Privacy Policy

1. Introduction

Welcome to Global Scenarios ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our interactive geospatial simulation platform at app.globalscenarios.io and www.globalscenarios.io (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you sign in using Google or GitHub OAuth, we collect your name, email address, and profile picture from your OAuth provider.
• Scenario Data: We store scenarios you create, including scenario parameters, names, descriptions, and settings.
• User Content: Any data you input, configure, or generate through the Service.
• Communications: If you contact us directly, we may receive additional information such as your message content and contact details.

2.2 Automatically Collected Information

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, time spent, and user actions.
• Device Information: We collect device type, operating system, browser type and version, IP address, and unique device identifiers.
• Location Data: We may collect approximate location based on IP address for analytics and service optimization.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to track activity and store certain information. See Section 6 for details.

2.3 Third-Party OAuth Data

When you authenticate using Google or GitHub:

• Google: We receive your Google account email, name, and profile picture. We do not access your Google Drive, Gmail, or other Google services.
• GitHub: We receive your GitHub username, email, and profile picture. We do not access your repositories or code.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• To create and manage your user account
• To provide, operate, and maintain the Service
• To save and retrieve your scenarios and settings
• To enable data exports (CSV, JSON, GeoJSON, PDF)
• To generate AI-powered explanations and insights

3.2 Service Improvement

• To understand how users interact with the Service
• To develop new features and functionality
• To analyze usage patterns and optimize performance
• To conduct research on scenario modeling and visualization

3.3 Communication

• To send you service-related announcements
• To respond to your inquiries and support requests
• To send you updates about new features (with your consent)
• To provide technical notices and policy updates

3.4 Security and Compliance

• To detect and prevent fraud, abuse, and security incidents
• To enforce our Terms of Service
• To comply with legal obligations
• To protect the rights and safety of our users and the public

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

4.1 With Your Consent

• Public Scenarios: If you mark a scenario as "public," it may be visible to other users via shared URLs.
• Social Sharing: When you use social media sharing features (Twitter, LinkedIn, Email), information is shared according to your actions.

4.2 Service Providers

We may share information with third-party service providers who perform services on our behalf:

• Cloud Hosting: Server infrastructure and database hosting
• Authentication: OAuth providers (Google, GitHub) for secure sign-in
• AI Services: Language model providers for generating explanations and insights
• Analytics: Usage analytics and performance monitoring services

These providers are contractually obligated to use your information only to provide services to us and to protect your information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Legal claims or investigations
• Protection of our rights, property, or safety
• Protection of users or the public

4.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

5. Data Storage and Security

5.1 Data Storage

• Location: Your data is stored on secure servers. We use MongoDB Atlas for database hosting with encryption at rest.
• Retention: We retain your information as long as your account is active or as needed to provide the Service. You may request deletion at any time.
• Backups: We maintain regular backups of data for disaster recovery purposes.

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your information:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for database storage
• Secure authentication using NextAuth.js and OAuth 2.0
• Regular security audits and updates
• Access controls and user authentication
• Monitoring for suspicious activity

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

6.1 What We Use

• Essential Cookies: Required for authentication, session management, and core functionality
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service
• Local Storage: Store your onboarding tour status and UI preferences

6.2 Your Choices

Most web browsers accept cookies by default. You can modify your browser settings to decline cookies, but this may prevent you from using some features of the Service. To manage cookies:

• Chrome: Settings → Privacy and security → Cookies
• Firefox: Settings → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information at any time by:

• Viewing your profile in the application
• Accessing your saved scenarios
• Contacting us to request information we hold about you

7.2 Data Portability

• Export Your Data: You can export your scenarios and simulation data in CSV, JSON, GeoJSON, or PDF formats at any time.
• Request Data Archive: Contact us to request a complete archive of your personal data.

7.3 Deletion

• Delete Scenarios: You can delete individual scenarios from your account.
• Delete Account: Contact us to request complete deletion of your account and associated data. Note: We may retain certain information as required by law or for legitimate business purposes.

7.4 Opt-Out

• Marketing Communications: Opt out of promotional emails by clicking "unsubscribe" in any marketing email.
• Analytics: Use browser settings or opt-out tools provided by analytics providers.

7.5 Do Not Track

We currently do not respond to Do Not Track (DNT) signals. We will continue to monitor industry standards and may implement DNT support in the future.

8. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country's laws. By using the Service, you consent to the transfer of your information to our facilities and service providers located worldwide.

10. Third-Party Links

Our Service may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. AI and Automated Processing

We use AI-powered language models to generate explanations, insights, and scenario descriptions. These AI features:

• Process your scenario parameters to generate contextual explanations
• Do not make automated decisions that significantly affect you
• Are designed to provide informational content, not predictions or advice
• May send your scenario data to third-party AI providers (with appropriate safeguards)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will notify you by:

• Posting a prominent notice on our website
• Sending an email to the address associated with your account
• Displaying an in-app notification

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment

To exercise these rights, contact us using the information in Section 15. We will verify your identity before processing requests.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of data processing and access to your data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to data processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights or file a complaint with a supervisory authority, contact us using the information in Section 15.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@globalscenarios.io
• Website: www.globalscenarios.io/contact
• Mailing Address: 1 York Street, Sydney, 2000, Australia

We will respond to your inquiry within 30 days of receipt.

---

Version: 1.0
Effective Date: December 27, 2025
Jurisdiction: This Privacy Policy is governed by the laws of Australia