Privacy Policy
Effective date: April 10, 2026
Field Scouts ("we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have — including rights under the California Consumer Privacy Act (CCPA). We are committed to transparency and to collecting only what we need to operate the Service.
The short version: We collect your email to sign you in. We display your username (anonymous by default) next to your public contributions. We do not sell your data, we do not track you with ads or analytics scripts, and we do not send marketing emails.
1. Information We Collect
Information you provide
| Data | When | Purpose |
|---|---|---|
| Email address | Account creation | Authentication via magic link sign-in. Never displayed publicly. |
| Username | Auto-generated, optionally customized | Displayed publicly next to your reviews and contributions. |
| Reviews & ratings | When you write a review | Publicly displayed to help other users. Linked to your username. |
| Venue/field submissions | When you add a venue or field | Publicly displayed. Your user ID is stored internally for attribution. |
| Corrections | When you suggest a correction | Reviewed by moderators. Your username is visible to admins. |
| Feedback | When you submit feedback | Read by our team to improve the Service. Not shared publicly. |
Information collected automatically
- Session cookie: A single cookie (
fs_session) maintains your login session. It is HTTP-only, secure, and essential for the Service to function. - Theme preference: Your light/dark mode choice is stored in your browser's localStorage. This never leaves your device.
- Cloudflare analytics: Our hosting provider (Cloudflare) may collect basic, aggregated analytics such as page view counts and country-level traffic data. This data is not personally identifiable and is not shared with us on a per-user basis.
Information we do NOT collect
- Passwords — we use passwordless magic link authentication
- Real names — usernames are anonymous by default
- Payment information — the Service is currently free
- Persistent location tracking — device location is used only on-demand when you choose "Use My Location" to add a venue, and is never stored or tracked
- Third-party tracking data — we do not use Google Analytics, Facebook Pixel, advertising SDKs, or any third-party tracking scripts
2. How We Use Your Information
- Authentication: Your email is used exclusively to send magic link sign-in emails. We do not send newsletters, promotional emails, or marketing communications of any kind.
- Public display: Your username, reviews, ratings, and venue contributions are displayed publicly on the platform. This is the core purpose of the Service — community members sharing information to help each other.
- Moderation: We may review your content to ensure compliance with our Community Standards. Content is automatically screened for profanity and may be manually reviewed in response to user reports.
- Service improvement: Feedback you submit may be used to improve the platform.
3. Public Nature of Contributions
Please understand that reviews, ratings, and venue information you submit are publicly visible. This includes your username, the content of your review, your star rating, and the date of submission. This information is visible to all visitors, including search engines and unregistered users.
Your email address is never publicly visible. Your anonymous default username (e.g., "Scout-A3F2B1") is not derived from or connected to your email address in any way.
If you choose to customize your username with personally identifying information (e.g., your real name), you do so at your own discretion. We recommend using an anonymous or pseudonymous username.
4. Service Providers
We use a small number of trusted third-party service providers to operate the platform. These providers process data only as necessary to provide their services to us, and are contractually bound to protect your information.
| Provider | Service | Data Processed |
|---|---|---|
| Cloudflare | Hosting, database, file storage, CDN | All Service data (encrypted at rest and in transit) |
| Resend | Email delivery | Email address (to deliver magic link sign-in emails only) |
5. Data Sharing & Sales
We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
We do not share your personal information with third parties for their own marketing or commercial purposes. We only share data with the service providers listed above, and only as necessary to operate the Service.
We may disclose your information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
6. Data Security
Your data is stored on Cloudflare's global infrastructure, which provides encryption at rest and in transit. Sessions are managed via secure, HTTP-only cookies. We do not store passwords — authentication is handled entirely through time-limited magic links sent to your email.
While we take reasonable measures to protect your information, no system is 100% secure. If you suspect unauthorized access to your account, please contact us immediately.
7. Data Retention
- Account data (email, username) is retained for as long as your account is active.
- Session tokens expire automatically and are deleted after expiration.
- Magic link tokens expire after 15 minutes and are marked as used or discarded.
- Reviews and venue data are retained as long as they remain relevant to the community. If you delete your account, your contributions may be retained in anonymized form.
- Feedback submissions are retained as long as necessary to address the feedback.
8. Your Privacy Rights
All users
Regardless of where you live, you can:
- Change your public username at any time from your profile page
- Request access to the personal data we hold about you
- Request deletion of your account and associated personal data
- Request correction of inaccurate personal data
California residents (CCPA rights)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following additional rights:
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You may request that we delete the personal information we have collected from you. We will honor this request, subject to certain exceptions — for example, we may retain information necessary to complete a transaction, detect security incidents, comply with legal obligations, or for other purposes permitted by law. Publicly contributed content (reviews, venue information) may be retained in anonymized form.
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary because no sale occurs.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied access for making a privacy request.
Categories of personal information collected (CCPA disclosure)
In the preceding 12 months, we have collected the following categories of personal information:
| Category | Examples | Sold? |
|---|---|---|
| Identifiers | Email address, username, unique user ID | No |
| Internet or network activity | Session cookie, pages visited (Cloudflare aggregate analytics) | No |
| Geolocation data | Approximate location (only when user explicitly grants permission to add a venue) | No |
| User-generated content | Reviews, ratings, venue submissions, corrections, feedback | No |
How to submit a request
To exercise any of these rights, please contact us through our feedback form. We will verify your identity by confirming your email address through our magic link authentication system. We will acknowledge your request within 10 business days and respond within 45 calendar days. If we need additional time (up to 45 more days), we will notify you of the reason.
You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization.
9. Cookies & Local Storage
We use minimal browser storage:
| Name | Type | Purpose | Duration |
|---|---|---|---|
fs_session | Cookie (HTTP-only, secure) | Login session | Session duration |
theme | localStorage | Light/dark mode preference | Until cleared |
We do not use advertising cookies, tracking pixels, or third-party cookies of any kind.
10. Children's Privacy
Field Scouts is designed to be a family-friendly resource, but account creation requires users to be at least 13 years old. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us through our feedback form and we will promptly delete that information.
Children aged 13 to 17 may use the Service with parental consent. Parents and guardians are encouraged to monitor their children's use of the Service.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Effective date" at the top of this page and, where practicable, notify users through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
We encourage you to review this page periodically to stay informed about our privacy practices.
12. Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your information is handled, please contact us through our feedback form.