Privacy Policy

1. Who we are

Trail Sherpa is operated by Amoeba Media, LLC, a single-member limited liability company registered in Pennsylvania, with a mailing address in Williamsport, Lycoming County, PA. Trail Sherpa is a registered trademark of Amoeba Media. References to "we," "us," or "the service" mean Amoeba Media and the Trail Sherpa platform.

Questions about this policy: [email protected].

2. What we collect

We collect three categories of information:

• Account information. Your email address; a chosen trail name (public handle); optionally a real name, bio, location, and avatar. If you sign in with Google, we receive your email and Google profile name; we do not receive your Google password.
• Content you submit. Community posts and comments, condition reports, waypoint submissions, photos you upload, and itineraries you save. Photos may include GPS coordinates if you choose to share location for that photo — this is opt-in per photo and off by default for community posts.
• Automatic information. Standard server logs (IP address, user agent, request paths, timestamps), analytics events (page views, clicks on key calls-to-action), and authentication session tokens stored in cookies.

3. Why we collect it

Account information makes your account work and gives you a public identity in the community. Content you submit is the community resource — that's the product. Automatic information helps us run the service, prevent abuse, measure whether the product is useful, and report on grant-funded work to our sponsors (currently the PA Wilds Center for Entrepreneurship).

We don't sell your data to advertisers. We don't have advertisers.

4. Who we share it with

We use trusted service providers to deliver the platform. Each one only sees the data needed to do its job, and is bound by their own contracts with us:

• Supabase — database, authentication, file storage. Hosts your account record and the content you submit.
• Cloudflare — hosting (Cloudflare Pages), image delivery (Cloudflare Images), and offline-pack storage (R2). Sees IP addresses and request metadata.
• Google (OAuth) — when you choose to sign in with Google. They see that you signed in to Trail Sherpa; we see your email and Google profile name.
• Resend — sends transactional emails like sign-in links, reply notifications, and contact-form messages. Sees your email address and the email body.
• Loops — sends product newsletters to people who opt in to the waitlist or newsletter. You can unsubscribe from any email.
• Google Analytics 4 — anonymized usage analytics. Sees IP addresses, browser metadata, and page-view events. IP anonymization is enabled.
• MapTiler — base maps and static map images. Sees IP addresses when your browser fetches map tiles.

We may share information with law enforcement if compelled by a valid legal process, or to protect the safety of people on the trail in genuine emergencies. We'll resist overbroad requests.

5. Cookies and tracking

We use cookies that are essential to the service working — namely, your authentication session cookie. We also use Google Analytics cookies for traffic measurement; these can be blocked at the browser level without affecting your ability to use the site. We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking.

6. Public content

Your trail name, bio, location, avatar, community posts, comments, and submitted waypoints and reports are public by design — that's how the community works. Search engines may index public content. Don't post anything you wouldn't want associated with your trail name forever. If you delete a post, we'll soft-delete it (the text becomes unreadable, but the row may persist for moderation history).

7. How long we keep it

Account information persists until you delete your account. When you delete, we scrub your trail name, real name, bio, location, and avatar, and remove your authentication record from our auth provider. Your past public posts and comments remain visible but are attributed to "[deleted]" so threads don't break. Server logs and analytics events are kept for up to 24 months for operations and grant reporting, then deleted.

8. Your rights

You can view and edit your profile at /account. You can delete your account from the same page. You can opt out of reply emails at /settings or via the unsubscribe link in any reply email. If you'd like a copy of your data or have a specific request, email [email protected].

California, Virginia, Colorado, and Connecticut residents have specific rights under state privacy laws (CCPA, CPRA, VCDPA, etc.). EU/UK residents have specific rights under GDPR. We'll honor any reasonable request consistent with those laws — email us.

9. Children

Trail Sherpa is not intended for children under 13. We do not knowingly collect information from anyone under 13. If you believe a child has signed up, email us and we'll delete the account.

10. Security

We use HTTPS for all traffic, row-level security policies on our database, OAuth-based authentication with optional passwords, and standard industry practices for protecting the data we store. No system is perfectly secure, and we can't guarantee invulnerability — but we treat your data the way we'd want ours treated.

11. International users

Trail Sherpa is operated from the United States. If you use the service from another country, your information will be transferred to and processed in the US. By using the service, you consent to that transfer.

12. Changes to this policy

If we make material changes, we'll update the "Last updated" date at the top and, when the change is meaningful, notify signed-in users by email. Continued use of the service after the update means you accept the revised policy.