with your user ID and can be deleted at any time.
• AI-generated code — the agent writes and executes Python code on your behalf. This code runs in a sandboxed environment and the execution output (stdout, stderr, generated files) is stored as part of your session. All AI-generated analyses, maps, and reports may contain errors or misrepresent conditions and should be independently verified before use in decision-making.
• Earth Engine queries — geospatial computations are executed via Google Earth Engine using a shared service account. Your queries are subject to the Earth Engine Terms of Service.
• Theme preference — your light/dark theme choice is stored in your browser's localStorage. This is not sent to the server.

What data we do NOT collect

• We do not use cookies for tracking or advertising.
• We do not collect analytics or telemetry beyond standard Cloud Run request logs.
• We do not access your Google Drive, Gmail, or any other personal Google services.
• We do not store your messages beyond the session — deleting a session removes all associated data.

Shared sessions

You can share a session via a link. When you share a session:

• The recipient can view your full chat history and all generated artifacts (maps, charts, thumbnails) for that session.
• The recipient can clone (copy) the session into their own account to continue the conversation independently.
• Sharing does not grant the recipient access to your other sessions, scripts, or account settings.
• You can delete a shared session at any time, which removes it for all viewers.

Content screening

All user messages and model responses are screened through multiple safety layers:

• Local filters — regex-based detection of prompt injection, code injection, data exfiltration attempts, and social engineering.
• Google Cloud Model Armor — cloud-based content safety screening (when configured) for hate speech, dangerous content, and prompt manipulation.
• Sandbox enforcement — all executed code runs in a restricted environment that blocks filesystem access, network calls, and system operations.

Content that triggers these filters is blocked and not forwarded to the language model or executed.

Data retention

• Sessions — retained until you delete them. Deleting a session removes all messages, tool calls, and associated artifact files.
• Scripts — retained until you delete them. Script code, parameters, and saved parameter values are removed on deletion.
• Server logs — standard Cloud Run request logs are retained per Google Cloud's default retention policy.

Third-party services

The geeViz Agent integrates with the following third-party services, each with their own privacy terms:

• Google Gemini API — language model processing
• Google Earth Engine — geospatial data and computation
• Google Cloud Platform — hosting, storage, and Model Armor
• Google Maps Platform — Street View and Places API (when used)

Contact

For questions about this privacy policy, contact the developer at the email listed on geeviz.org.