In addition to the content below, this Privacy Policy also governs data collected via BigGeo's MCP server tool calls, including inputs passed to and outputs received from the MCP server. This disclosure is made pursuant to Anthropic's Software Directory Policy and OpenAI's ChatGPT App Directory submission guidelines. When BigGeo's MCP server is accessed via Claude, Anthropic may independently collect tool call parameters and responses as telemetry in accordance with Anthropic's own privacy policy and terms. Users should review Anthropic's privacy policy for details.
BigGeo Global Inc. and its affiliates and subsidiaries ("BigGeo," "we," "us," "our," and similar expressions) value your privacy and we want you to understand how we collect, use, share, and protect your personal information when you visit www.biggeo.com and any of its sub-domains (our "Website"), buy products through us, use our services, sign up for an Account with us, use our software platform including Datalab, Marketplace, and Datascape (the "Platform"), interact with BigGeo's Model Context Protocol (MCP) server and integrations, and otherwise interact with us (collectively, our "Products and Services"). By using our Website or any of our Products and Services, you are agreeing to the terms of this Privacy Policy.
This policy applies globally. BigGeo's MCP connector is available to users worldwide. Regional rights and obligations are addressed in Section 13 (EU/EEA — GDPR Compliance) and Section 14 (CCPA/CPRA — California Residents).
Privacy contact: privacy@biggeo.com
"Personal information" is generally any information about an identified or identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a natural person.
Categories of Personal Data Collected via MCP (CCPA §1798.100 / OpenAI requirement)
MCP tool call data falls into the following CCPA-defined categories: Geolocation Data (coordinates, place names, bounding boxes); Internet or Other Electronic Network Activity (tool invocation metadata: tool name, timestamp — anonymised); Identifiers (OAuth session identifiers — transient only, not retained).
No other CCPA categories are collected via MCP tool calls. BigGeo's geospatial tools require precise coordinates as functional inputs (not user-tracking data). These coordinates are analytical parameters — analogous to search terms — and are not used to track user location. The 'coarse geolocation' alternative is insufficient for geospatial analysis, which is the tool's sole purpose.
MCP tool input parameters are strictly task specific and do not accept open-ended intent or context fields that could expand data collection beyond the tool's stated geospatial function.
If BigGeo introduces MCP tools with write capabilities in the future, such tools will be annotated as write actions and will require user confirmation before execution, in accordance with platform guidelines.
When users interact with BigGeo's MCP server through an AI platform, the following categories of data may be collected, processed, or transiently handled as part of tool call execution:
| Data Type | Description | How Handled |
|---|---|---|
| Geospatial query inputs | Location coordinates, place names, geographic regions, bounding boxes, and spatial parameters submitted as MCP tool call inputs | Processed to execute the geospatial function; not retained beyond request execution |
| Boundary lookup parameters | Administrative or custom boundary identifiers (e.g. country, city, postal code, polygon references) | Processed to return boundary data; not retained beyond request execution |
| Brand and business name queries | Names of businesses, brands, or points of interest submitted as search parameters | Processed to return geospatial or business data; not retained beyond request execution |
| Foot traffic data parameters | Query parameters relating to foot traffic datasets, including location identifiers and date/time ranges | Processed to retrieve aggregated, non-identifiable foot traffic data; parameters not retained beyond request execution |
| OAuth identity tokens | Short-lived authentication tokens used to verify user identity and authorise MCP endpoint access | Temporarily cached server-side for minimum duration necessary, then securely discarded. See Section 2.3. |
| MCP tool invocation metadata | Tool names called, timestamp of invocation, and response metadata | Retained in anonymised/aggregated form for security monitoring. PII is redacted from all logs. Logs contain only anonymised correlation identifiers (tool name, timestamp) with all PII redacted. |
BigGeo's MCP tool calls do not collect sensitive or special category data as defined under GDPR Article 9 or CCPA. MCP tools are designed to accept geospatial and business query parameters only. If a user's natural language prompt incidentally contains sensitive information before it is passed to BigGeo's MCP server, BigGeo does not process, retain, or act on that information beyond executing the geospatial function requested.
BigGeo's core function is geospatial analysis. Location inputs (coordinates, place names, bounding boxes) are strictly necessary to execute the tool's stated geospatial function and are not retained beyond request execution. Location data is not used for tracking, profiling, advertising, or any purpose beyond returning the requested geospatial result.
BigGeo does not engage in surveillance, tracking, or behavioural profiling of MCP users. BigGeo does not use MCP tool call data for advertising, sponsored content, paid product placement, cross-context behavioural advertising, or any form of user profiling. Anonymised, PII-redacted MCP invocation metadata is used solely for security monitoring and abuse prevention.
BigGeo's MCP tool input schemas are designed to collect only the minimum parameters required for each geospatial function. Input fields are specific, narrowly scoped, and clearly linked to the task. BigGeo does not include broad profile data fields or "just in case" data collection in any MCP tool schema.
BigGeo's MCP tool responses contain only the geospatial or analytical results directly relevant to the user's request. Tool responses never include diagnostic data, telemetry, internal identifiers, session IDs, trace IDs, timestamps, or logging metadata.
Contact data and account profile data: We collect personal information you give us directly when you create an Account, activate a subscription or purchase our Products and Services, or upload data to the Platform. This includes your email address, first and last name, payment information, and your username and password. You may also provide optional information such as avatars, profile images, and links to social network profiles.
Data in contracts and other legal agreements: We may collect information directly from you for contractual or legal reasons, such as your jurisdiction selection when you sign up for Products and Services.
Identity verification information: We collect information to verify your identity, which may include your name, date of birth, and contact details.
Communications: We may collect personal information you include in your communications with us, including SMS messages, form submissions on the Website, in-platform communications, and other electronic messages.
Marketing preferences, surveys, and promotions: We collect information you include in your marketing preferences or that you provide as part of a survey, contest, or promotion.
Social and community content: We receive content you post on our social media pages and the public areas of our Website.
Payment processing information: If you make a purchase through us, we or any third-party payment processors will collect information about the purchase or transaction, including billing details, credit card information, and authentication information.
Information you upload: We collect personal information about you when you upload it to the Platform or otherwise give it to us when we provide our Products and Services to you.
We may receive personal information about you from third parties where you have provided consent or where we are permitted by applicable law. Sources include:
We, our service providers, and our business partners may automatically collect personal information about you, including usage of the Website and Platform (IP address, geographic location, browser type and settings, log data, device information, date and time of your visit, language preferences), usage information about your use of our Products and Services, communication interaction data, online behavioral data, and cookies and tracking technologies. More information on our use of cookies is available in our Cookie Policy at biggeo.com/legal/cookies.
Our Products and Services may ask you to input sensitive personal information in certain contexts, such as when you request financial products made available through collaborations with our business partners. Sensitive personal information will be identified at the time we request it.
MCP — Required disclosure: Anthropic Software Directory Policy and OpenAI ChatGPT App Directory both prohibit storage of authentication secrets in tool responses.
BigGeo uses OAuth 2.0 (with certificates from recognised authorities, as required by the Anthropic Software Directory Policy) to authenticate users accessing the MCP server. The following practices govern OAuth token handling:
We use information that we collect about you or that you provide to us, including any personal information, for the following purposes:
We may use machine learning algorithms and forms of automated decision-making to prevent risk and fraud, to personalise your experience, and to determine eligibility for certain services or features we offer on our Website and Products and Services. Some jurisdictions give individuals a right to have these automated decisions reviewed by a person. Please contact us at privacy@biggeo.com with any requests or information about our use of automated decision-making technologies. EU/EEA residents have specific rights with respect to automated decision-making under Article 22 of the GDPR. See Section 13.4(g) for details.
In addition to other scenarios discussed in this Privacy Policy, we may share your personal information in the following ways:
Data collected via BigGeo's MCP tool calls may be shared with the following categories of recipients: (1) Authentication provider — Stytch (user identifiers and session metadata for identity verification only; OAuth tokens are not shared); (2) Geocoding provider — Google Maps Platform (address strings and coordinate pairs for geocoding resolution; no account data or OAuth tokens shared); (3) Infrastructure and hosting providers — cloud hosting, database, and monitoring services acting as data processors under BigGeo's instruction; (4) Analytics providers — aggregated, anonymised platform analytics only; (5) Payments - Stripe. No MCP data is shared with advertisers, data brokers, or third parties for commercial purposes.
BigGeo shares personal data with the following third-party services in the course of providing its platform and MCP server. Each third party is bound by contractual obligations to protect the data shared with them.
Purpose: Stytch provides identity and authentication infrastructure for BigGeo's MCP server and platform.
Data shared: User identifiers, email addresses, and session metadata necessary to authenticate users and manage access.
Data not shared: OAuth identity tokens cached server-side are not passed to Stytch.
Stytch Privacy Policy: https://stytch.com/privacy
Purpose: Google Maps Geocoding API is used to resolve addresses, place names, and coordinates submitted as MCP tool call parameters into structured geospatial data.
Data shared: Address strings, place name queries, and coordinate pairs submitted in tool call inputs that require geocoding resolution. No user account information or OAuth tokens are shared.
Google Privacy Policy: https://policies.google.com/privacy
BigGeo may use third-party infrastructure and analytics providers (including cloud hosting, database, and monitoring services) to operate its platform. These providers act as data processors under BigGeo's instruction and are bound by appropriate data processing agreements. A current list of subprocessors is available upon request at privacy@biggeo.com.
Purpose: Stripe provides payment processing infrastructure for BigGeo's marketplace. When you make a purchase through BigGeo's marketplace, your payment is processed directly by Stripe.
Data shared: A payment token and customer identifier generated by Stripe are shared with BigGeo to confirm and record completed transactions. BigGeo does not receive, store, or process raw payment card details, banking information, or full billing information — these are submitted directly to and handled exclusively by Stripe.
Data not shared: Payment card numbers, CVV codes, and bank account details are never transmitted to or stored by BigGeo.
Stripe Privacy Policy: https://stripe.com/privacy
Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change, or delete your personal information. You can access, update, delete, or change your personal information directly in your Account or by contacting us at privacy@biggeo.com to request the required changes.
If we rely on consent for the collection, use, or disclosure of your personal information, you have the right to withdraw it at any time and free of charge.
Some jurisdictions' laws may give you the right to restrict or object to the processing of your personal information or to exercise a right to data portability. If such rights apply to you, you may exercise them by contacting us at privacy@biggeo.com.
If you no longer wish to receive marketing emails or other Electronic Messages from us, you can opt-out by following the unsubscribe link in the messages or by contacting us.
You may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. Canadian users may contact the Office of the Privacy Commissioner of Canada. California residents may contact the California Privacy Protection Agency. EU/EEA residents may lodge a complaint with the supervisory authority in their member state of residence. A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Users may exercise the following controls over data collected via BigGeo's MCP server: (a) Deletion of anonymised MCP metadata logs — Users may request deletion of MCP tool invocation metadata logs by contacting privacy@biggeo.com. Please note that where logs have been fully anonymised (containing only tool name and timestamp with all PII redacted), such data may not be attributable to any individual and deletion may not be technically feasible. BigGeo will notify the requester if this is the case. (b) Revocation of OAuth access — Users may revoke BigGeo's OAuth access at any time through the AI platform's integration settings. Revoking access will prevent further MCP tool calls until access is re-granted. (c) All other data subject rights described in this Section 7 apply equally to MCP-collected data.
You may be able to post or make public communications on certain areas of our Website or Products and Services, such as comments, discussion forums, and in-platform communication functions. These kinds of communications are made at your own risk.
We are based in Canada, but we may process, store, and transfer personal information in Canada or elsewhere. We may use third-party service providers such as managed hosting providers, credit card processors, CRM systems, and technology partners whose servers may be located outside of Canada.
MCP — Global Availability: BigGeo's MCP connector is available globally. Geographic restrictions are not enforced at the Anthropic Connectors Directory or OpenAI ChatGPT App Directory level. The OpenAI project used for BigGeo's ChatGPT App Directory submission does not have EU data residency.
EU/EEA Users: BigGeo collects and processes Personal Information from EU/EEA residents in compliance with the GDPR. Transfers of EU/EEA personal data from the EU/EEA to BigGeo in Canada are governed by Standard Contractual Clauses (Module 2: Controller to Processor) as approved by the European Commission. BigGeo has designated an EU Representative pursuant to Article 27 of the GDPR. See Section 13 for details.
Canadian users: BigGeo complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including Quebec Law 25 (Law 25 / Bill 64).
