LandedGo

Privacy Policy

Effective date: April 22, 2026

LandedGo does not sell your data. We do not serve ads. We do not share your information with advertisers. Ever.

Data controller

LandedGo is the data controller responsible for personal data processed through the LandedGo websites and applications, unless we tell you otherwise for a specific product or processor relationship.

Legal basis for processing (GDPR Article 6)

  • Contract / steps prior to a contract: processing needed to provide your account, subscriptions, and core features you request.
  • Legitimate interests: where we balance our interests against your rights — for example to maintain security, prevent abuse, measure reliability, and improve the service in ways you would reasonably expect.
  • Consent: where required — for example web push notifications and optional marketing communications when you opt in. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Data we collect

We may collect: account and authentication data you provide; profile and preferences you set in the app; usage and feature interactions; and neighborhood-level location context only where you allow it—never a continuous log of your precise coordinates or exact address.

We may also process community reports you submit, content you add to the intelligence or reports features, and payment-related information handled by our payment provider (we do not store full card numbers on our servers).

How we use it

We use your information to run LandedGo: personalised assistance (including where AI is involved), to maintain and improve the intelligence database, to send push notifications only when you have opted in, and to process subscriptions and entitlements. We do not use your data to sell third‑party advertising.

Storage and security

Primary application data is stored with Supabase in the Singapore region, with encryption at rest. Where a document or vault feature exists, files are encrypted on your device before upload where that feature is designed to do so—so we do not read your raw file contents in plain form.

International data transfers

Your data may be processed in Singapore (for example Supabase-hosted application data) and in the United States (for example OpenAI, Vercel hosting, and Stripe payment processing). Where the GDPR applies and we transfer personal data outside the UK/EEA/Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission (and UK Addendum where relevant), together with supplementary measures where appropriate.

Sharing

We do not sell your personal data and we do not run an advertising business based on your profile.

We use infrastructure and processors as needed to operate the product: e.g. Supabase for storage and auth, OpenAI for certain AI features (prompts are structured so we do not send more personal data than needed—typically city and task context, not a dump of your entire account), Stripe for payments, and Mapbox for anonymous map tile requests (not a feed of your identity tied to every pan and zoom).

Your rights (including GDPR)

If the GDPR (or similar law) applies to you, you have a defined set of rights. Submit requests through our contact page— we verify identity where needed and respond without undue delay.

  • Right to access

    Request a copy of the personal data we hold about you and how we use it.

  • Right to rectification

    Correct incomplete or inaccurate data we store about you.

  • Right to erasure

    Request deletion of your account and personal data, typically completed within 30 days of a verified request, subject to legal exceptions.

  • Right to data portability

    Receive your data in a structured, machine-readable format where technically feasible.

  • Right to object

    Object to processing based on our legitimate interests or for direct marketing (we do not run ad retargeting; this covers non-essential analytics or similar, where applicable).

  • Right to restrict processing

    Ask us to limit how we use your data in specific circumstances (e.g. while a dispute is resolved).

Supervisory authority

If you are in the EU or EEA, you have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal data infringes applicable law. We ask that you contact us first via the contact page so we can try to resolve your concern.

Data breach notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will assess it promptly, document it, and — where the GDPR requires — notify the relevant supervisory authority and inform affected individuals without undue delay, and in any case within 72 hours of becoming aware, where that timeline applies. We will describe the nature of the breach, likely consequences, and measures taken or proposed.

Cookies

We use cookies and similar technologies that are essential for sign‑in and session security. We do not use third‑party advertising or tracking cookies for remarketing.

Push notifications

Push notifications are opt‑in on supported platforms and can be turned off in your device or app settings at any time.

Retention

When you ask us to delete your personal data, we delete or de‑identify it within a reasonable period—typically within 30 days of a complete request, subject to legal or security exceptions (e.g. where we must retain a minimal record to prove consent or a transaction).

Children

LandedGo is not intended for children under 18. If you believe we have collected data from a child, contact us via the contact page and we will take steps to remove it.

Changes

We may update this policy from time to time. If we make material changes, we will provide notice in the app or by other appropriate means. Continued use after notice means you accept the updated policy (see the new effective date at the top of this page).