The geocoding licence trap: you probably can't store the coordinates you're storing
Here is an uncomfortable exercise for any enterprise architect: find every table in your estate that stores a latitude/longitude pair, then find out which provider originally geocoded it, then read that provider's terms on result storage. In our experience the third step is where the meeting goes quiet.
Storage rights vary per provider — not per category
From our 37-provider research, current as of mid-2026:
- Google Maps Geocoding: ToS forbids caching/storing results without a separate licence. The coordinates in your asset register that came from Google are, in most configurations, a compliance finding waiting to happen.
- HERE: standard plans forbid permanent storage; caching/export requires an enterprise licence in the region of US$10k+/yr.
- Mapbox: sells the distinction explicitly — the Temporary tier (~$0.75/1k) forbids storage; the Permanent tier that allows it costs ~$5/1k, Google money.
- TomTom: no permanent storage without a licence.
- OpenCage, OSM/Nominatim and most open-data resellers: storage generally permitted — it's open data underneath.
- Geoscape G-NAF: contract-based access with storage-inclusive terms — one reason authoritative sources are worth their licensing model for asset-register use cases.
Why this never gets enforced
Because in most estates, geocoding was integrated system-by-system, by different teams, in different years. The Salesforce team read (or didn't read) Google's terms in 2021. The Maximo team wired HERE in 2023. Nobody owns the aggregate posture, so the de-facto policy is "whatever each integration happened to do."
The fix is architectural, not contractual
You can't train every future integrator to remember licence terms. You can put one routing layer in front of every provider and make cache-eligibility a machine-enforced flag:
Provider registry (per provider): licenceType: metered | subscription cacheEligible: true | false ← enforced at routing, not documented in a wiki coordinateSystem: WGS84 | GCJ02 ← China's legally-mandated systems flagged, never silently converted
In AddressIQ, a result from a non-cacheable provider is delivered to the caller but never persisted — the storage layer refuses it, and the usage ledger records which provider served it, as evidence. When an authoritative or open-data source resolves the same address later, that result is stored. The compliance posture stops depending on human memory.
One more trap from the research: China. Amap and Baidu are legally required to return GCJ-02/BD-09 obfuscated coordinates, and converting back to true WGS84 is legally restricted. If China is ever in your scope, treat it as a distinct compliance workstream — never as "just another provider in the chain."