Privacy Policy

Last updated April 16, 2026

What we collect

Account data: email, display name, optional avatar, home state, the rivers you save, your gauge preferences, and the trips you log to your river journal. Payment data: handled by Stripe — we never see or store your card number. Usage data: we use Plausible Analytics for aggregate page-view counts; Plausible does not use cookies and does not collect personal data.

How we use it

To run the service: send the alerts you opt in to, deliver the weekly digest if you've subscribed, show your contributions next to your display name, and authenticate Pro features. We don't sell your data, and we don't share it with third parties except as required to run the service (Supabase for database, Stripe for billing, Resend for transactional email).

Our legal basis for processing (GDPR)

Where GDPR applies, our legal bases are: Contract — account creation, authentication, Pro subscription delivery, and storing the saved rivers and preferences required to run the service for you. Consent — sending the weekly digest and any alerts you've explicitly subscribed to; you can withdraw consent at any time from your account settings. Legitimate interest — aggregate analytics via Plausible (no personal data collected) and operational logging used to detect abuse and keep the service secure. Legal obligation — retaining payment records for as long as required by applicable tax and accounting law.

Cookies

We use cookies only for authentication (Supabase session cookies). No tracking, advertising, or third-party cookies. Plausible Analytics is cookie-free.

Email

We send email only for: account verification, alerts you've explicitly subscribed to, the weekly digest if you've opted in, payment notifications, and (rarely) service announcements. Every email has a one-click unsubscribe footer. You can manage all email preferences from your account page.

How long we keep your data

Active accounts: retained while your account exists. Deleted accounts: personal data (email, display name, preferences, saved rivers, alerts) is removed within 30 days of your deletion request; database backups are purged within 90 days. Community contributions (trip reports, access points, hazards) may be retained in anonymized form — your display name is stripped, but the underlying observation stays visible because other paddlers rely on it. Payment records are retained by us and by Stripe for as long as required by US tax law (currently seven years). Server logs are retained for approximately 30 days before rotation.

Your rights

You can manage email preferences and unsubscribe from any email directly in your account settings. For data export or account deletion, email Paddle.rivers.us@gmail.com from the address on your account — we respond within 30 days, typically much sooner. If you're an EU/EEA or UK resident, you also have the right to lodge a complaint with your local data protection authority. We're actively building a self-serve export/delete flow in the account settings; until it ships, email is the way.

Your California Privacy Rights

Under the California Consumer Privacy Act (CCPA/CPRA), California residents have the right to know what personal information we collect, to request deletion, to correct inaccuracies, to limit use of sensitive personal information, and to not be discriminated against for exercising these rights. We do not sell or share your personal information as those terms are defined by the CCPA, and we do not use or disclose sensitive personal information for purposes that would require a "limit use" link. To exercise any California right, email Paddle.rivers.us@gmail.com from the address on your account. We verify requests by confirming account ownership and respond within 45 days. You may designate an authorized agent to make a request on your behalf.

International data transfers

RiverScout is operated from the United States. If you access the service from outside the US, your data will be transferred to, stored, and processed in the United States by us and our sub-processors. We rely on Standard Contractual Clauses (SCCs) with Supabase, Stripe, and Resend as the legal mechanism for transfers from the European Economic Area and the United Kingdom.

Security and breach notification

We take reasonable steps to protect your data — TLS in transit, encryption at rest for our database, and least-privilege access for operators. In the event of a data breach affecting your personal information, we will notify you without undue delay, consistent with GDPR Articles 33-34 and applicable US state breach notification laws. For GDPR-governed breaches posing a risk to your rights and freedoms, we aim to notify the relevant supervisory authority within 72 hours of discovery.

Children

RiverScout is not directed at children under 13. We don't knowingly collect data from children under 13. If you believe a child has created an account, contact us and we'll remove it.

Changes

We may update this policy. Material changes will be announced on the site or via email. The date at the top of this page reflects the last update.

Contact

Privacy questions: Paddle.rivers.us@gmail.com or Pine River Paddlesports Center, 9590 M-37, Wellston, MI 49689.