By creating your dashboard, you consent to pulling Mountain Project tick data for analytics. Data cached for 30 days, automatically refreshed, not permanently stored. Privacy Policy

Privacy Policy

Effective Date: August 19, 2025

Last Updated: September 28, 2025

Introduction

Welcome to Onsightful ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our climbing analytics platform at onsightful.com (the "Service").

Definitions

"Public Profile Information"
Username and user ID visible on your Mountain Project public profile
"Usage Data"
Information about how you interact with our service (pages viewed, features used)
"Performance Data"
Technical metrics like page load times and error rates
"Analytics"
Derived insights from your climbing data (pyramids, trends, statistics)
"Cache"
Temporary storage of your Mountain Project data for faster loading

Legal Basis for Processing

Your Consent

We process your climbing data based on your explicit, informed consent. You provide this consent when you:

  • Voluntarily enter your Mountain Project profile URL
  • Click "Create Dashboard" after reviewing this policy
  • Understand you can withdraw consent at any time

Withdrawing Consent

You may withdraw consent at any time by:

  • Requesting cache deletion via our contact information below
  • Simply not using the service (cache auto-expires in 30 days)

Note: Withdrawing consent stops future processing but doesn't affect the lawfulness of processing before withdrawal.

Information We Collect

Data from Mountain Project

When you provide your Mountain Project profile URL or username, we collect:

  • Climbing Activity Data: Routes climbed, grades, dates, locations, and tick types (onsight, redpoint, flash, etc.)
  • Performance Metrics: Send rates, difficulty progression, and climbing volume statistics
  • Public Profile Information: Your public Mountain Project username and user ID

Automatically Collected Information

When you use our Service, we automatically collect:

  • Usage Data: Pages viewed, features used, and interaction patterns
  • Technical Data: Browser type, device information, IP address (for security purposes only)
  • Performance Data: Page load times and error logs for service improvement

How We Use Your Information

We process your climbing data to:

  • Generate Analytics: Create performance visualizations, grade pyramids, and progress charts
  • Calculate Statistics: Compute send rates, hardest climbs, volume trends, and other metrics
  • Provide Filtering: Enable date range, grade, and route type filtering
  • Improve Service: Enhance features and fix bugs based on aggregate usage patterns

Data Storage and Retention

Data Categories & Retention Periods

Data Type Retention Period Purpose
Climbing data cache 30 days Performance optimization
Error logs 7 days Debugging & security
Access logs 30 days Security monitoring
Backup snapshots 7 days rolling Disaster recovery

Important: After these periods, data is permanently deleted from all systems, including backups.

Data Location

  • Data is temporarily cached on secure servers hosted by Google Cloud Platform
  • All data transmission occurs over encrypted HTTPS connections

Data Sharing and Disclosure

We do NOT:

  • Sell your personal data to third parties
  • Share your individual climbing data with other users
  • Use your data for advertising purposes
  • Create permanent profiles or databases of user information

We may share data only when:

  • Required by Law: To comply with legal obligations or valid legal requests
  • Safety and Security: To protect against fraud, abuse, or threats to our Service
  • With Your Consent: When you explicitly authorize us to share specific information

Your Rights and Choices

Access and Control

You have the right to:

  • View Your Data: Access all analytics generated from your Mountain Project profile
  • Clear Cache: Request immediate deletion of your cached data
  • Opt Out: Stop using the Service at any time (your cache will expire automatically)

Data Portability

  • Your original climbing data remains accessible on Mountain Project
  • Export Your Analytics: Contact us to receive your cached data and generated analytics in JSON format
  • Export requests fulfilled within 30 days as required by GDPR
  • Exports include both raw cached data and computed metrics

How to Exercise Your Rights

To protect your privacy, we verify identity for data requests:

  • Provide your Mountain Project username or profile URL
  • Include the approximate date you created your dashboard
  • We'll confirm via email if additional verification needed

Response Time: We respond to requests within 30 days (or 45 days for complex requests with notice).

Cookies & Tracking Technologies

What We Use

  • Session Cookies: Essential for dashboard functionality (expires when browser closes)
  • Cache Identifiers: Links your browser to cached data (30-day expiry)

What We DON'T Use

  • Third-party tracking cookies
  • Advertising cookies
  • Google Analytics or similar services
  • Cross-site tracking

You can disable cookies in your browser settings, but this may prevent dashboard creation.

Security Measures

We implement industry-standard security measures including:

  • Encryption: All data transmitted using HTTPS/TLS encryption
  • Access Controls: Restricted server access with authentication requirements
  • Input Validation: Protection against SQL injection, XSS, and SSRF attacks
  • Rate Limiting: Prevention of abuse and denial-of-service attempts
  • Content Limits: File size restrictions to prevent resource exhaustion

Data Breach Response

In the unlikely event of a data breach that may impact your privacy:

  • We'll notify affected users within 72 hours of discovery
  • Notification via website banner and/or email (if available)
  • We'll provide details about what occurred and steps taken
  • We'll offer guidance on protective measures you can take

Third-Party Services

Mountain Project

  • We fetch publicly available climbing data from Mountain Project
  • Mountain Project's privacy policy governs their data collection practices
  • We are not affiliated with Mountain Project or its parent companies

Google Cloud Platform

  • Our infrastructure runs on Google Cloud Platform
  • Google's security and privacy standards apply to data storage and processing
  • No Google analytics or tracking cookies are used

Children's Privacy

Onsightful is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13, we will promptly delete it.

International Users

Our Service is operated from the United States. If you access Onsightful from outside the United States, please be aware that your data may be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

Governing Law & Dispute Resolution

This Privacy Policy is governed by the laws of the United States, without regard to conflict of law principles.

Dispute Resolution Process

  1. First, contact us directly to resolve informally
  2. If unresolved within 30 days, binding arbitration under AAA rules
  3. Small claims court available for qualifying disputes

Class Action Waiver: All disputes must be brought individually, not as class actions.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

How We'll Notify You

  • Minor Changes: Updated on this page with new "Last Updated" date
  • Material Changes: Prominent notice on homepage for 30 days
  • If We Collect Emails: Direct notification for significant changes

Continued use after changes take effect constitutes acceptance. For material changes affecting existing data processing, we may request renewed consent.

Contact Information

For privacy-related questions, requests, or concerns:

Email: [email protected]
Response Time: Within 48 hours for initial response
Data Protection Officer: Available upon request

For EU Residents: You have the right to file a complaint with your local data protection authority if you believe we've violated GDPR.

For California Residents: You may contact the California Attorney General if you have concerns about our CCPA compliance.

Consent Statement

By creating your dashboard, you consent to data processing for analytics purposes. Data is cached for 30 days, automatically refreshed, and not permanently stored.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (Note: We do not sell personal data)
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise

To exercise these rights, contact us using the information above.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process data based on your explicit consent when creating a dashboard
  • Data Portability: Right to receive your data in a structured format
  • Rectification: Right to correct inaccurate personal data
  • Erasure: Right to request deletion of your data
  • Restriction: Right to restrict processing in certain circumstances
  • Objection: Right to object to data processing

To exercise these rights or file a complaint with your local data protection authority, contact us using the information above.

This privacy policy is designed to be transparent about our minimal data collection and temporary storage practices. Your climbing data remains yours, and we're simply here to help you visualize and understand your climbing journey.

← Back to Home