1. Introduction
Welcome to myNaturevista. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform and embeddable widgets for natural places and tourism content.
This policy applies to our website, dashboard, API services, and all related services (collectively, the "Service").
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Personal Information You Provide
When you register for an account or use our Service, we may collect:
- Account Information: Full name, email address, password (encrypted), phone number
- Business Information: Company domain, physical addresses (optional)
- Billing Information: Processed through Stripe (we do not store credit card details)
- Communication Data: Messages sent through our contact forms, support tickets, and email correspondence
- Custom Content: Natural places and tourism locations you add to the platform
2.2 Automatically Collected Information
When you use our Service, we automatically collect:
- Usage Data: Widget loads, API calls, feature usage, interaction patterns
- Technical Data: IP address, browser type, device information, user agent, operating system
- Analytics Data: Page views, referrer URLs, geographic location (country/region level), response times, HTTP status codes
- Cookies and Tracking Technologies: Authentication tokens, session data, and preference settings
2.3 Widget Visitor Data
When your website visitors interact with our embeddable widgets, we collect:
- Widget interaction events (views, clicks, openings)
- Visitor IP addresses
- Browser and device information
- Referrer URLs and domain information
- Geographic data (country and place viewed)
- Timestamps of interactions
3. How We Use Your Information
3.1 Service Delivery
- Provide, operate, and maintain our Service
- Process your subscription and manage your account
- Generate and manage API keys for widget integration
- Track usage against your subscription plan limits
- Deliver customer support and respond to inquiries
3.2 Service Improvement
- Analyze usage patterns to improve our Service
- Develop new features and functionality
- Monitor and analyze trends and performance
- Optimize widget performance and user experience
3.3 Communication
- Send transactional emails (account verification, password resets, billing notifications)
- Provide subscription renewal reminders
- Respond to your comments, questions, and requests
- Send technical notices and security alerts
3.4 Security and Compliance
- Detect, prevent, and address fraud, security issues, and technical problems
- Enforce our Terms of Service
- Comply with legal obligations and protect our legal rights
- Prevent abuse and violations of our usage policies
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data based on:
- Contract Performance: Processing necessary to provide our Service under our Terms of Service
- Legitimate Interests: Improving our Service, security, fraud prevention, and analytics
- Legal Compliance: Meeting legal and regulatory obligations
- Consent: Where you have explicitly consented to specific processing activities
5. Data Sharing and Disclosure
We do not sell your personal information. We may share your information with:
5.1 Service Providers
We work with third-party service providers who assist in operating our Service:
- Stripe: Payment processing and subscription management
- Google reCAPTCHA: Bot prevention and security (subject to Google Privacy Policy)
- Cloudinary: Image and media hosting
- Email Service Providers: Transactional and notification emails
- Firebase: Real-time data synchronization and authentication
These providers have access to your information only to perform tasks on our behalf and are obligated to protect your data.
5.2 Legal Requirements
We may disclose your information if required by law or in response to:
- Legal processes (subpoenas, court orders)
- Government or regulatory requests
- Protection of our rights, privacy, safety, or property
- Investigation of fraud, security, or technical issues
6. Data Retention
We retain your personal information for as long as necessary to maintain your active account and provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.
- Account Data: Retained while your account is active and for 30 days after deletion request
- Usage Analytics: Aggregated data retained for 24 months
- Contact Messages: Retained for 3 years for support purposes
- Billing Records: Retained for 7 years to comply with tax regulations
- Backup Data: Automatically deleted after 90 days from backup systems
7. Your Privacy Rights
7.1 All Users
You have the right to:
- Access and update your account information
- Request deletion of your account and personal data
- Opt-out of marketing communications
- Disable cookies (may affect functionality)
7.2 GDPR Rights (EEA Users)
Under the General Data Protection Regulation, you have additional rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for consent-based processing
To exercise these rights, use the GDPR request feature in your dashboard or contact us at info@mynaturevista.com. We will respond within 30 days.
7.3 California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell personal data)
- Right to deletion of personal information
- Right to non-discrimination for exercising privacy rights
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: Passwords hashed with bcrypt; data transmitted via HTTPS/TLS
- Authentication: JWT token-based authentication with 1-hour expiration
- Access Controls: Role-based access and API key authentication
- Security Monitoring: Rate limiting, bot prevention (reCAPTCHA), and abuse detection
- Database Security: PostgreSQL with secure connection pooling
- Regular Updates: Security patches and dependency updates
Despite our efforts, no security system is impenetrable. We cannot guarantee absolute security of your data transmitted to our Service.
9. Children's Privacy
Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. Our platform is designed for business use and sharing tourism/natural places content suitable for all ages.
If we discover that we have collected personal information from a child without parental consent, we will delete that information immediately. If you believe we have collected information from a child, please contact us immediately.
10. Content Standards
Our platform is dedicated to natural places and tourism content. We prohibit:
- Sexually explicit or obscene content
- Violent, graphic, or disturbing imagery
- Hate speech, discriminatory, or denigrating content
- Content inappropriate for minors
- Misleading or fraudulent information
Users found violating these standards may have their accounts suspended or terminated.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes to our practices, legal or regulatory requirements, or new features.
We will notify you of material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification (for significant changes)
Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Data Protection Officer (EEA users):
Email: info@mynaturevista.com
Acknowledgment: By using myNaturevista, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.