Privacy Policy

1. Introduction

Local Snow ("we," "our," or "us") operates a marketplace platform connecting ski and snowboard instructors with clients worldwide. We are committed to protecting your personal data and respecting your privacy rights in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website at localsnow.org (the "Platform").

2. Data Controller

Local Snow is the data controller responsible for your personal data. For privacy-related inquiries, please contact us at:

Email: [email protected]

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, username, password (hashed), profile photo
• Instructor Profiles: Professional qualifications, certifications, spoken languages, teaching experience, sports specializations, resort affiliations, photos, biography
• Contact Information: Phone number (with country code), professional address
• Booking Information: Client name, email, phone number, lesson dates, number of students, skill levels, special requests, estimated pricing
• Payment Information: Processed securely by Stripe (we do not store full payment card details)
• Communications: Messages sent through our platform, email correspondence, booking requests

3.2 Information Collected Automatically

• Usage Data: IP address, browser type, device information, pages visited, time spent on pages, referring URLs
• Cookies and Similar Technologies: Session cookies, authentication tokens, preference settings (see Cookie Policy for details)
• Profile Analytics: Profile views, search appearances, booking request counts (anonymized visitor IP addresses using SHA-256 hashing)

3.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your name, email, profile picture, and Google account ID
• Google Calendar: If you connect your calendar, we access availability data to help manage bookings (requires explicit consent)
• Stripe: Payment processing data, transaction status, payout information for instructors

4. How We Use Your Information

4.1 Legal Bases for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our marketplace services, process bookings, and facilitate payments
• Legitimate Interests: To improve our platform, prevent fraud, ensure security, and provide customer support
• Consent: For marketing communications, optional features (like calendar integration), and non-essential cookies
• Legal Obligations: To comply with tax laws, financial regulations, and respond to legal requests

4.2 Specific Purposes

• Account Management: Create and maintain your account, authenticate users, manage sessions
• Marketplace Operations: Display instructor profiles, enable search and filtering, match clients with instructors
• Booking Processing: Handle booking requests, process deposits (€15), manage lead fees (€5), send notifications
• Payment Processing: Process payments securely through Stripe, manage payouts to instructors, maintain transaction records
• Communications: Send booking confirmations, payment notifications, platform updates, respond to inquiries
• Analytics and Improvement: Track profile views, analyze search patterns, improve matching algorithms, enhance user experience
• Security and Fraud Prevention: Monitor for suspicious activity, implement rate limiting, prevent abuse
• Legal Compliance: Maintain records for tax purposes, respond to legal requests, enforce terms of service

5. How We Share Your Information

5.1 With Other Users

• Instructor Profiles: Publicly visible information (name, photo, biography, qualifications, languages, sports, resorts, reviews, base lesson pricing)
• Booking Requests: Your contact information is shared with instructors when you submit a booking request

5.2 Service Providers

• Stripe: Payment processing and payout management
• n8n (Self-hosted): Email notification system for booking confirmations and instructor alerts
• Cloudflare R2: File storage for profile photos, qualification documents, and other uploads
• Google Calendar API: Optional calendar integration for availability management
• Database Hosting: PostgreSQL database hosted on secure servers

5.3 Legal Requirements

We may disclose your information when required to:

• Comply with legal obligations, court orders, or regulatory requirements
• Enforce our Terms of Service and protect our rights
• Prevent fraud, security threats, or illegal activities
• Protect the safety of users or the public

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity. We will notify you of any such change and your options.

6. International Data Transfers

Local Snow operates globally. Your personal data may be transferred to and processed in countries outside your residence, including countries that may not have the same data protection laws as your jurisdiction.

For transfers outside the European Economic Area (EEA), we ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Service providers certified under applicable data protection frameworks
• Explicit consent where required by law

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Active Accounts: Data retained while your account remains active
• Deleted Accounts: Most personal data deleted within 30 days; financial records retained for 7 years (tax/legal requirements)
• Booking Records: Retained for 7 years to comply with financial regulations
• Communications: Retained for 2 years for support and legal purposes
• Analytics Data: Anonymized and aggregated data may be retained indefinitely

8. Your Rights and Choices

8.1 GDPR Rights (for EEA Residents)

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 CCPA Rights (for California Residents)

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

We will respond to your request within 30 days (GDPR) or 45 days (CCPA). We may require identity verification before processing your request.

9. Data Security

We implement industry-standard security measures to protect your personal data:

• Encryption: All data transmitted over HTTPS/TLS; passwords hashed with SHA-256
• Authentication: Secure session management with HTTP-only cookies
• Access Controls: Role-based permissions, rate limiting, and authentication requirements
• Monitoring: Automated security monitoring and anomaly detection
• Regular Audits: Periodic security assessments and vulnerability scanning

However, no system is completely secure. We cannot guarantee absolute security of your data transmitted through the internet.

10. Children's Privacy

Our Platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal information, please contact us immediately, and we will delete such information.

11. Cookies and Tracking

We use cookies and similar technologies to provide and improve our services. For detailed information about our cookie practices, please see our Cookie Policy.

You can control cookie preferences through your browser settings or our cookie consent banner.

12. Third-Party Links

Our Platform may contain links to third-party websites, including instructor personal websites and social media profiles. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting a notice on our Platform
• Sending an email to registered users
• Updating the "Last Updated" date at the top of this policy

Your continued use of the Platform after changes indicates acceptance of the updated policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: [email protected]
Website: https://localsnow.org

Data Protection Officer: For GDPR-related inquiries, you may also contact our Data Protection Officer at [email protected]