Privacy Policy

Last updated: April 2026

RareRoam ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use and store it, with whom we share it, and your rights. It applies to all visitors and registered users of the RareRoam website.

1. Information We Collect

1.1 Account and Profile Data

When you create an account, we collect:

  • Email address
  • Display name and username
  • Profile photo (avatar), if you choose to upload one
  • Password (stored as a secure hash — we never store your plain-text password)
  • Optional profile bio or social links

1.2 Google Sign-In

If you sign in using Google, we receive your name, email address, and Google account profile photo from Google. We do not receive your Google password.

1.3 Uploaded Content

If you are an approved contributor, we store the photos you upload along with associated metadata (title, description, location, tags, upload date).

1.4 Usage and Technical Data

When you use the Platform, we may automatically collect:

  • IP address and approximate geographic location (country/region)
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Photo view and download counts (aggregated, not personally identifiable)
  • Referrer URLs

This data is used to operate and improve the Platform and is not used to build individual user profiles for advertising.

1.5 Communications

If you contact us by email, we retain the content of your message to respond to it.

2. How We Use Your Information

We use your information to:

  • Create and manage your account and authenticate you securely.
  • Display your public contributor profile and uploaded photos.
  • Process and review contributor applications and submitted photos.
  • Send you transactional emails about your account (e.g., email verification, password reset, account status changes). We do not send marketing emails.
  • Monitor Platform performance, detect abuse, and ensure security.
  • Comply with legal obligations.

3. Data Sharing and Service Providers

We do not sell your personal data. We share data only with the service providers necessary to operate the Platform:

Supabase

We use Supabase for database storage, user authentication, and file storage (photos and avatars). Supabase processes your account data and uploaded content on our behalf. Supabase stores data on infrastructure in the region selected during our account setup. See Supabase's Privacy Policy.

Vercel

The Platform is hosted on Vercel. Vercel processes server requests and may log IP addresses and request metadata as part of its infrastructure operations. See Vercel's Privacy Policy.

Google

If you use Google sign-in, Google processes authentication on its own infrastructure. See Google's Privacy Policy.

We may disclose your information if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of RareRoam, our users, or the public.

4. Cookies and Local Storage

RareRoam uses only technically necessary cookies and session tokens to keep you signed in and to maintain your preferences. We do not use advertising, tracking, or third-party analytics cookies.

Specifically, we set:

  • Authentication session cookies — set by Supabase Auth to keep you logged in. These expire when you sign out or after an inactivity period.

You can block or delete cookies through your browser settings. Blocking session cookies will prevent you from signing in.

5. Data Retention

  • Active accounts: Your data is retained for as long as your account exists.
  • Deleted accounts: When you delete your account, your profile, photos, and personally identifiable data are permanently deleted. Some non-identifiable aggregated data (e.g., photo download counts) may be retained.
  • Server logs: Automatically collected technical logs are retained for a limited period (typically 30–90 days) for security and debugging purposes.

6. Your Rights

6.1 All Users

  • Access and correction: You can view and update your account information at any time in Settings.
  • Deletion: You can delete your account from Settings → Close Account. This permanently removes all your personal data and uploaded photos.

6.2 European Economic Area — GDPR Rights

If you are located in the EEA, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — request deletion of your data where there is no legitimate reason for us to continue processing it.
  • Restriction of processing in certain circumstances.
  • Data portability — request your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Lodge a complaint with your local data protection authority.

Our lawful basis for processing your data is primarily contract performance (operating your account) and legitimate interests (security, abuse prevention).

6.3 California — CCPA Rights

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, or sell.
  • Delete personal information we hold about you.
  • Opt out of the sale of your personal information (we do not sell personal information).
  • Non-discrimination for exercising your CCPA rights.

To exercise any of these rights, contact us at privacy@RareRoam.com.

7. Children's Privacy

RareRoam is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will delete that data promptly. If you believe a child under 13 has created an account, please contact us at privacy@RareRoam.com.

8. International Data Transfers

RareRoam uses infrastructure providers (Supabase, Vercel) that may process data in the United States or other countries. If you are located in the EEA or UK, please be aware that your data may be transferred to countries that do not have the same data protection laws as your home country. Where such transfers occur, we rely on our providers' compliance with applicable data transfer mechanisms (e.g., Standard Contractual Clauses).

9. Security

We implement reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), secure password hashing, and role-based access controls. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For significant changes, we will notify registered users by email or via an in-platform notice. Continued use of the Platform after the updated policy is posted constitutes acceptance of the changes.

11. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@RareRoam.com.

← Back to gallery