Legal
Privacy Policy
Last updated March 20, 2026
DriftLine Co. LLC ("DriftLine Co.," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the DriftLine mobile application and web application (collectively, the "App"). By accessing or using the App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Use.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE THE APP.
Table of Contents
- 1. Information We Collect
- 2. How We Use Your Information
- 3. Legal Basis for Processing
- 4. Data Sharing and Disclosure
- 5. Third-Party Services
- 6. Data Storage, Security, and Retention
- 7. Your Rights and Choices - All Users
- 7.1 How to Delete Your Account
- 8. U.S. State Privacy Rights
- 9. International Privacy Rights (GDPR)
- 10. Canadian Privacy Rights (PIPEDA & BC PIPA)
- 11. Children's Privacy
- 12. International Data Transfers
- 13. Do Not Track & Global Privacy Control
- 14. Data Breach Notification
- 15. Changes to This Privacy Policy
- 16. Contact Us
1. Information We Collect
1.1 Categories of Personal Information Collected
The following table describes the categories of personal information we may collect, as defined under various U.S. state privacy laws:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Email address, device identifiers, IP address | Yes |
| Customer Records | Name, address, phone number, payment info | No |
| Protected Classifications | Race, religion, sexual orientation, disability | No |
| Commercial Information | Subscription status, purchase history | Yes (subscription status only) |
| Biometric Information | Fingerprints, face recognition, voiceprints | No |
| Internet/Network Activity | Browsing history, App interactions, logs | Limited |
| Geolocation Data | Precise GPS location (with consent) | Yes* |
| Sensory Data | Audio, visual, thermal, olfactory | Photos only** (no audio stored) |
| Professional/Employment | Job title, employer, work history | No |
| Education Information | School records, grades | No |
| Inferences | Profiles reflecting preferences, behavior | No |
| Sensitive Personal Information | SSN, financial accounts, precise geolocation, health data, racial/ethnic origin | Geolocation only* |
* Precise geolocation is collected only with your explicit consent. Location is accessed in the foreground for map display. If you enable Track Recording, location is also collected in the background (with the screen locked) to record your trail — see Section 1.4 for details. Track data is stored on your device and synced to your account.
** Photos are collected only if you voluntarily upload them to the catch log, hunting journal, waypoint, or alert reporting features.
1.2 Information You Provide Directly
- Email Address: If you join our waitlist or create an account, we collect your email address for authentication and communication purposes.
- Catch Log Data: If you use our catch logging feature, we collect information you voluntarily provide including fish species, location codes, dates, and any photos you upload.
- Hunting Journal Data: If you use our hunting journal feature, we collect information you voluntarily provide including harvest records, species, location data, dates, and any photos you upload.
- Trip Notes: If you use the trip notes feature, we collect text notes and timestamps you voluntarily provide.
- Waypoints: If you save waypoints, we collect the GPS coordinates, names, descriptions, and any photos you attach.
- Track Recording Data: If you use the track recording feature, we collect GPS trail points recorded during your session, including coordinates, altitude, and timestamps. See Section 1.4 for details on foreground and background location collection.
- Forum Posts: If you participate in the community forum, we collect your display name, the text content of your posts, and any images you attach (up to 5 per post). Forum posts and display names are visible to other App users.
- Voice Input: If you use the voice dictation feature, audio is processed on-device by your device's speech recognition service to convert speech to text. We receive only the resulting text, not audio recordings.
- Subscription Information: If you subscribe to DriftLine Pro, we receive your subscription status, entitlement information, and transaction identifiers from RevenueCat (our subscription management provider). We do not receive or store your payment card details — all payment processing is handled by Apple or Google.
- Display Name: If you set a display name (typically a first name), it is used to identify your forum posts and community contributions. This is not required to be your legal name.
- Guide Directory Information: If you are a fishing or hunting guide and claim a profile, we collect information you voluntarily provide including your business name, guide license number, license state, contact information (phone, email, website), social media handles, specialties, regions served, bio, certifications, and photos.
- Community Photos: If you submit photos of water access points or other community-contributed content, we collect the images and associated metadata.
- Photo Moderation: Photos you upload (catch logs, hunting journal, waypoints, forum posts, community photos) are automatically screened using AWS Rekognition, an automated content moderation service, to detect content that violates our Community Guidelines (such as explicit, violent, or otherwise inappropriate content). This is automated processing — no human reviews your photos unless they are flagged by the moderation system. If a photo is flagged, it may be removed or held for manual review. You may contact us at support@driftlineco.com to appeal a moderation decision.
- AI-Powered Features: If you use the AI-powered fishing or hunting intelligence features, we collect the queries, species selections, and contextual data you provide (including your location if enabled) to generate AI-powered reports. Your queries are transmitted to our servers and processed using AI systems. See Section 2.2 for details.
- User Preferences: Settings, favorites, and preferences you configure within the App.
- Communications: Any information you provide when you contact us for support or feedback.
1.3 Information Collected Automatically
- Device Information: Device type, operating system version, unique device identifiers, and platform information (iOS/Android) to ensure proper App functionality.
- Push Notification Tokens: If you enable push notifications, we store a device-specific token to deliver river flow alerts. This token does not personally identify you.
- Usage Data: Anonymized analytics data about how you interact with the App to improve functionality and user experience.
- Log Data: Our servers may automatically record information including your IP address, access times, and App crashes for debugging and security purposes.
- Web Properties: When you visit our website (including this Privacy Policy and Terms of Use pages), we use AWS CloudWatch Real User Monitoring (RUM) to collect anonymized performance and error telemetry. This may involve cookies for session tracking. No personally identifiable information is collected through web monitoring beyond standard HTTP request data (IP address, browser type, page interactions).
1.4 Precise Geolocation Information
- Foreground Location: With your explicit opt-in consent, we access your device's GPS location to display your position on the map and show nearby rivers and features. Foreground location data is used in real time and is not stored on our servers.
- Background Location (Track Recording): If you enable the Track Recording feature, the App collects your GPS location in the background — including when the screen is locked or the App is not in the foreground. This is used solely to record your trail so you can retrace your route. On Android, a persistent notification is displayed while background location is active. Background location is collected only while a track recording session is active and stops when you end the session.
- Track Data Storage: GPS trail points from track recording sessions (coordinates, altitude, timestamps) are stored on your device and synced to your account on our servers. You can delete individual tracks at any time, and all track data is deleted when you delete your account.
- No Third-Party Sharing: We do not transmit your precise location to third parties, except as anonymized map tile requests to Mapbox as necessary for map display.
- Your Control: You may revoke location permissions at any time through your device settings. You can stop any active track recording at any time. The App will continue to function without location access, though map positioning and track recording features will be unavailable.
1.5 Sensitive Personal Information
Under various state privacy laws, precise geolocation is considered "sensitive personal information." We collect precise geolocation only with your explicit opt-in consent and use it solely to provide location-based features within the App. We do not use sensitive personal information for profiling, advertising, or any purpose beyond providing the core App functionality you requested.
1.6 Information We Do NOT Collect
- Full legal names or government-issued personal identifiers beyond email address (we may collect an optional display name you choose)
- Phone numbers
- Physical addresses or payment information
- Social Security numbers or government-issued IDs
- Financial account information
- Health or medical information
- Biometric data (fingerprints, facial recognition)
- Racial or ethnic origin, religious beliefs, or political opinions
- Sexual orientation or gender identity
- Browsing history outside the App
- Data from minors under 13 (or 16 in certain jurisdictions)
1.7 Sources of Personal Information
We collect personal information from the following sources:
- Directly from you: When you create an account, submit catch logs, hunting journals, trip notes, waypoints, forum posts, or contact us
- Automatically from your device: When you use the App (device info, usage data, crash logs)
- With your consent: Location data when you grant permission
We do NOT purchase personal information from data brokers or collect information from third-party sources about you.
2. How We Use Your Information
2.1 Business Purposes
We use the information we collect for the following business purposes:
- Service Delivery: To provide, maintain, and improve the App's features and functionality
- Notifications: To send push notifications about river flow conditions, weather conditions, and hunting-related alerts you've configured
- Communications: To respond to your inquiries, provide customer support, and send service-related announcements
- Product Updates: To send periodic updates about new features, improvements, and company news (you may unsubscribe at any time)
- Analytics: To analyze usage patterns and improve user experience (using anonymized and aggregated data)
- Security: To detect, prevent, and address technical issues, fraud, or security threats
- Debugging: To identify and repair errors that impair App functionality
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
2.2 AI-Powered Features
When you use the App's AI-powered fishing or hunting intelligence features, the following data may be transmitted to our servers for processing by AI systems:
- Your location (if location access is enabled)
- The species, location, and activity type you select
- Custom questions or prompts you enter
- Environmental context (weather conditions, water data, regulation information relevant to your query)
This data is processed on our backend servers using AI models to generate fishing or hunting intelligence reports. We do not transmit your personal identity (email, account ID) to third-party AI providers. Contextual data is sent without personally identifiable information. AI-generated responses may be cached on our servers to improve performance. We do not use your AI queries or responses for training AI models.
2.3 We Do NOT Use Your Information For:
- Selling your personal information to third parties
- Sharing your personal information for cross-context behavioral advertising
- Targeted advertising or ad personalization
- Building consumer profiles for marketing purposes
- Automated decision-making that produces legal or similarly significant effects
- Profiling in furtherance of decisions that produce legal or similarly significant effects
Important: DriftLine Co. does NOT sell, share, or rent your personal information to third parties for monetary or other valuable consideration. We do NOT engage in targeted advertising or cross-context behavioral advertising.
3. Legal Basis for Processing
3.1 For All Users
We process your personal information based on the following legal grounds:
- Contractual Necessity: Processing necessary to provide the App services you requested
- Consent: Where you have given explicit, informed consent (e.g., push notifications, location access, email communications)
- Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the App, ensuring security, preventing fraud), balanced against your rights and interests
- Legal Obligation: Processing necessary to comply with applicable laws and regulations
3.2 Withdrawing Consent
Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. To withdraw consent:
- Push Notifications: Disable in device settings or App settings
- Location Access: Revoke in device settings
- Email Communications: Click "unsubscribe" in any email or contact us
- Account/Data: Contact info@baselinemaps.io to request deletion
4. Data Sharing and Disclosure
4.1 We Do Not Sell Your Personal Information
DriftLine Co. does NOT sell your personal information. We have not sold personal information in the preceding 12 months and do not have plans to sell personal information in the future.
4.2 We Do Not Share for Targeted Advertising
DriftLine Co. does NOT share your personal information for cross-context behavioral advertising or targeted advertising purposes.
4.3 Limited Disclosure for Business Purposes
We may disclose your information only in the following limited circumstances:
| Recipient Category | Purpose | Categories of PI Disclosed |
|---|---|---|
| Cloud Service Providers (AWS) | Data hosting and storage | Identifiers, user content, usage data |
| Push Notification Services (Expo) | Delivering push notifications | Device tokens only |
| Map Services (Mapbox) | Map display functionality | Anonymous usage metrics |
| Subscription Management (RevenueCat) | Managing subscriptions, entitlements, and purchase verification | Anonymous user ID, subscription status, transaction IDs |
| Payment Processing (Apple/Google) | Processing subscription payments | None directly from us — managed by your app store account |
| Legal/Government Authorities | Legal compliance, law enforcement | As required by law |
| Professional Advisors | Legal, accounting, audit services | As necessary for services |
| Business Transferees | Merger, acquisition, or sale | All categories (with notice) |
4.4 Service Provider Requirements
All service providers who receive personal information are contractually required to:
- Use personal information only for the specified business purpose
- Not sell or share the personal information
- Not use the information for their own purposes
- Implement appropriate security measures
- Notify us of any data breaches
- Delete or return personal information upon request
- Allow audits of their data handling practices
4.5 Legal Disclosures
We may disclose personal information if required or permitted by law, including:
- In response to a subpoena, court order, or other legal process
- To comply with applicable laws and regulations
- To protect our rights, property, or safety, or that of our users or the public
- To investigate potential violations of our Terms of Use
- To cooperate with law enforcement investigations
5. Third-Party Services
The App integrates with the following third-party services. Each operates under its own privacy policy, which we encourage you to review:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting and storage | Account data, catch logs (encrypted) | AWS Privacy |
| Mapbox | Map display and navigation | Anonymous telemetry per their policy | Mapbox Privacy |
| Expo | Push notification delivery | Device push tokens only | Expo Privacy |
| RevenueCat | Subscription management and entitlement verification | Anonymous user ID, subscription status, purchase transactions | RevenueCat Privacy |
| Apple App Store / Google Play Store | Payment processing for subscriptions | No personal data shared by us — payments handled by your platform account | Apple / Google |
| Apple Sign-In | Authentication (optional sign-in method) | Apple identity token exchanged for app authentication | Apple Privacy |
| Google Sign-In | Authentication (optional sign-in method) | Google identity token exchanged for app authentication | Google Privacy |
| Sentry | Crash reporting and performance monitoring | Anonymous user ID, app version, device info, crash stack traces, navigation breadcrumbs (no email, passwords, or tokens) | Sentry Privacy |
| USGS Water Services | River flow data | No personal data shared | Government public data |
| Water Survey of Canada | Canadian river flow data | No personal data shared | Government public data |
| NOAA NWRFC | Forecast data | No personal data shared | Government public data |
| Stormglass.io | Marine weather, tides, astronomy | Anonymous location coordinates for weather lookup | Stormglass Privacy |
| WDFW / Data.WA | Fishing regulations, fish stocking data | No personal data shared | Government public data |
| USDA NAIP (via Mapbox) | Aerial imagery | No personal data shared | Government public data |
We are not responsible for the privacy practices of third-party services. When you interact with these services, their privacy policies govern.
6. Data Storage, Security, and Retention
6.1 Data Storage Location
Your data is stored securely using Amazon Web Services (AWS) infrastructure located in the United States (specifically, the us-west-2 region). By using the App, you consent to the transfer and storage of your information in the United States.
6.2 Security Measures
We implement industry-standard technical, administrative, and physical security measures including:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
- Encryption at Rest: Stored data is encrypted using AES-256 encryption
- Access Controls: Strict role-based access controls limiting employee access to personal data
- Authentication: Secure authentication mechanisms for all system access
- Monitoring: Continuous monitoring for security threats and unauthorized access
- Regular Assessments: Periodic security assessments and penetration testing
- Incident Response: Documented incident response procedures
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge and accept this inherent risk when using the App.
6.3 Data Retention Schedule
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Push Notification Tokens | 12 months | Automatic after inactivity |
| Account Data (email address) | Until deletion request or 24 months of inactivity | User request or inactivity |
| Catch Log Data | Until deleted by user or account deletion | User-initiated deletion |
| Catch Log Photos | Until deleted by user or account deletion | User-initiated deletion |
| Hunting Journal Data | Until deleted by user or account deletion | User-initiated deletion |
| Hunting Journal Photos | Until deleted by user or account deletion | User-initiated deletion |
| Trip Notes | Until deleted by user or account deletion | User-initiated deletion |
| Hunt Notes | Until deleted by user or account deletion | User-initiated deletion |
| Waypoints | Until deleted by user or account deletion | User-initiated deletion |
| Track Recording Data | Until deleted by user or account deletion | User-initiated deletion |
| Forum Posts | Until deleted by user or account deletion | User-initiated deletion |
| Guide Directory Profile Data | Until deleted by guide or account deletion | User-initiated deletion or claim withdrawal |
| AI Intelligence Queries & Responses | Cached responses up to 24 hours; query logs up to 90 days | Automatic expiration |
| Community-Submitted Photos | Until removed by moderation or account deletion | Moderation review or account deletion |
| App Preferences/Settings | Until account deletion | Account deletion |
| Server Logs (IP, access) | 90 days | Automatic rotation |
| Crash Reports | 12 months | Automatic deletion |
| Anonymized Analytics | Indefinite | Not deleted (no personal info) |
Upon account deletion, we will delete or anonymize your personal information within 45 days, except as required to comply with legal obligations, resolve disputes, or enforce our agreements.
7. Your Rights and Choices - All Users
Regardless of your location, all DriftLine Co. users have the following rights:
- Access: Request information about what personal data we have collected about you
- Deletion: Request deletion of your personal information
- Correction: Request correction of inaccurate personal information
- Data Portability: Request a copy of your data in a portable format
- Opt-Out of Communications: Unsubscribe from marketing emails at any time
- Push Notifications: Disable at any time via device settings or within the App
- Location Access: Revoke permissions in your device settings at any time
To exercise any of these rights, contact us at info@baselinemaps.io.
7.1 How to Delete Your Account
You can delete your account and all associated data at any time using one of these methods:
Option 1: Delete In-App (Recommended)
- Open the DriftLine app
- Go to More → Settings
- Scroll down and tap Delete Account
- Confirm your decision
Your account and all associated data (catch logs, trip notes, photos, preferences) will be permanently deleted immediately.
Option 2: Request Deletion via Email
If you cannot access the app, you may request account deletion by emailing:
Please include the email address associated with your account. We will process your request within 3 days and confirm deletion.
What Gets Deleted
- Your account credentials and profile
- All catch log entries and associated photos
- All hunting journal entries and associated photos
- All trip notes and hunt notes
- All track recording data
- All forum posts and community-submitted photos
- Guide directory profile data (if applicable)
- Saved waypoints and preferences
- Alert configurations
- AI intelligence query history
- Any other data associated with your account
Note: Deletion is permanent and cannot be undone. Anonymized analytics data that cannot be linked to you may be retained.
Important — Active Subscriptions: Deleting your account does not automatically cancel your app store subscription. If you have an active DriftLine Pro subscription, you must separately cancel it through your device's account settings (Apple ID settings on iOS, Google Play subscriptions on Android) to stop future charges. DriftLine Co. is not responsible for charges incurred after account deletion if you have not independently cancelled your subscription with the applicable app store.
8. U.S. State Privacy Rights
This section provides additional disclosures required under various U.S. state privacy laws. If you are a resident of any of the following states, you may have additional rights as described below.
8.1 California (CCPA/CPRA)
Applicable Law: California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
If you are a California resident, you have the following rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (geolocation) for providing the service you requested
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.
Verification: We will verify your identity before fulfilling requests by matching information you provide with information we have on file.
Response Time: We will respond within 45 days of receiving a verifiable request, with one 45-day extension if necessary.
Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information for direct marketing purposes.
To Submit a Request: Email info@baselinemaps.io with "California Privacy Request" in the subject line.
8.2 Virginia (VCDPA)
Applicable Law: Virginia Consumer Data Protection Act (VCDPA) - Effective January 1, 2023
If you are a Virginia resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable, readily usable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General at oag.state.va.us.
To Submit a Request: Email info@baselinemaps.io with "Virginia Privacy Request" in the subject line.
8.3 Colorado (CPA)
Applicable Law: Colorado Privacy Act (CPA) - Effective July 1, 2023
If you are a Colorado resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days. If the appeal is denied, you may contact the Colorado Attorney General at coag.gov.
To Submit a Request: Email info@baselinemaps.io with "Colorado Privacy Request" in the subject line.
8.4 Connecticut (CTDPA)
Applicable Law: Connecticut Data Privacy Act (CTDPA) - Effective July 1, 2023
If you are a Connecticut resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Connecticut Attorney General at portal.ct.gov/AG.
To Submit a Request: Email info@baselinemaps.io with "Connecticut Privacy Request" in the subject line.
8.5 Utah (UCPA)
Applicable Law: Utah Consumer Privacy Act (UCPA) - Effective December 31, 2023
If you are a Utah resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Delete: Delete personal data you have provided
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising and sale of personal data. Note: We do not engage in these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
To Submit a Request: Email info@baselinemaps.io with "Utah Privacy Request" in the subject line.
8.6 Texas (TDPSA)
Applicable Law: Texas Data Privacy and Security Act (TDPSA) - Effective July 1, 2024
If you are a Texas resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We will honor universal opt-out mechanisms beginning January 1, 2025.
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Texas Attorney General.
To Submit a Request: Email info@baselinemaps.io with "Texas Privacy Request" in the subject line.
8.7 Oregon (OCPA)
Applicable Law: Oregon Consumer Privacy Act (OCPA) - Effective July 1, 2024
If you are an Oregon resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data, including a list of specific third parties to whom we have disclosed data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained, including from third parties
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days. If the appeal is denied, you may contact the Oregon Attorney General.
To Submit a Request: Email info@baselinemaps.io with "Oregon Privacy Request" in the subject line.
8.8 Montana (MCDPA)
Applicable Law: Montana Consumer Data Privacy Act (MCDPA) - Effective October 1, 2024
If you are a Montana resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Montana Privacy Request" in the subject line.
8.9 Delaware (DPDPA)
Applicable Law: Delaware Personal Data Privacy Act (DPDPA) - Effective January 1, 2025
If you are a Delaware resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by January 1, 2026).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Delaware Privacy Request" in the subject line.
8.10 Iowa (ICDPA)
Applicable Law: Iowa Consumer Data Protection Act (ICDPA) - Effective January 1, 2025
If you are an Iowa resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Delete: Delete personal data you have provided
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising and sale of personal data. Note: We do not engage in these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Response Time: We will respond within 90 days.
To Submit a Request: Email info@baselinemaps.io with "Iowa Privacy Request" in the subject line.
8.11 Nebraska (NDPA)
Applicable Law: Nebraska Data Privacy Act (NDPA) - Effective January 1, 2025
If you are a Nebraska resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Nebraska Privacy Request" in the subject line.
8.12 New Hampshire (NHPA)
Applicable Law: New Hampshire Privacy Act (NHPA) - Effective January 1, 2025
If you are a New Hampshire resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by January 1, 2027).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "New Hampshire Privacy Request" in the subject line.
8.13 New Jersey (NJDPA)
Applicable Law: New Jersey Data Privacy Act (NJDPA) - Effective January 15, 2025
If you are a New Jersey resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation). New Jersey has an expanded definition of sensitive data that includes financial information and certain demographic data - we do not collect these categories.
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by July 15, 2025).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days.
To Submit a Request: Email info@baselinemaps.io with "New Jersey Privacy Request" in the subject line.
8.14 Tennessee (TIPA)
Applicable Law: Tennessee Information Protection Act (TIPA) - Effective July 1, 2025
If you are a Tennessee resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Tennessee Privacy Request" in the subject line.
8.15 Minnesota (MCDPA)
Applicable Law: Minnesota Consumer Data Privacy Act (MCDPA) - Effective July 31, 2025
If you are a Minnesota resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
- Right to Question Profiling: Question the result of profiling and be informed of the reason. Note: We do not engage in profiling.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by July 31, 2026).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days.
To Submit a Request: Email info@baselinemaps.io with "Minnesota Privacy Request" in the subject line.
8.16 Maryland (MODPA)
Applicable Law: Maryland Online Data Privacy Act (MODPA) - Effective October 1, 2025
If you are a Maryland resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising and sale of personal data. Note: We do not engage in these activities.
Important: Maryland prohibits the sale of sensitive data entirely (not just requiring consent). We do not sell any personal information, including sensitive data.
Data Minimization: Maryland requires data minimization - we only collect data reasonably necessary for the purpose disclosed.
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by October 1, 2027).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Maryland Privacy Request" in the subject line.
8.17 Indiana (ICDPA)
Applicable Law: Indiana Consumer Data Protection Act (ICDPA) - Effective January 1, 2026
If you are an Indiana resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Indiana Privacy Request" in the subject line.
8.18 Kentucky (KCDPA)
Applicable Law: Kentucky Consumer Data Protection Act (KCDPA) - Effective January 1, 2026
If you are a Kentucky resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Kentucky Privacy Request" in the subject line.
8.19 Rhode Island (RIDPA)
Applicable Law: Rhode Island Data Privacy Act (RIDPA) - Effective January 1, 2026
If you are a Rhode Island resident, you have the following rights:
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided or we have obtained
- Right to Data Portability: Obtain a copy of your personal data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).
Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by January 1, 2027).
Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.
Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.
To Submit a Request: Email info@baselinemaps.io with "Rhode Island Privacy Request" in the subject line.
8.20 Other States
Privacy laws are rapidly evolving across the United States. If you are a resident of a state not listed above and your state has enacted a consumer data privacy law, we will honor the rights provided under that law. Please contact us at info@baselinemaps.io with your state-specific request, and we will respond in accordance with applicable law.
We actively monitor privacy legislation and will update this Privacy Policy as new laws take effect.
8.21 Summary of State Privacy Rights
| State | Law | Effective Date | Appeal Right | GPC Required |
|---|---|---|---|---|
| California | CCPA/CPRA | Jan 2020/2023 | No | Yes |
| Virginia | VCDPA | Jan 1, 2023 | Yes (60 days) | No |
| Colorado | CPA | Jul 1, 2023 | Yes (45 days) | Yes |
| Connecticut | CTDPA | Jul 1, 2023 | Yes (60 days) | Yes |
| Utah | UCPA | Dec 31, 2023 | No | No |
| Texas | TDPSA | Jul 1, 2024 | Yes (60 days) | Yes (2025) |
| Oregon | OCPA | Jul 1, 2024 | Yes (45 days) | Yes |
| Montana | MCDPA | Oct 1, 2024 | Yes (60 days) | Yes |
| Delaware | DPDPA | Jan 1, 2025 | Yes (60 days) | Yes (2026) |
| Iowa | ICDPA | Jan 1, 2025 | No | No |
| Nebraska | NDPA | Jan 1, 2025 | Yes (60 days) | Yes |
| New Hampshire | NHPA | Jan 1, 2025 | Yes (60 days) | Yes (2027) |
| New Jersey | NJDPA | Jan 15, 2025 | Yes (45 days) | Yes (Jul 2025) |
| Tennessee | TIPA | Jul 1, 2025 | Yes (60 days) | No |
| Minnesota | MCDPA | Jul 31, 2025 | Yes (45 days) | Yes (2026) |
| Maryland | MODPA | Oct 1, 2025 | Yes (60 days) | Yes (2027) |
| Indiana | ICDPA | Jan 1, 2026 | Yes (60 days) | No |
| Kentucky | KCDPA | Jan 1, 2026 | Yes (60 days) | No |
| Rhode Island | RIDPA | Jan 1, 2026 | Yes (60 days) | Yes (2027) |
9. International Privacy Rights (GDPR)
9.1 European Economic Area, United Kingdom, and Switzerland
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent laws:
- Right of Access (Article 15): Request confirmation of whether we process your personal data and receive a copy
- Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
- Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing (Article 18): Request limitation of how we process your data
- Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format and transmit it to another controller
- Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
- Right Not to be Subject to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that produce legal effects. Note: We use automated photo moderation (AWS Rekognition) to screen uploaded images for content policy violations. This processing does not produce legal effects — flagged content may be removed from the platform. You may contact us to appeal any automated moderation decision.
- Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with your local supervisory authority (Data Protection Authority)
9.2 International Data Transfers
Your personal data may be transferred to and processed in the United States, where our servers are located. The United States may not have the same level of data protection as your home country. We implement appropriate safeguards for international transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Reliance on adequacy decisions where applicable
- Your explicit consent to the transfer
9.3 Data Protection Officer
For GDPR-related inquiries, you may contact us at info@baselinemaps.io. We will respond to your request within 30 days as required by GDPR.
9.4 Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes applicable law.
10. Canadian Privacy Rights (PIPEDA & BC PIPA)
If you are located in Canada, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level, and if you are a resident of British Columbia, additionally under the Personal Information Protection Act (PIPA).
10.1 Your Rights Under PIPEDA (All Canadian Residents)
Under PIPEDA, you have the following rights regarding your personal information:
- Right to Access: Request access to your personal information held by us and information about how it has been used and disclosed
- Right to Correction: Request correction of any inaccurate or incomplete personal information
- Right to Withdraw Consent: Withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions
- Right to Complain: File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated
10.2 PIPEDA Fair Information Principles
We comply with the ten fair information principles under PIPEDA:
- Accountability: We are responsible for personal information under our control and have designated a privacy officer
- Identifying Purposes: We identify the purposes for collecting personal information at or before the time of collection
- Consent: We obtain your knowledge and consent for the collection, use, or disclosure of personal information, except where inappropriate or not required by law
- Limiting Collection: We limit our collection of personal information to what is necessary for the identified purposes
- Limiting Use, Disclosure, and Retention: We use or disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary
- Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used
- Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information
- Openness: We make information about our policies and practices relating to personal information management readily available
- Individual Access: Upon request, we inform you of the existence, use, and disclosure of your personal information and provide access to that information
- Challenging Compliance: You may challenge our compliance with these principles by contacting our privacy officer
10.3 British Columbia Residents (BC PIPA)
If you are a resident of British Columbia, your personal information is also protected under British Columbia's Personal Information Protection Act (PIPA). Under BC PIPA, you have the following additional rights:
- Right to Access: Request access to your personal information in our custody or control, and information about how we have used and disclosed it during the preceding year
- Right to Correction: Request correction of errors or omissions in your personal information
- Right to Know: Be informed about our policies and practices regarding the management of personal information
- Right to Withdraw Consent: Withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice
- Right to Complain: File a complaint with the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC)
10.4 Consent Under Canadian Law
We obtain your consent before collecting, using, or disclosing your personal information. Consent may be:
- Express Consent: Given explicitly (orally, in writing, or electronically) for sensitive information such as precise geolocation
- Implied Consent: Reasonably inferred from your actions or inaction for less sensitive information
You may withdraw your consent at any time by contacting us. Withdrawal of consent may affect our ability to provide certain services.
10.5 Cross-Border Data Transfers
Your personal information may be transferred to, stored, and processed in the United States, where our servers are located. By using the App, you consent to the transfer of your personal information outside of Canada. We ensure that any service providers who access your personal information outside of Canada provide a comparable level of protection.
Under BC PIPA, we notify you that your personal information may be stored or accessed outside of Canada and may be subject to the legal requirements of foreign jurisdictions, including lawful requirements to disclose personal information to government authorities in those jurisdictions.
10.6 Breach Notification (Canada)
In accordance with PIPEDA and BC PIPA breach notification requirements, if we experience a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will:
- Notify you as soon as feasible of the breach
- Report the breach to the Office of the Privacy Commissioner of Canada
- Report to the BC OIPC if the breach involves BC residents
- Notify any other organization or government institution that may be able to reduce the risk of harm
- Maintain records of all breaches for at least 24 months
10.7 Retention and Disposal (Canada)
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal information is no longer needed, we will securely destroy, erase, or anonymize it.
10.8 Submitting Requests (Canadian Residents)
To exercise your privacy rights under PIPEDA or BC PIPA, please contact us at:
Email: info@baselinemaps.io
Include "Canadian Privacy Request" in the subject line and specify your province of residence.
Response Time: We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reasons.
10.9 Filing a Complaint
If you are not satisfied with our response to your privacy concern, you may file a complaint with:
- Office of the Privacy Commissioner of Canada:
Website: priv.gc.ca
Toll-free: 1-800-282-1376 - Office of the Information and Privacy Commissioner for British Columbia (for BC residents):
Website: oipc.bc.ca
Phone: 250-387-5629
10.10 Other Canadian Provinces
If you are a resident of Alberta or Quebec, additional provincial privacy legislation may apply:
- Alberta: Personal Information Protection Act (AB PIPA) - Similar rights to BC PIPA. Contact the Office of the Information and Privacy Commissioner of Alberta (OIPC Alberta) at oipc.ab.ca
- Quebec: Act Respecting the Protection of Personal Information in the Private Sector (Quebec Private Sector Act) and Law 25 amendments. Quebec residents have enhanced rights including data portability. Contact the Commission d'accès à l'information du Québec at cai.gouv.qc.ca
For residents of other Canadian provinces and territories, PIPEDA applies as the governing federal privacy law.
11. Children's Privacy
The App is not intended for and is not directed at children. We do not knowingly collect personal information from:
- Children under the age of 13 (United States - COPPA, Canada - PIPEDA)
- Children under the age of 16 (European Economic Area, United Kingdom - GDPR)
- Children under the minimum age specified by applicable law in your jurisdiction
If you are a parent or guardian and believe we have inadvertently collected personal information from your child, please contact us immediately at info@baselinemaps.io. We will promptly:
- Verify the claim
- Delete all personal information associated with the child
- Confirm deletion to you
12. International Data Transfers
DriftLine Co. is based in the United States, and your information is stored and processed on servers located in the United States (AWS us-west-2 region).
By using the App, you acknowledge and consent to the transfer, storage, and processing of your personal information in the United States and potentially other countries where our service providers operate. These countries may have data protection laws that are different from—and potentially less protective than—the laws of your country of residence.
We implement appropriate safeguards for international data transfers, including:
- Standard Contractual Clauses for transfers to third-party service providers
- Technical and organizational security measures
- Contractual data protection obligations on all recipients
13. Do Not Track & Global Privacy Control
13.1 Do Not Track (DNT)
Some web browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for interpreting DNT signals. The App does not currently respond to DNT signals. However, we do not engage in cross-site tracking or targeted advertising.
13.2 Global Privacy Control (GPC)
We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid request to opt out of the "sale" or "sharing" of personal information as defined by applicable state privacy laws (including California, Colorado, Connecticut, Montana, Oregon, and others).
Note: Since we do not sell or share personal information for targeted advertising, honoring GPC signals does not change how we process your data—but we respect and acknowledge these signals as required by law.
Learn more about GPC at globalprivacycontrol.org.
14. Data Breach Notification
In the event of a data breach involving your personal information, we will:
- Investigate and contain the breach promptly
- Assess the risk to affected individuals
- Notify affected individuals as required by applicable law, including:
- Within 72 hours to supervisory authorities under GDPR (if applicable)
- Within timeframes required by applicable U.S. state breach notification laws (typically 30-60 days)
- Provide information about the breach and steps you can take to protect yourself
- Document the breach and our response
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- We will update the "Last Updated" date at the top of this Privacy Policy
- For material changes, we will provide prominent notice by:
- Displaying a notice in the App
- Sending a push notification (if you have enabled notifications)
- Sending an email to registered users
- Where required by law, we will obtain your consent before implementing material changes
Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.
You can access previous versions of this Privacy Policy by contacting us at info@baselinemaps.io.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
DriftLine Co. LLC
Privacy Inquiries: info@baselinemaps.io
Legal Inquiries: info@baselinemaps.io
General Inquiries: info@baselinemaps.io
When contacting us about a privacy request, please include:
- Your state or country of residence
- The specific right you wish to exercise
- Enough information for us to verify your identity
We will respond to your inquiry within the timeframes required by applicable law:
- California (CCPA/CPRA): 45 days
- Most U.S. State Laws: 45 days
- Iowa: 90 days
- GDPR (EEA/UK): 30 days
- Canada (PIPEDA/BC PIPA): 30 days