geexport ("the Service") is a non-commercial academic tool built as part of an EPFL Bachelor project. It connects to your Google Earth Engine account, lets you configure satellite imagery exports, and writes the resulting GeoTIFF files directly to your Google Drive. This policy explains exactly what data we access, why, and how it is handled.
Who we are
The data controller is Hugo Gebel, EPFL STREEM Lab, École Polytechnique Fédérale de Lausanne, Switzerland. For any privacy request, contact hugogebel@gmail.com.
Data we access
When you sign in with Google, you grant the Service the following scopes:
- Profile & email — your name, email address and Google account identifier, used to create your account and your session.
- Earth Engine
(
auth/earthengine) — to run image computations on your behalf against Google Earth Engine and produce the GeoTIFF for each requested reach and year. - Cloud Platform
(
auth/cloud-platform) — to use the Google Cloud project you select in Settings (Earth Engine requires a project for compute) and to list the projects you can access so you can pick one. The Service does not create, delete or modify your Cloud resources. - Drive (per-file)
(
auth/drive.file) — to create one export folder and upload the resulting GeoTIFF files into it. This is a per-file scope: the Service can only access the files and the folder it creates here, and never reads or modifies any other content in your Drive.
How we use your data
- Authenticate you and keep you signed in (session cookie).
- Store the Google Cloud project ID you choose, so exports can run.
- Securely hold OAuth access and refresh tokens so export jobs can run and resume without forcing you to re-authorise on every action.
- Track the status of your export jobs so you can monitor them live.
We do not use your data for advertising, profiling, to train machine-learning or AI models, or any purpose unrelated to running your exports. We do not sell your data.
Google API Services Limited Use disclosure
The Service's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: data obtained through Google APIs is used only to provide and improve the export features visible to you, is never transferred to third parties except as needed to provide those features or as required by law, is never used for advertising, and is never read by humans except with your consent, for security, or to comply with the law.
How we share and disclose your data
We share Google user data only with the infrastructure providers (sub-processors) strictly required to operate the Service, and only to the extent each one needs to perform its function:
- Vercel (application hosting) — serves the application and runs the serverless functions that orchestrate your exports. Your OAuth tokens transit through these functions, in encrypted form, so jobs can call Google APIs on your behalf.
- Supabase / PostgreSQL (EU region) — stores your account, session, the Google Cloud project ID you choose, export-job metadata, and your encrypted OAuth access and refresh tokens.
- Google Cloud & Earth Engine — run the image computations and write the resulting GeoTIFF files. The exported files are written to your own Google Drive, never to ours.
We do not sell, rent, or trade your Google user data, and we never share it for advertising or profiling. Beyond the sub-processors listed above, the only circumstances in which we disclose your data are when you explicitly ask us to, or when we are legally required to do so through a valid legal process. The satellite imagery and GeoTIFF outputs produced through Earth Engine stay in your own Google account; the Service does not keep its own copy.
How we protect your data
We apply technical and organisational safeguards proportionate to the sensitivity of the data, with particular care for your OAuth tokens:
- Encryption in transit — all traffic between you, the Service, and Google APIs is protected with HTTPS/TLS.
- Encryption at rest — your OAuth access and refresh tokens are encrypted before being written to the database and are never stored in plain text.
- Server-side only — tokens and your Cloud project ID are used exclusively by server-side functions and are never exposed to the browser or to client-side code. Export workers obtain a short-lived access token through an internal, authenticated endpoint protected by a shared secret.
- Access control — database access is restricted by row-level security, so each account can reach only its own records, and internal APIs are guarded by API keys.
- Least privilege — we request the narrowest scopes that let
the Service work (for example the per-file
drive.filescope rather than full Drive access), so the Service can only touch the folder and files it creates.
Retention and deletion
Account and token data are kept only while your account is active. You can revoke the Service's access at any time from your Google account permissions; doing so invalidates the stored tokens. To have your account and associated metadata deleted, email hugogebel@gmail.com and we will delete it within 30 days.
Your rights
Under the Swiss FADP and the EU GDPR you may request access to, correction of, or deletion of your personal data, and object to its processing. Contact hugogebel@gmail.com to exercise these rights.
Changes
This policy may be updated as the project evolves. The "last updated" date above reflects the current version.