GeoSpy
AI geolocation from photos. Upload an image, get predicted coordinates — no metadata required. Now restricted to law enforcement and enterprise clients.
What should journalists know about GeoSpy?
GeoSpy is technically impressive and genuinely useful for verification work. Its AI analyzes architecture, vegetation, signage, terrain, road markings, and soil to predict a photo's location — no metadata needed. The standard model estimates within 1-25km; the SuperBolt VPR model claims meter-level accuracy using a 46-million-image training set with real-time reference database updates. It processes 200,000+ images daily across 120+ countries. But here's the problem: this is a dual-use surveillance tool that Graylark openly markets to police. 404 Media obtained internal emails showing Miami-Dade Sheriff's Office and LAPD purchased access. The founder told 404 Media that 'geospy.ai is a demo — the real work is the law enforcement models.' The company pulled public access only after press scrutiny, not proactively. For journalism, GeoSpy remains valuable for verification — but understand that you're using a tool whose primary customers are cops, and whose business model depends on making surveillance easier. Treat results as a starting hypothesis, not a conclusion. Always verify with Google Earth, street-level imagery, and local knowledge.
Getting a starting location estimate for unattributed photos. Narrowing geographic region when you have zero clues. Batch-processing large image sets during verification projects. Debunking disinformation by confirming or refuting claimed photo locations.
High-confidence geolocation on its own — always cross-verify. Indoor photos with no exterior context. Heavily edited or AI-generated images. Sensitive or confidential material — images are uploaded to Graylark's servers and may be retained. Anyone without law enforcement or enterprise credentials (public access was removed in January 2025).
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
Images are processed on Graylark's servers. The company states it retains images and location data 'only as long as necessary to provide its services or as required by law.' Users can request deletion. But Graylark's primary customers are law enforcement agencies, and the company has not disclosed whether law enforcement queries are logged, retained, or subject to different retention policies. No transparency report exists. The company also leaned into the controversy — both Heinen and GeoSpy's X accounts retweeted posts calling the tool 'absolutely terrifying,' treating privacy alarm as marketing.
How to protect yourself:
Do not upload images containing faces, sensitive locations, or material that could identify sources. Strip metadata before uploading. Understand that images go to Graylark's servers with unknown long-term retention. Use GeoSpy results as a starting point — verify with Google Earth, Mapillary, street-level imagery, and local knowledge. For sensitive investigations, consider whether using a law-enforcement surveillance tool creates ethical or legal complications for your reporting.
Upgraded from 'adequate' to 'caution.' Images are uploaded to servers operated by a company whose primary customers are law enforcement. Data retention terms are vague. No transparency report. No independent audit. The tool was publicly available for months with documented stalking misuse before access was restricted — and only after press pressure, not internal policy. Graylark's business model is surveillance; journalists should weigh whether that alignment creates risks for their sources and reporting.
Who Owns This
Known issues
Public access removed in January 2025 after 404 Media investigation revealed stalking misuse — Graylark pulled the free demo within a day of being contacted by reporters, not proactively. Users had attempted to use GeoSpy to stalk women. The Electronic Frontier Foundation's Cooper Quintin flagged risks of wrongful accusations and privacy breaches. Graylark's founder Daniel Heinen and the GeoSpy X account repeatedly amplified posts calling the tool 'terrifying' and 'deeply concerning for privacy' — treating controversy as brand awareness. The company was founded by Heinen and his twin brothers in 2023; the team is small and the product is a black box with no independent audit of accuracy claims or data handling. SuperBolt's claimed meter-level accuracy has not been independently verified. The tool's dual-use nature is the central issue: the same technology that helps journalists verify photos helps police surveil people and could help stalkers locate targets.
Pricing
Public demo shut down in January 2025. Current access is enterprise-only and law enforcement-only. Previous free tier allowed up to 20 image lookups. API pricing is usage-based ('Scale' plan) with enterprise tiers available. No publicly listed price for the law enforcement product.
This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.