Is BoreCast a substitute for calling 811?

No. BoreCast is a planning tool, not a utility locator. Always call 811 before you excavate.

Where does the data come from?

Real driller-reported well logs from state well datasets — over a million wells today, across 22 states. When a driller reports clay from 0-7 feet and sand from 7-25 feet, that's what you see in BoreCast. No interpolated soil maps, no fabricated confidence.

What if there's no well log near my bore?

BoreCast tells you so. We mark the profile as 'unknown' with explicit gaps, and lower the confidence so you know to gather more data before drilling. We never fill in blanks with made-up numbers.

Can I export to Google Earth?

Yes — Pro accounts export every corridor as a KMZ for Google Earth and as a branded PDF report for your project manager. The Free tier gets a watermarked PDF; KMZ unlocks on upgrade.

Do you store my bore paths?

Your corridor history is private to your account and used only so you can re-open past queries. We never share bore paths with third parties, and we never expose the personal information of the drillers behind the well logs.

What states do you cover?

Wisconsin has the deepest coverage today (almost 900,000 wells). Michigan, Minnesota, Texas, Missouri and 17 other states have solid coverage, with more being added every month. Outside those states BoreCast falls back to a global bedrock model so every query still returns something useful.

Legal

Privacy Policy

Effective April 13, 2026

DrillerDB BoreCast (“BoreCast”, “we”, “our”) is a subsurface planning product operated by DrillerDB in Wisconsin, USA. This Privacy Policy explains what personal data we collect when you visit our marketing site, sign up for an account, or run queries against the Service, why we collect it, who we share it with, and the rights you have over it. If you have questions about anything below, email craig@drillerdb.com.

1. What we collect

Account information.When you create an account, we collect the email address and name you provide. If you sign up with Google OAuth, Google shares the same fields (name and email) plus a unique Google account identifier with us after you consent on Google’s sign-in screen. We do not receive your Google password and we do not request access to any Google data beyond basic profile and email.

Usage events. Every call to /v1/point and /v1/corridor writes a row to our usage log containing the timestamp, the account id, the query input (coordinates or corridor geometry), and the response status. We use this log to meter the free tier, reconcile billing on the Pro tier, debug errors, and tune the underlying query engine.

Session cookies and authentication tokens. Once you sign in, we set an httpOnly, secure, SameSite=Lax session cookie (better-auth.session_token) that keeps you signed in across page loads. This cookie is strictly necessary for the Service to function.

IP address. Our API records the IP address that a request arrives from. We use it for rate limiting, abuse prevention, and to reconstruct the origin of suspicious activity. IP addresses are not sold or shared with advertising networks.

Anonymous demo identifier.Visitors who use the public demo without signing in receive a random UUID stored in their browser’s localStorage under the key borecast_demo_id. We use this UUID only to enforce the per-browser demo query cap. It is not tied to a real identity and it does not follow you off the BoreCast site.

2. Why we collect it

We use personal data to service your account, process billing, enforce free-tier limits, prevent abuse, generate aggregated product analytics, monitor errors, and communicate with you about the Service (for example, receipts, security notices, and product announcements you have opted into). We do not sell personal data and we do not use it to train machine-learning models that are then offered to third parties.

3. Sub-processors and third parties

BoreCast relies on a small set of vendors. Each one only receives the data it needs to perform its function:

Stripe — billing, card processing, and the Customer Portal. Stripe receives your email, name, and the payment information you enter on their hosted forms. We never see your raw card number.
Mandrill — transactional email delivery (receipts, password resets, account notices). Mandrill receives the recipient email address and the message body.
Google — OAuth sign-in only. Google sees your name, email, and the BoreCast consent screen. Google does not see what you do inside BoreCast after sign-in.
Microsoft Clarity — session replay and heatmaps on the marketing surface only (landing pages, pricing, legal pages). Clarity does not run inside the signed-in application.
Google Analytics 4 — aggregated marketing analytics on the marketing surface only. We do not link GA4 events to individual accounts.
Sentry — error monitoring. When the application throws an error, Sentry receives the stack trace, the URL, and the account id so we can diagnose it.
DrillerDB infrastructure — hosting. The BoreCast web app, API, and database all run on a private GCP server (cvg-primary) operated by DrillerDB.
Esri vector tiles — map rendering via MapLibre. Your browser requests tiles directly from Esri based on the viewport you are looking at. No account data is attached to those requests.

4. Cookies and local storage

BoreCast uses a short list of cookies and browser storage keys. You can see the full list and how to opt out of the optional ones on our Cookie Policy page.

better-auth.session_token — httpOnly, secure, SameSite Lax. Keeps you signed in. Strictly necessary.
siq-theme — localStorage (not a cookie). Remembers your light/dark theme preference.
borecast_demo_id — localStorage UUID for the anonymous demo quota.
borecast_cookie_consent — localStorage flag recording that you dismissed the cookie banner.
_ga — Google Analytics 4. Marketing surface only. Aggregated analytics.
_clck, _clsk — Microsoft Clarity. Marketing surface only. Session replay and heatmaps.

5. Data retention

We keep account data for as long as your account is active. If you close your account, we delete your account record within 30 days. Usage events (the per-query audit log) are retained for 90 days so that we can reconcile billing and investigate abuse, and are then anonymized by stripping the account id. Backups follow the same retention on a rolling basis.

6. Your rights (GDPR and CCPA)

Depending on where you live, you may have the right to access, correct, delete, or export the personal data we hold about you, and to object to or restrict certain processing. These rights are granted under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA / CPRA), among others. To exercise any of these rights, email craig@drillerdb.com from the address associated with your account. We aim to respond within 30 days.

We will be honest about what the product can do today: BoreCast does not yet have an in-app “delete my account” button. Deletion and export requests are handled manually by Craig until sprint 5 ships a self-serve flow. Your legal rights are unchanged; the mechanism is just email rather than a button.

7. Children

BoreCast is a professional tool for engineers, drilling contractors, and utility planners. It is not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email us and we will delete it.

8. International transfers

BoreCast is hosted in the United States. If you access the Service from outside the US, your data will be transferred to, and processed in, the US. Where required, we rely on Standard Contractual Clauses with our sub-processors for cross-border transfers.

9. Security

We use HTTPS for every connection, store passwords only as salted hashes, scope database access tightly, and monitor error rates and authentication failures. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you in accordance with applicable law.

10. Changes to this policy

If we make material changes to this policy, we will notify registered users by email and display a notice banner on the marketing site for at least 30 days before the change takes effect. Minor wording and clarity edits may be made without notice; the effective date at the top of this page always reflects the latest revision.

11. Contact

Privacy questions, data requests, and complaints can be sent to craig@drillerdb.com. Postal contact: DrillerDB, Wisconsin, USA.

← Back to BoreCast