Last updated on March 15th, 2024, with minor corrections on March 28th
This CalTopo Privacy Policy (the "Privacy Policy") applies to the Web sites, apps and extensions owned and operated by CalTopo, LLC. ("CalTopo," "we," "us" or "our") as listed below. If you have any questions or concerns regarding this Privacy Policy, please contact us first at accounts@caltopo.com or at +1 530-500-0530.
You agree to this Privacy Policy, in its entirety, when you: (a) access the Site or use the app; (b) utilize any map tool to view, organize or share maps and map tiles ("Services") (d) utilize the Sites’ many interactive features designed to allow you to add information to the maps and map tiles ("Content"); (e) or register in order to use the Services IF YOU DO NOT AGREE TO THIS PRIVACY POLICY IN ITS ENTIRETY, YOU SHOULD NOT ACCESS OR OTHERWISE USE THE SITE OR SERVICES.
We collect Personal Information from two types of users:
"Visitors" users who access our Site but do not register for Services.
"Customers" registered users (with an account, paid or free) who use our Site and use our Services or use Interactive Services and provide Content to the Site or Services. This may include the paying Customer or their authorized users.
Customers can set up a free account with limited functionality, an individual account or a team account that can connect to individual accounts with the individual account holder’s consent.
"Personal Information" means information or a set of information that identifies or could reasonably be ascribed to or be used by or on behalf of us to identify an individual or household. Personal Information does not include information that is encoded, anonymous, aggregated or publicly available information that has not been combined with non-public Personal Information.
We collect your personally identifiable information such as your name, email address (used as your login ID). For Customers, we also may collect your address and payment information for our payment processor, but we do not store your full credit card information ourselves.
If you are a Customer, then certain subscription levels will allow you to save public and private maps, tracks, custom layers, and other mapping data, as well as PDF and KML files, associated with your User ID.
We also collect information which may be combined or in some cases on its own may be considered Personal Information such as IP Address, Device ID and geolocation information.
From time-to-time, we may request information from users via surveys or contests such as name and e-mail address for Customers. Participation in these surveys and/or contests is completely voluntary and the user therefore has a choice as to whether or not to disclose this information. Survey information will be used for purposes of monitoring and/or improving the use and satisfaction of the Services.
We may log Visitors and Customers Personal Information, usage history as well as the IP Address.
A cookie is a piece of data tied to information about the user and stored on the user’s computer. We use both session cookies, which terminate when a user closes his/her browser, and persistent cookies, which remain on the user’s computer until manually deleted or the expiration date and time is reached. We use session cookies to make it easier for you to navigate the Site. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on the Site. For more information, please refer to our Cookie Policy.
In general, we may use the information we collect from our Services, App and the Site to provide services to you, and to:
We use information collected from cookies and other technologies to improve your user experience and the overall quality of our Service and for any other lawful purpose that we choose.
We will use your payment information to authenticate and process your payments for the Services.
Geolocation information is not saved or associated with a User ID unless the Customer chooses to save it by opting to do so.
Customer Service/Administration of the Services
We will share Personal Information in connection with Customer support and other contractors that assist us in providing the Services. When you register to access any of the Services, we use the personal information that you make available to provide the Services, personalize your experience with CalTopo and for verification purposes.
Individual account Customers may opt to link their account with a team account, in which such cases we share your User ID, name, and email address with the team account administrators. You can also opt to share maps with the team account members.
We may share your billing information with our payments processor so that they can process your payments on a one time or recurring basis, but we do not store your complete credit card information, CalTopo can only access the last four digits, CVC and expiration date. We may also use your personal information for internal business purposes, such as analyzing and managing our business or personnel training. We may also combine the information we have gathered about you with information from other sources.
We may also employ other companies and individuals to perform certain functions on our behalf. Examples include sending electronic mail, removing duplicate information from user lists, analyzing data and providing marketing analysis. The agents performing these limited functions on our behalf shall have access to our users’ personal information as needed to perform their functions for us but we do not permit them to use your personal information for other purposes
Customer Generated Maps
You may choose to share maps you create, which may include your location (generated by you or shared by you), or other customized map data and objects with third parties that you designate, including the general public, if you so choose. When you share a map you create the map will list your UserID. You can update your settings to change map privacy and access at any time.
Third Party Service Providers
When we share Personal Information with third parties, we always take steps to ensure that third parties will provide legal protections to your Personal Information.
The following third parties collect information on our behalf and share it with us.
Firebase Crashlytics. We use Firebase Crashlytics to track system crashes in order to fix bugs and other problems with our Services. Crashlytics collects a unique user ID, which in certain circumstances could be connected to your UserID or other Personal Information, as well as IP Address, device type and operating system and the time of the failure, which is connected to your usage in such cases. Google is the operator of Firebase, and you can get more information regarding their data protection policies on their privacy policy.
Stripe We utilize Stripe as a payment gateway for payments. Users should review Stripe's Security Policy before initiating transactions on the Site.
Matomo. Matomo is used to access anonymous data to help us understand how our Services are used. Matomo is a web analytics tool that helps CalTopo understand how users engage with our Site and App, so that we can review and improve our Services. Matomo collects information anonymously without any cookie. It provides a report to CalTopo with website trends without identifying individual visitors. Site usage is tracked using Matomo in accordance with their Privacy Policy
Law Enforcement and Internal Operations
Personal Information may be provided where we are required to do so by law (such as, but not limited to a government order or a subpoena), or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against CalTopo or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and debugging purposes, including investigation of violation of our terms or agreements with others; or (iv) to protect the rights, property or safety of CalTopo, its users, business partners or members of the general public. Moreover, you hereby consent to the disclosure of any record or communication to any third-party when CalTopo, in its sole discretion, determines the disclosure to be appropriate including, without limitation, sharing your email address with other third-parties for suppression purposes in compliance with the CAN-SPAM Act of 2003, as amended from time to time. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information.
Business Transfer
CalTopo may sell, transfer or otherwise share some or all of its assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, CalTopo will use commercially reasonable efforts to notify its users if their Personal Information is to be disclosed or transferred and/or becomes subject to a different privacy policy.
Third-Parties
We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, payments processing. We necessarily have to share your Personal Information with such third-parties as may be required to perform their functions.
Opt-Out/Unsubscribe
To opt-out of
receiving e-mail advertising and direct e-mail marketing from us,
you can follow the instructions at the end of the applicable
marketing message or email us at:
accounts@caltopo.com
Notwithstanding the foregoing, we may continue to contact you for the purpose of communicating information relating to your use of the Services, provide legal notices, and to respond to any inquiry or request made by you. To opt-out of receiving Service related and inquiry response-related messages from CalTopo, you must cease utilizing the Services and submitting inquiries to CalTopo, as applicable.
Updating, Deleting or Correcting Personally Identifiable
Information
At your request, we will inform you of the categories of Personal
Information we collect and what Personal Information we have on file
for you. You may do so by making the request
on our opt-out webform page, by
emailing our customer support department at
info@caltopo.com, or by
contacting us by telephone or postal mail at the contact information
listed below.
In addition, you may request we will remove and/or modify the personal information that you have provided to us, or that we have collected and we will comply with such requests to the extent permitted by law. You can correct your personal information through your Customer dashboard after you log in. If there is any additional information you would like deleted or changed that is not accessible there, you can contact us at accounts@caltopo.com. We require individuals to identify themselves and the information requested to be accessed, corrected or removed before processing such requests.
We will still retain such Personal Information as is necessary to provide the Services and retain it for such periods as necessary to protect and defend against legal claims, as required by law or and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others or those that would be extremely impractical (for instance, requests concerning information residing on backups).
We will retain your Customer Personal Information for as long as your account is active or as needed to provide you with access to the Services. If you wish to cancel your account or request that we no longer use your information to provide you with access to the Services as a Customer, please see the "Opt-Out/Unsubscribe" and/or "Updating, Deleting or Correcting Personally Identifiable Information" sections above.
Please be advised that deleting your personal information will terminate your access to some or all of the Services If you wish to continue using the Services, you may not delete the personal information we have on file for you if necessary to provide the Services.
Please be further advised that, after you delete your personal information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems. In addition, this deletion will not change or delete personal information which may have already been shared with third parties, all as provided above in this Privacy Policy. You will need to contact the third parties that contact you directly to change your preferences regarding their use of your personal information.
Third Party Websites
Our Site may contain links to third-party owned and/or operated
websites including, without limitation, websites owned and/or
operated by third parties. CalTopo is not responsible for the
privacy practices or the content of such websites. These third-party
websites have separate privacy and data collection practices and
CalTopo has no responsibility or liability relating to them.
Minors
Visitors under thirteen years of age are not permitted to use and/or
submit their personal information at our Sites without giving
consent to share their information as necessary to provide the
Services. CalTopo encourages parents and guardians to spend time
online with their children and to participate and monitor the
interactive activities of their children. Where permitted by
law, minors above 13 years of age can submit their personal
information and share it with their consent.
Changes to Privacy Policy
CalTopo reserves the right to change or update this Privacy Policy
at any time by posting a notice on the Site that we are changing
this Privacy Policy. If the manner in which we use personally
identifiable information changes, CalTopo will also notify users by:
(a) sending notice of the modified policy to our users via email;
and/or (b) any other reasonable means acceptable under applicable
state and federal law. You will have a choice as to whether or not
we use your information in this different manner, and we will only
use your information in this different manner where you opt-in to
such use.
Security
We endeavor to safeguard
and protect our users’ personal information. When users make
personal information available to us, their personal information is
protected both online and offline (to the extent that we maintain
any personal information offline). The privacy of your personal
information is very important to us.
Access to your personal information is strictly limited, and we take reasonable measures to ensure that your personal information is not accessible to the public. The servers that we store personal information on are kept in a secure physical environment. We also have security measures in place to protect against the loss, misuse and alteration of personal information under our control, including but not limited to using SSL encryption to transmit data, limited access to Personal Information requiring passwords and logged access. Please be advised, however, that while we take every reasonable precaution available to protect your data, no storage facility, technology, software, security protocols or data transmission over the Internet can be guaranteed to be 100% secure.
Computer hackers that circumvent our security measures may gain access to certain portions of your personal information, and technological bugs, errors and glitches may cause inadvertent disclosures of your personal information; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software may constitute a crime punishable by law. For the reasons mentioned above, we cannot warrant that your personal information will be absolutely secure. Any transmission of data at or through the Site is at your own risk.
All of our users’ personal information is restricted within our company. Only employees or third-party agents who need personal information to perform a specific job are granted access to personal information. While we cannot perfectly screen every employee, we do criminal background checks on our employees prior to granting access to Customer data. Our employees are dedicated to ensuring the security and privacy of all user personal information. Further, Employees not adhering to our firm policies are subject to disciplinary action. In compliance with applicable federal and state laws, we shall notify you and any applicable regulatory agencies in the event that we learn of an information security breach with respect to your personal information. You will be notified via email in the event of such a breach. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.
If users have any questions or suggestions regarding this Privacy Policy, or our privacy practices, please email us at: accounts@caltopo.com; call us at 530-500-0530; and/or send mail to:
CalTopo, LLC
11925 Rio Vista Dr
Truckee, CA 96161
CalTopo complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. CalTopo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. CalTopo has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the data privacy framework website at https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CalTopo commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissionerâs Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
The Federal Trade Commission has jurisdiction over CalTopo's compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Please note that we are required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You have the right, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms; for more information please see Annex I at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
CalTopo shall remain liable under the DPF Principles if an agent acting on our behalf processes personal information received under the DPF Principles in a manner inconsistent with those principles, unless CalTopo can prove that it is not responsible for the event giving rise to the damage.
Under Nevada law, certain Nevada consumers may opt out of the sale of "personally identifiable information" for monetary consideration to a person for that person to license or sell such information to additional persons. "Personally identifiable information" includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by email to: accounts@caltopo.com Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
This section solely applies to residents of California.
This California Consumer Act Privacy Notice ("CCPA Notice") applies only to "Consumers" as defined by the California Consumer Privacy Act ("CCPA"). Under the CCPA Notice, references to Personal Information applies to "Personal Information" as defined by the CCPA.
As a "Service Provider" under CCPA, we may come into possession of Consumer Personal Information and will treat such data in accordance with the CCPA to the extent we are required to do so.
While the specifics as to what "sale" of consumer Personal Information is, still unsettled at this time, we believe that do not disclose your Personal Information to any third party in a manner that would be considered a "sale" of Personal Information of consumers under the CCPA, we only disclose or share Personal Information as set forth in this Privacy Policy.
We collect and share the following categories of Personal Information from the corresponding sources and for the corresponding purposes set forth in the table below.
We collect the following categories of Personal Information from the customers and authorized users of our Service and website:
Personal Identifiers
First/last name;
e-mail address;
address, mobile and/or business telephone number;
Communicating with you
Analyzing use of our services
Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, breaches or potential breaches of terms and policies
Running internal trainings of CalTopo personnel
Login authentication
Authenticate login
Fixing and improving our services
personalizing content
Marketing and advertising
Administering surveys, sweepstakes, promotions, or contests
Support and troubleshooting
Communicating with you
Analyzing use of our services
Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies
Your use of our Services and the automatic collection from you that your use prompts
Contractors that administer or support our operations
Identifying fraud
(photos, geolocation data)
People you share maps with
Contractors that administer or support our operations
Law enforcement
Other Customers accessing maps or geolocation data that you choose to share.
More details concerning the business and commercial purposes are set forth in the Use of Personal Information and Sharing Personal Information sections above. We may disclose the categories of personal information identified in this California Privacy Notice about our California consumers for our operational purposes where the use of such personal information is reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected.
If you are a California resident who is considered a "consumer" in your dealings with us, you may have certain rights. California law may permit you to request that we, subject to confirming your identity:
You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights.
Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you, to defend against legal claims, detect fraud for compliance with applicable law and other business operations purposes. If you ask us to delete certain information, you may no longer be able to access or use the Services.
If you would like to exercise any of these rights, please visit here or contact us at phone number. You will be required to verify your identify before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us prior to responding to or complying with any requests.
To the extent we ever do "sell" Personal Information, you have the right to opt out of that sale. if you would like to opt out of that sale, please feel do so via our webform, via email us at accounts@caltopo.comor call us at 530-500-0530 and if we are required by law to comply with such request and subject to verification of your identity, we will do so. Note that if you chose to use our Services again after requesting to opt-out, that will serve as a voluntary opt-in as we require use of your Personal Information to provide the Services.
If you are a resident of the State of California and would like to learn how your "personal information" (as defined in the Shine the Light Law, Cal. Civ. Code § 1798.83) is shared with third-parties, what categories of personal information we have shared with third-parties in the preceding year, as well as the names and addresses of those third-parties, please contact us at: accounts@caltopo.com or telephone us at: 530-500-0530
Further, if you are a resident of the State of California and would like to opt-out from the disclosure of your personal information to any third-party for marketing purposes, please contact us at: accounts@caltopo.com or telephone us at: 530-500-0530. Please be advised that where California State residents opt-out from permitting their personal information to be shared, such individuals may still receive selected offers directly from us, in accordance with applicable law.
CalTopo is committed to providing you with meaningful choices about the information collected on our Platform for third party purposes. CalTopo does not currently recognize or respond to browser-initiated Do-Not-Track signals, as the industry is currently still working on Do-Not-Track standards, implementations, and solutions.
If you choose, you can manage whether you wish to allow optional cookies using the below checkbox.
A cookie is a small piece of data (text file) that a website - when visited by a user - asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies. We also use third party cookies - which are cookies from a domain different than the domain of the website you are visiting - for our advertising and marketing efforts.
More specifically, we use cookies and other tracking technologies for the following purposes:
Below is a detailed list of the cookies we use on our Website. We classify cookies in the following categories:
Strictly necessary cookies are always enabled. Features that use functional cookies will warn you that they they use cookies before you use the feature. Performance and targeting cookies are grouped together as optional cookies and these cookies may be disabled below.
o Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
_ssid, JSESSIONID: Set by CalTopo to track your login and map preferences
G_ENABLED_IDPS, __qca, __ssid, __stripe_mid, _fbp, _hjid, country_code, _wpndash, recognized_logins, tk_tc, wordpress_eli, wordpress_logged_in, wordpress_test_cookie, wp_api_sec, wpc_wpc: These cookies are set by WordPress upon logging into a wordpress account on blog, logging in is optional to view the blog or comment
_cf_bm, _cfruid, _help_center_session, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session : These cookies are used by Zendesk, our customer support platform, in order to manage help tickets and communicate with Cloudflare. They are only set when visiting help.caltopo.com.
grav-site-*: This is set by grav when utilizing our user guide and provides basic functionality of that site. This is only set when visiting training.caltopo.com
__stripe_mid, __stripe_orig_props, __stripe_sid, _fbp, cid, machine_identifier, merchant, private_machine_identifier, scfc, session, stripe.csrf, user: These are set by Stripe our payment processor and are required to process a payment.
o Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. Features which use these cookies will warn you before you use the feature. If you wish to avoid these cookies, do not use the features.
comment_author_{HASH}, comment_author_email_{HASH}, comment_author_url_{HASH}: These are set by wordpress if you opt to leave a comment on the blog and accept WordPress’s privacy policy and check the remember my information box. Reading the blog and comments will not set these cookies.
o Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow optional cookies we will not know when you have visited our site, and will not be able to monitor its performance.
_pk_ref, _pk_cvar, _pk_id, _pk_ses, mtm_consent, mtm_consent_removed, matomo_ignore: These are set by Matomo and help us understand our users behaviours on our site. They can be disabled using our site tool on this page.
o Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow optional cookies, you will not be tracked for advertising purposes.
act, c_user, datr, fr, locale, presence, sb, spin, wd, xs: These are set by Facebook through their like and share buttons, our website tool disables these cookies
_twitter_sess, ads_prefs, auth_token, csrf_same_site, csrf_same_site_set, ct0, external_referrer, gt, guest_id, kdt, lang, personalization_id, remember_checked_on, rweb_optin, tfw_exp, twid: These are set by Twitter and are disabled using our website tool.
Third Party Cookie Control
Here is a list of the third party special tools we use which may collect Tracking Information from you directly on our behalf using cookies and share it with us:
Matomo. Our Sites and Services utilize Matomo to
collect information about the use of the Sites and Services. Matomo
collects information such as how often users visit this
site, what pages they visit, when they do so, and what other sites
they used prior to coming to this site. We use the information we
get from Matomo only to improve this site, but in
anonymous form. Matomo collects only the first 2 bytes of the IP address
assigned to you on the date you visit this site and assigns a user
ID code, rather than your name or other identifying information. We
do not combine the information collected through the use of Matomo
with personally identifiable information. Matomo uses this
information to analyze your use of the website, to generate reports
about website activities for website operators and to provide
further services related to website and internet use.
Matomo’s ability to use and share information
collected about your visits to this site is restricted
by the Matomo Terms of Use and the Matomo
Privacy Policy.
For more information on Matomo and their privacy
practices, please review their privacy policy at
https://matomo.org/privacy-policy//.
Other Third Party Service Providers identified in the Privacy Policy section with the same name may also collect cookies in connection with the services they provide on our behalf in collecting Personal Data directly from you.
We are required by the California Consumer Privacy Act to provide California consumers the option to opt out of any current or future sales of personal information. The definition of sales is broad and includes joining a team account since that team account gains access to your e-mail address. Opting out of personal information sales therefore makes it impossible for us to allow you to join an account without reversing this opt-out.