Privacy & data

Last updated 2026-06-02 · Data controller: Orbitly (admin@orbitly.tech)

SoilPoint is a public API that returns USDA soil data for a coordinate. This page explains exactly what we record when you call it or use the “try it” box on the homepage — in plain terms. We collect as little as possible.

What we record per request

• Coarse query region — the latitude/longitude you ask about, rounded to ~110 m (3 decimals) plus the derived US state. We do not store your exact coordinates.
• Network organisation, not your IP — we look up your IP address in memory against an offline database to derive the network/organisation (ASN), its name, and country, then discard the IP. Your raw IP address is never written to our database or our logs.
• Technical metadata — which endpoint, HTTP status, response timing, cache hit/miss, a coarse client type (e.g. “curl”, “browser”), and the referring site’s host — to operate, debug and improve the service.
• A first-party identifier — a random ID stored in a first-party cookie so we can tell repeat usage apart from new usage. It is not an advertising or cross-site identifier.

Why (lawful basis)

For anonymous use of the public API and the “try it” box, we rely on legitimate interest (GDPR Art. 6(1)(f)) to operate, secure, and validate demand for the service. This is proportionate because we store no raw IP and no exact coordinates, use a first-party cookie rather than fingerprinting, and the data is coarse technical/operational telemetry. If you later sign up for an API key, that processing is covered by the terms you accept at signup.

How long

Per-request records are retained for about 90 days and then may be deleted. Exact coordinates exist only transiently in memory and in a short-lived cache key; they are not part of the retained record.

Who processes it (sub-processors)

• Supabase — managed PostgreSQL where the coarse records are stored.
• IPinfo — supplies the offline IP→organisation database used for the in-memory lookup described above.
• Our hosting provider — runs the server that serves this API.

Your choices

Because we do not store your IP or exact location for anonymous use, there is little personal data to act on. If you have an API key or believe a record relates to you and want it removed or exported, email admin@orbitly.tech and we will action it. You can clear the first-party cookie any time in your browser.

Soil data & attribution

Soil data is sourced from USDA-NRCS SSURGO via Soil Data Access (public domain). It is provided as-is; it is not a substitute for on-site investigation and not for regulatory determinations; US coverage only. SoilPoint is not a USDA-endorsed product.

IP address data powered by IPinfo (used under the IPinfo Lite licence, CC BY-SA 4.0).

← Back to SoilPoint  ·  API docs  ·  Blog