Privacy Policy
Effective date: April 26, 2026
Field Scouts ("we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have — including rights under the California Consumer Privacy Act (CCPA). We are committed to transparency and to collecting only what we need to operate the Service.
The short version: We collect your email to sign you in. We display your username (anonymous by default) next to your public contributions. We collect aggregated, privacy-first usage analytics to run the Service and plan improvements. We do not sell your data to third parties, we do not use advertising trackers, and we do not currently send marketing emails. If we ever introduce product updates or announcements by email, they will be first-party (from us directly to you) and opt-in — we will never hand your email to anyone else to market to you. Voluntary donations are processed by Stripe — we never see or store your card details.
1. Information We Collect
Information you provide
| Data | When | Purpose |
|---|---|---|
| Email address | Account creation | Authentication via magic link sign-in. Never displayed publicly. |
| Username | Auto-generated, optionally customized | Displayed publicly next to your reviews and contributions. |
| Reviews & ratings | When you write a review | Publicly displayed to help other users. Linked to your username. |
| Venue/field submissions | When you add a venue or field | Publicly displayed. Your user ID is stored internally for attribution. |
| Corrections | When you suggest a correction | Reviewed by moderators. Your username is visible to admins. |
| Feedback | When you submit feedback | Read by our team to improve the Service. Not shared publicly. |
Information collected automatically
- Session cookie: A single cookie (
fs_session) maintains your login session. It is HTTP-only, secure, and essential for the Service to function. - Theme preference: Your light/dark mode choice is stored in your browser's localStorage. This never leaves your device.
- Privacy-first web analytics: Cloudflare Web Analytics collects aggregated, anonymous page-view counts, Core Web Vitals performance metrics, referrer, country, and browser type. It does not use cookies, does not fingerprint visitors, and cannot identify individual users. See the Cloudflare Web Analytics description for the full list of data fields collected.
- Server-side aggregate metrics: For each request our server records route, response code, response time, and whether the visitor was logged in at the time. This powers capacity planning, error monitoring, and product decisions (see Section 2). Stored in aggregate in Cloudflare Analytics Engine for 3 months. Never tied to your identity, email, or IP address.
Information we do NOT collect
- Passwords — we use passwordless magic link authentication
- Real names — usernames are anonymous by default
- Card numbers or financial account details — the core Service is free, and voluntary donations are handled entirely by Stripe's hosted checkout. Card data never touches our servers.
- Persistent location tracking — device location is used only on-demand when you choose "Use My Location" to add a venue, and is never stored or tracked
- Third-party advertising trackers — we do not use Google Analytics, Facebook Pixel, advertising SDKs, behavioral ad networks, or any cross-site tracking script
- Individually identifiable analytics — our aggregate analytics (above) cannot be used to reconstruct a specific user's browsing history
2. How We Use Your Information
- Authentication: Your email is used to send magic link sign-in emails. We do not currently send newsletters, promotional emails, or marketing communications. If we ever introduce product announcements or opt-in marketing emails, they will be sent by us directly (never by a third party on our behalf for their purposes) and you will be able to unsubscribe with one click.
- Public display: Your username, reviews, ratings, and venue contributions are displayed publicly on the platform. This is the core purpose of the Service — community members sharing information to help each other.
- Moderation: We may review your content to ensure compliance with our Community Standards. Content is automatically screened for profanity and may be manually reviewed in response to user reports.
- Service improvement: Feedback you submit may be used to improve the platform.
- Analytics for product and business decisions: Aggregated, non-identifiable usage data informs capacity planning, feature prioritization, our own product messaging (e.g., deciding what to describe on our home page or in a future opt-in product-update email), and decisions about any future paid tiers. We look at what the community as a whole does (e.g., "how often is the field detail page viewed by logged-in vs anonymous visitors?"), never what a specific person does. We do not build user-level behavioral profiles. Any marketing we do is first-party — from us directly to our users; we do not sell or share this data with third parties for their own marketing or commercial purposes.
3. Public Nature of Contributions
Please understand that reviews, ratings, and venue information you submit are publicly visible. This includes your username, the content of your review, your star rating, and the date of submission. This information is visible to all visitors, including search engines and unregistered users.
Your email address is never publicly visible. Your anonymous default username (e.g., "Scout-A3F2B1") is not derived from or connected to your email address in any way.
If you choose to customize your username with personally identifying information (e.g., your real name), you do so at your own discretion. We recommend using an anonymous or pseudonymous username.
4. Service Providers
We use a small number of trusted third-party service providers to operate the platform. These providers process data only as necessary to provide their services to us, and are contractually bound to protect your information.
| Provider | Service | Data Processed |
|---|---|---|
| Cloudflare | Hosting, database, file storage, CDN, aggregate analytics, bot protection (Turnstile) | All Service data (encrypted at rest and in transit) |
| Resend | Email delivery | Email address (to deliver magic link sign-in emails only) |
| Google Maps | Map tiles on field detail pages | Field coordinates and your IP (requested by your browser when a map loads). No account data is sent. You can opt out by avoiding field detail pages. |
| Stripe | Donation payment processing (optional, user-initiated) | Payment details (card number, billing address, donor email) you enter directly into Stripe's hosted checkout if you choose to donate via the Support Us page. Stripe shares only aggregate transaction summaries with us — never your card data. Governed by Stripe's Privacy Policy. |
5. Data Sharing & Sales
We do not sell your personal information. We never will. We have not sold personal information in the preceding 12 months and have no plans or intent to do so in the future. This commitment covers data brokers, advertising networks, and any other third party that might pay for user data.
We do not share your personal information with third parties for their own marketing or commercial purposes. We only share data with the service providers listed above, and only as necessary to operate the Service.
Monetization and the Service. Field Scouts currently accepts voluntary donations through Stripe to help cover hosting, email delivery, and ongoing development. We may also introduce optional paid tiers or premium quality-of-life features in the future. The core lookups and community contributions that exist today — finding venues and fields, reading and writing reviews, adding venues, suggesting corrections — will remain free. Any monetization will be based on what we offer you, not on selling access to data about you. If our business structure changes (for example, through acquisition), any successor entity will be bound by these commitments as a condition of the transfer, and we will update this policy and notify users before any change takes effect.
We may disclose your information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
6. Data Security
Your data is stored on Cloudflare's global infrastructure, which provides encryption at rest and in transit. Sessions are managed via secure, HTTP-only cookies. We do not store passwords — authentication is handled entirely through time-limited magic links sent to your email.
While we take reasonable measures to protect your information, no system is 100% secure. If you suspect unauthorized access to your account, please contact us immediately.
7. Data Retention
- Account data (email, username) is retained for as long as your account is active.
- Session tokens expire automatically and are deleted after expiration.
- Magic link tokens expire after 15 minutes and are marked as used or discarded.
- Reviews and venue data are retained as long as they remain relevant to the community. If you delete your account, your contributions may be retained in anonymized form.
- Feedback and contact submissions are retained as long as necessary to address the message.
- Aggregate analytics (Cloudflare Web Analytics + our own server-side metrics) are retained for 3 months. Aggregated data cannot be tied back to individual users.
- Server logs (structured request logs for debugging) are retained for 7 days. These do not contain email addresses or IP addresses.
- Administrative audit log (record of moderation actions by our admins) is retained indefinitely for accountability and compliance.
- Consent records (timestamp of when you accepted these Terms and this Privacy Policy, plus the versions you agreed to) are retained indefinitely as part of the audit log. If we substantively update either document we may ask you to accept the new version before continuing.
8. Your Privacy Rights
All users
Regardless of where you live, you can:
- Change your public username at any time from your profile page
- Request access to the personal data we hold about you
- Request deletion of your account and associated personal data
- Request correction of inaccurate personal data
California residents (CCPA rights)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following additional rights:
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You may request that we delete the personal information we have collected from you. We will honor this request, subject to certain exceptions — for example, we may retain information necessary to complete a transaction, detect security incidents, comply with legal obligations, or for other purposes permitted by law. Publicly contributed content (reviews, venue information) may be retained in anonymized form.
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary because no sale occurs.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied access for making a privacy request.
Categories of personal information collected (CCPA disclosure)
In the preceding 12 months, we have collected the following categories of personal information:
| Category | Examples | Sold? |
|---|---|---|
| Identifiers | Email address, username, unique user ID | No |
| Internet or network activity | Session cookie; aggregated page-view counts, response times, and login-status breakdown (Cloudflare Web Analytics + our server-side metrics — not tied to individual users) | No |
| Geolocation data | Approximate location (only when user explicitly grants permission to add a venue) | No |
| User-generated content | Reviews, ratings, venue submissions, corrections, feedback | No |
How to submit a request
To exercise any of these rights, please reach us through our contact form. We will verify your identity by confirming your email address through our magic link authentication system. We will acknowledge your request within 10 business days and respond within 45 calendar days. If we need additional time (up to 45 more days), we will notify you of the reason.
You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization.
9. Cookies & Local Storage
We use minimal browser storage:
| Name | Type | Purpose | Duration |
|---|---|---|---|
fs_session | Cookie (HTTP-only, secure) | Login session | Session duration |
theme | localStorage | Light/dark mode preference | Until cleared |
We do not use advertising cookies, tracking pixels, or cross-site tracking of any kind. Cloudflare Web Analytics (our analytics provider) does not use cookies.
Third-party iframe cookies. Some pages embed third-party content that may set their own cookies, scoped to those services' domains (not ours):
- Google Maps iframe on field detail pages may set cookies scoped to
google.com. Governed by Google's Privacy Policy. - Cloudflare Turnstile bot-challenge widget on the login/feedback forms may
set cookies scoped to
challenges.cloudflare.com. Governed by Cloudflare's Privacy Policy.
10. Children's Privacy
Field Scouts is designed to be a family-friendly resource, but account creation requires users to be at least 13 years old. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please reach us through our contact form and we will promptly delete that information.
Children aged 13 to 17 may use the Service with parental consent. Parents and guardians are encouraged to monitor their children's use of the Service.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Effective date" at the top of this page and, where practicable, notify users through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
We encourage you to review this page periodically to stay informed about our privacy practices.
12. Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your information is handled, please reach us through our contact form. For general product feedback, our feedback form is also available.