UFFDA
◆ Privacy

Privacy

Last updated: 2026-05-28

Short version: UFFDA knows your email and what you type into forms. That's mostly it. We don't run ads, don't sell your data, don't run trackers, and don't use your account or contact data to train models. Things you actively contribute — annotations, submissions, feedback — may help improve UFFDA.

◆ The short version

  • We collect your email when you sign in or send us anything, and whatever you choose to write into a form. That's mostly it.
  • No tracking cookies. No analytics. No advertising pixels.
  • We use Supabase, Netlify, and Resend to run the site and send email. All US-based.
  • Email hello@uffda.ag to see, correct, or delete what we have on you. You can also delete your account from your profile page.

Detail below for anyone who wants it.

1. What we collect

  • Email address when you sign in (magic-link, no password), request access, redeem an invite, send a contact note, or suggest a source.
  • What you write into a form name, role, organization, location, message text, dataset URL. We collect what you give us; everything is optional unless the form marks it.
  • Account profile (Pioneers only) handle and any profile fields you fill in.
  • Saved selections (Pioneers only) if you save a group of fields, we store the field IDs and the name you chose.
  • Field Patrol annotations (Pioneers only, currently 1 tester) polygons you draw and verdicts you record.
  • Server logs IP address, user agent, page requested, timestamp. Standard. Used for keeping the site running and catching abuse. Held briefly (see §6).
  • Browser preferences (local, not sent to us) theme, layer-drawer state, unit toggle. These live in your browser, not on our servers.
  • Your sasquatch sightings count browser-local — also shown on your profile page. Lives in your browser, not on our servers.
  • Your tractorsquatch rides count browser-local — also shown on your profile page. Lives in your browser, not on our servers.

What we don't collect: precise location, payment info, biometrics, anything from a third-party tracker, anything you didn't give us.

2. Why we use it

  • To run the site: keep you signed in, remember saved farms, show you the map.
  • To reply when you write to us.
  • To send account notices you actually need (an invite, a sign-in link, something that affects you directly).
  • To debug, stay secure, and catch abuse.
  • To respond to data requests from you.

What we don't use it for: advertising (we run none), selling or sharing for marketing (we do neither), or training models on your account or contact data.

If you contribute something actively — an annotation, a source suggestion, a correction — we may use that to improve UFFDA's tools and data.

3. Cookies and tracking

No tracking cookies. No analytics services. No advertising pixels.

We do use:

  • A session entry in browser local storage so you stay signed in. Strictly necessary.
  • Browser local storage for UI preferences (theme, units, layer state). These don't leave your machine.

We run no tracking, so a Do Not Track or Global Privacy Control signal has nothing to act on here.

4. Who handles your data on our behalf

  • Supabase database and authentication. US-hosted. supabase.com/legal/dpa
  • Netlify static hosting and global CDN. US-based. netlify.com/privacy
  • Resend transactional email. US-hosted, EU-US Data Privacy Framework certified. resend.com/legal/dpa
  • GitHub code repositories. Not used for processing your personal data.

If we add another processor, we'll update this page first.

5. Where your data lives

Primarily in the United States — Supabase and Resend are US-based; Netlify uses a global CDN. For EU/UK transfer-safeguard details (SCCs, DPF certifications), email hello@uffda.ag.

6. How long we hold it

  • Account data for the life of your account. When you delete, we delete what we have; some backups age out within a short window.
  • Server logs short. They roll off within weeks.
  • Contact notes, access requests, source submissions as long as they're useful for triage. Email us to delete a specific one.
  • Anything we're legally required to hold only as long as required.

7. Your rights

Wherever you are, you can see what we have on you, correct what's wrong, and delete it. Email hello@uffda.ag with the subject “Data request.” We may ask you to confirm you control the email on file. We'll respond within a month, sooner where law (GDPR, CCPA) requires.

You can also delete your account directly from your profile page.

If you're in California: you have the rights above plus the right to opt out of sale or sharing (we do neither) and the right to limit use of sensitive personal information (we collect none beyond auth credentials). We don't discriminate for exercising any of these.

If you're in the EU or UK: GDPR and UK GDPR cover you. Lawful bases: (a) contract — running your account; (b) legitimate interests — basic operation, security, replying to messages; (c) consent where you gave it. You can withdraw consent at any time and complain to your local data-protection authority.

8. Children

UFFDA isn't built for kids. We don't knowingly collect data from anyone under 13 (COPPA) or under 16 (GDPR). If you think a child has signed up, email hello@uffda.ag.

9. Security

HTTPS everywhere. Data encrypted in transit. Magic-link auth means no passwords stored. If a breach affects you, we'll tell you what happened and what to do as quickly as we can.

10. Successor entity

UFFDA is currently run by a person, not a company. When a formal entity is set up to run UFFDA, your data transfers under the same commitments. We'll update this page and post a site-wide notice.

11. Changes to this notice

We'll update this notice as the site changes. When something material changes we'll post a notice on the site; check back if you care about the specifics.

12. Contact

Questions, data requests, security disclosures: hello@uffda.ag. We read every message.