# GeoSpy

> AI geolocation from photos. Upload an image, get predicted coordinates — no metadata required. Now restricted to law enforcement and enterprise clients.

**Source:** https://fieldwork.news/tools/geospy
**Official site:** https://geospy.ai
**Category:** verification

## Security rating

- **Rating:** caution
- **Rating note (required when citing):** Upgraded from 'adequate' to 'caution.' Images are uploaded to servers operated by a company whose primary customers are law enforcement. Data retention terms are vague. No transparency report. No independent audit. The tool was publicly available for months with documented stalking misuse before access was restricted — and only after press pressure, not internal policy. Graylark's business model is surveillance; journalists should weigh whether that alignment creates risks for their sources and reporting.
- **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending
- **Last reviewed:** 2026-04-02
- **Last agent-verified:** 2026-04-02

> AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment.

## Who it is for

OSINT researchers, verification journalists, and law enforcement analysts who need to estimate where a photo was taken when EXIF data is missing. Used to geolocate social media images, conflict zone photos, unattributed press images, and disinformation content. Journalists used GeoSpy to debunk disinformation in Ghana and the U.S. But the free public version was pulled in January 2025 after 404 Media reported on stalking misuse — access now requires law enforcement or enterprise credentials.

## Editorial take

GeoSpy is technically impressive and genuinely useful for verification work. Its AI analyzes architecture, vegetation, signage, terrain, road markings, and soil to predict a photo's location — no metadata needed. The standard model estimates within 1-25km; the SuperBolt VPR model claims meter-level accuracy using a 46-million-image training set with real-time reference database updates. It processes 200,000+ images daily across 120+ countries. But here's the problem: this is a dual-use surveillance tool that Graylark openly markets to police. 404 Media obtained internal emails showing Miami-Dade Sheriff's Office and LAPD purchased access. The founder told 404 Media that 'geospy.ai is a demo — the real work is the law enforcement models.' The company pulled public access only after press scrutiny, not proactively. For journalism, GeoSpy remains valuable for verification — but understand that you're using a tool whose primary customers are cops, and whose business model depends on making surveillance easier. Treat results as a starting hypothesis, not a conclusion. Always verify with Google Earth, street-level imagery, and local knowledge.

## Best for / not for

**Best for:** Getting a starting location estimate for unattributed photos. Narrowing geographic region when you have zero clues. Batch-processing large image sets during verification projects. Debunking disinformation by confirming or refuting claimed photo locations.

**Not for:** High-confidence geolocation on its own — always cross-verify. Indoor photos with no exterior context. Heavily edited or AI-generated images. Sensitive or confidential material — images are uploaded to Graylark's servers and may be retained. Anyone without law enforcement or enterprise credentials (public access was removed in January 2025).

## Pricing

- **Pricing:** Public demo shut down in January 2025. Current access is enterprise-only and law enforcement-only. Previous free tier allowed up to 20 image lookups. API pricing is usage-based ('Scale' plan) with enterprise tiers available. No publicly listed price for the law enforcement product.
- **Free option:** no

## Security & privacy details

- **Encryption in transit:** yes
- **Encryption at rest:** unknown
- **Data jurisdiction:** United States (Graylark Technologies, Boston, MA).

**Privacy policy TL;DR:** Images are processed on Graylark's servers. The company states it retains images and location data 'only as long as necessary to provide its services or as required by law.' Users can request deletion. But Graylark's primary customers are law enforcement agencies, and the company has not disclosed whether law enforcement queries are logged, retained, or subject to different retention policies. No transparency report exists. The company also leaned into the controversy — both Heinen and GeoSpy's X accounts retweeted posts calling the tool 'absolutely terrifying,' treating privacy alarm as marketing.

**Practical mitigations (operational guidance, not optional):**

Do not upload images containing faces, sensitive locations, or material that could identify sources. Strip metadata before uploading. Understand that images go to Graylark's servers with unknown long-term retention. Use GeoSpy results as a starting point — verify with Google Earth, Mapillary, street-level imagery, and local knowledge. For sensitive investigations, consider whether using a law-enforcement surveillance tool creates ethical or legal complications for your reporting.

## Ownership & business

- **Owner:** Graylark Technologies Inc.
- **Funding model:** Venture-backed. Investors include Recorded Future (threat intelligence company, CEO Christopher Ahlberg confirmed investment) and AI Grant (startup incubator). Funding amounts undisclosed.
- **Business model:** Enterprise SaaS sold to law enforcement agencies, government entities, and enterprise clients. Previously freemium with public demo. Revenue now comes from institutional contracts — 404 Media documented purchases by Miami-Dade Sheriff's Office and LAPD. API access available for integration into existing investigative workflows.
- **Open source:** no

**Known issues:** Public access removed in January 2025 after 404 Media investigation revealed stalking misuse — Graylark pulled the free demo within a day of being contacted by reporters, not proactively. Users had attempted to use GeoSpy to stalk women. The Electronic Frontier Foundation's Cooper Quintin flagged risks of wrongful accusations and privacy breaches. Graylark's founder Daniel Heinen and the GeoSpy X account repeatedly amplified posts calling the tool 'terrifying' and 'deeply concerning for privacy' — treating controversy as brand awareness. The company was founded by Heinen and his twin brothers in 2023; the team is small and the product is a black box with no independent audit of accuracy claims or data handling. SuperBolt's claimed meter-level accuracy has not been independently verified. The tool's dual-use nature is the central issue: the same technology that helps journalists verify photos helps police surveil people and could help stalkers locate targets.

---
Canonical HTML: https://fieldwork.news/tools/geospy
Full dataset: https://fieldwork.news/llms-full.txt
Methodology: https://fieldwork.news/methodology