Oceanir
  • Pricing
SalesStart free
Blog/Announcements
Announcements

Why Privacy Matters in AI Geolocation Tools

What the privacy architecture should look like when journalists, GSOC teams, and investigators upload non-public source material.

Oceanir TeamMay 22, 2026 · 5 min

A journalist verifying a source-submitted image, a corporate security analyst reviewing a threat post, an investigator working a missing-persons lead. Each of them holds material that does not belong on a general-purpose AI service. The privacy architecture of the geolocation tool they use is part of whether they can use it at all.

Most AI image tools were not built with that user in mind. They store uploaded images indefinitely, train on customer data by default, and return a single answer with no chain of custody. That works for consumer curiosity. It does not work for the work that gets done at the analyst desk.

This is what we built into Oceanir from the start, and why.

Coordinate rounding: 100 meter floor on every stored result

Every coordinate Oceanir stores is rounded to 100 meter precision before it hits the database. That is enough resolution to identify a property, a block, or a building cluster. It is not enough to identify an individual unit, room, or window. The tradeoff is intentional. Storing meter-level precision on every analysis creates a permanent record that becomes a liability the moment it is breached. Storing the rounded result keeps the analytical value while shrinking the blast radius.

Encryption at rest: AES-256-GCM, per-user keys

Uploaded images and analysis results are encrypted with AES-256-GCM and per-user keys. A breach of one account does not cascade to others. The key model also means Oceanir itself cannot decrypt analysis output without the user's session. This is stricter than the standard "we encrypt at rest" claim that often means a single tenant-wide key.

Auto-cleanup: 30 days, no exceptions

Uploaded images and analysis results are deleted after 30 days. No tiered retention for paid plans, no "we keep your data for training" footnote. If an analyst needs to preserve a result, they export it. The system does not hold a permanent copy.

No bulk export, no scraping access

Oceanir does not offer a bulk download endpoint, a database dump, or an export of aggregated analyses across users. The API is per-image, rate-limited, and scoped to the calling user. This is a constraint we have chosen and will keep, even when customers request batch endpoints. The structural property of "no one can pull everyone's analyses" is the property that makes the system safe to use for non-public source material.

What we do not do

Oceanir does not provide face recognition, biometric identification, person matching, identity resolution, people-search, or behavioral profiling. The product verifies places, properties, vehicles, and scene context. It does not locate or track individuals. This is a product boundary, not a roadmap item.

If you are a journalist, a corporate security analyst, an investigator, or anyone who works with images that have a chain of custody, the privacy architecture is part of whether the tool is usable on the job. We built ours so it is.

Read the full privacy policy
01platform
  • Pricing
  • Geoestimation
  • How It Works
02resources
  • Blog
  • Documentation
  • Contact
03company
  • About Us
  • Security
04legal
  • Terms
  • Privacy
  • DPA
  • Product Boundaries
  • SaaS Agreement
  • Cookies

Notes from the verification desk. What we're learning about reading places from pixels. Occasional, no noise.

Try it on one image

Upload a photo. Watch it come back as a place.

Run a free analysis →Talk to us →
oceanir
© 2026 Oceanir, LLC. All rights reserved.
PrivacyTerms