Privacy Policy

Introduction

Welcome to Onsightful ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our climbing analytics platform at onsightful.com (the "Service").

By creating a dashboard on Onsightful, you explicitly consent to the data processing practices described in this policy.

Information We Collect

Data from Mountain Project

When you provide your Mountain Project profile URL or username, we collect:

• Climbing Activity Data: Routes climbed, grades, dates, locations, and tick types (onsight, redpoint, flash, etc.)
• Performance Metrics: Send rates, difficulty progression, and climbing volume statistics
• Public Profile Information: Your public Mountain Project username and user ID

Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: Pages viewed, features used, and interaction patterns
• Technical Data: Browser type, device information, IP address (for security purposes only)
• Performance Data: Page load times and error logs for service improvement

How We Use Your Information

We process your climbing data to:

• Generate Analytics: Create performance visualizations, grade pyramids, and progress charts
• Calculate Statistics: Compute send rates, hardest climbs, volume trends, and other metrics
• Provide Filtering: Enable date range, grade, and route type filtering
• Improve Service: Enhance features and fix bugs based on aggregate usage patterns

Data Storage and Retention

Temporary Caching

• 30-Day Cache: Your climbing data is cached for 30 days to improve performance
• Automatic Refresh: Data is automatically refreshed from Mountain Project when the cache expires
• No Permanent Storage: We do not permanently store your personal climbing data beyond the cache period

Data Location

• Data is temporarily cached on secure servers hosted by Google Cloud Platform
• All data transmission occurs over encrypted HTTPS connections

Data Sharing and Disclosure

We may share data only when:

• Required by Law: To comply with legal obligations or valid legal requests
• Safety and Security: To protect against fraud, abuse, or threats to our Service
• With Your Consent: When you explicitly authorize us to share specific information

Your Rights and Choices

Access and Control

You have the right to:

• View Your Data: Access all analytics generated from your Mountain Project profile
• Clear Cache: Request immediate deletion of your cached data
• Opt Out: Stop using the Service at any time (your cache will expire automatically)

Data Portability

• Your original data remains on Mountain Project and is accessible through their export features
• Analytics generated by our Service can be viewed but not exported in bulk

Security Measures

We implement industry-standard security measures including:

• Encryption: All data transmitted using HTTPS/TLS encryption
• Access Controls: Restricted server access with authentication requirements
• Input Validation: Protection against SQL injection, XSS, and SSRF attacks
• Rate Limiting: Prevention of abuse and denial-of-service attempts
• Content Limits: File size restrictions to prevent resource exhaustion

Third-Party Services

Mountain Project

• We fetch publicly available climbing data from Mountain Project
• Mountain Project's privacy policy governs their data collection practices
• We are not affiliated with Mountain Project or its parent companies

Google Cloud Platform

• Our infrastructure runs on Google Cloud Platform
• Google's security and privacy standards apply to data storage and processing
• No Google analytics or tracking cookies are used

Children's Privacy

Onsightful is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13, we will promptly delete it.

International Users

Our Service is operated from the United States. If you access Onsightful from outside the United States, please be aware that your data may be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the modified policy.

Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (Note: We do not sell personal data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

To exercise these rights, contact us using the information above.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process data based on your explicit consent when creating a dashboard
• Data Portability: Right to receive your data in a structured format
• Rectification: Right to correct inaccurate personal data
• Erasure: Right to request deletion of your data
• Restriction: Right to restrict processing in certain circumstances
• Objection: Right to object to data processing

To exercise these rights or file a complaint with your local data protection authority, contact us using the information above.