# Privacy Policy
**Last Updated: January 10, 2026**
Salish Mushrooms, LLC ("we," "us," or "our") operates the salishmushrooms.com website and the Morel Maps mobile applications for iOS and Android (collectively, the "Services").
This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Services.
## Quick Summary
- We collect only what's necessary to provide our mapping and educational services
- We use Google Analytics to understand how visitors use our site (you can opt out)
- We do **not** track your real-time location
- We do **not** sell your personal information
---
## 1. Information We Collect
### 1.1 Account Information
When you create an account, we collect:
| Data | Purpose |
|------|---------|
| Email address | Account identification, password resets, important notifications |
| Name (optional) | Personalization |
| Username | Account identification |
| Password | Stored securely using industry-standard hashing |
### 1.2 Sign-In with Apple or Google
If you choose to sign in with Apple or Google, we receive:
- Your unique identifier from Apple or Google
- Email address (if you choose to share it)
- Name (if you choose to share it)
We store these identifiers to link your account but do **not** have access to your Apple ID password, Google password, or other Apple/Google account information.
### 1.3 Subscription & Payment Information
**iOS App Purchases:**
When you subscribe through the iOS app, Apple processes the payment. We receive:
- Transaction ID (to verify your subscription)
- Purchase date and expiration date
- Subscription status
We do **not** receive or store your credit card number, billing address, or other payment details—Apple handles this securely.
**Web Payments:**
Web subscriptions are processed through Stripe. We receive confirmation of payment but do not store your full credit card number.
### 1.4 User-Generated Content
**Pro Members Only:**
- **Areas of Interest (AOI):** Geographic locations and boundaries you create on the map are stored so you can access them across devices.
**All Members:**
- Course progress and quiz scores (if you use our educational content)
- Any comments or content you voluntarily submit
### 1.5 Automatically Collected Information
**Log Data:**
Our servers automatically record:
- IP address
- Browser type and version
- Pages visited and time of access
- Referring URL
**Rate Limiting:**
We track login attempts by IP address (up to 10 per hour) to prevent abuse.
### 1.6 Cookies & Local Storage
| Type | Purpose | Duration |
|------|---------|----------|
| Session cookies | Keep you logged in | Until you log out |
| Local storage | Remember your map layer preferences | Persistent in browser |
We do **not** use advertising cookies or third-party tracking cookies.
---
## 2. Information We Do NOT Collect
To be clear about what we **don't** do:
- **No GPS tracking:** We do not access or track your real-time location
- **No advertising trackers:** No Meta Pixel, advertising cookies, or retargeting
- **No cross-site tracking:** We don't follow you across other websites
- **No selling data:** We never sell your personal information to third parties
---
## 3. How We Use Your Information
We use your information to:
- Provide and maintain the Services
- Authenticate your account and verify Pro membership status
- Process and verify subscriptions (iOS, Android and web)
- Track your progress in educational courses
- Send essential account notifications (password resets, subscription updates)
- Protect against fraud and abuse
- Improve and debug our Services
We do **not** use your information for advertising or sell it to third parties.
---
## 4. How We Share Your Information
We share your information only in these limited circumstances:
### 4.1 Service Providers
| Provider | Purpose | Data Shared |
|----------|---------|-------------|
| Apple | iOS subscription verification | Transaction IDs, subscription status |
| Google Android | Play Store subscription verification | Transaction IDs, subscription status |
| Cloudflare | Content delivery (map tiles) | IP address (standard CDN operation) |
| WordPress/Web Host | Website hosting | Account data, content |
| Email Service | Transactional emails | Email address |
These providers are contractually obligated to protect your information and use it only for the services they provide to us.
### 4.2 Legal Requirements
We may disclose your information if required by law, subpoena, or legal process, or if we believe disclosure is necessary to:
- Comply with applicable law
- Protect our rights or property
- Prevent fraud or abuse
- Protect the safety of users or the public
---
## 5. Data Security
We implement industry-standard security measures:
- Passwords are hashed using secure algorithms (never stored in plain text)
- HTTPS encryption for all data transmission
- Rate limiting to prevent brute-force attacks
- Authentication tokens with expiration
- Security headers to prevent common web vulnerabilities
While we take security seriously, no system is 100% secure. We encourage you to use a strong, unique password.
---
## 6. Data Retention
- **Account data:** Retained while your account is active
- **Subscription records:** Retained for accounting and legal compliance
- **Course progress:** Retained while your account is active
- **Server logs:** Typically retained for 30-90 days
You may request deletion of your account and associated data at any time (see Section 8).
---
## 7. Mobile Applications
Our iOS and Android apps follow the same privacy practices as our website. Additionally:
### 7.1 App Permissions
| Permission | Purpose | Required? |
|------------|---------|-----------|
| Internet access | Load maps and sync data | Yes |
| Storage | Cache map tiles for offline use | Pro feature |
We do **not** request access to your:
- Camera
- Microphone
- Contacts
- Photos
### 7.2 Offline Data
Pro members can download map regions for offline use. This data is stored locally on your device and can be deleted through the app settings.
---
## 8. Your Rights & Choices
### 8.1 Access & Portability
You can request a copy of your personal data by contacting us.
### 8.2 Correction
You can update your account information through your account settings or by contacting us.
### 8.3 Deletion
You can request deletion of your account and personal data. Some information may be retained for legal or legitimate business purposes.
### 8.4 Opt-Out
You can:
- Disable cookies in your browser (may affect functionality)
- Delete local storage data through your browser settings
- Unsubscribe from non-essential emails
### 8.5 California Residents (CCPA)
California residents have additional rights:
- Right to know what personal information we collect
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your rights
### 8.6 European Residents (GDPR)
If you are in the European Economic Area, you have rights including:
- Access, correction, and deletion of your data
- Data portability
- Objection to processing
- Withdrawal of consent
- Right to lodge a complaint with a supervisory authority
---
## Children's Privacy
Our Services are intended for users aged 13 and older.
**Age Requirement:**
By creating an account, you confirm that you are at least 13 years old. If you are between 13 and 18, you represent that you have your parent or guardian's permission to use the Services.
**Under 13:**
We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has created an account, please contact us immediately. We will delete the account and associated information promptly.
**Parents and Guardians:**
If your teen (13-17) uses our Services, we encourage you to discuss online privacy and responsible use of mapping/outdoor recreation apps with them.
---
## 10. Third-Party Links
Our Services may contain links to third-party websites (e.g., external mapping resources, educational content). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
---
## 11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes (if you have an account)
Your continued use of the Services after changes constitutes acceptance of the updated policy.
---
## 12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
**Salish Mushrooms, LLC**
Email: [your contact email]
Website: https://salishmushrooms.com/contact/
---
*This privacy policy was last reviewed and updated on January 10, 2026.*
