DriftLineCo.

Privacy Policy

Last updated: January 14, 2026

DriftLine Co. LLC ("DriftLine Co.," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the DriftLine mobile application ("App"). By accessing or using the App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Use.

IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE THE APP.

1. Information We Collect
2. How We Use Your Information
3. Legal Basis for Processing
4. Data Sharing and Disclosure
5. Third-Party Services
6. Data Storage, Security, and Retention
7. Your Rights and Choices - All Users
7.1 How to Delete Your Account
8. U.S. State Privacy Rights
9. International Privacy Rights (GDPR)
10. Canadian Privacy Rights (PIPEDA & BC PIPA)
11. Children's Privacy
12. International Data Transfers
13. Do Not Track & Global Privacy Control
14. Data Breach Notification
15. Changes to This Privacy Policy
16. Contact Us

1. Information We Collect

1.1 Categories of Personal Information Collected

The following table describes the categories of personal information we may collect, as defined under various U.S. state privacy laws:

Category	Examples	Collected
Identifiers	Email address, device identifiers, IP address	Yes
Customer Records	Name, address, phone number, payment info	Phone number only
Protected Classifications	Race, religion, sexual orientation, disability	No
Commercial Information	Purchase history, products/services obtained	No
Biometric Information	Fingerprints, face recognition, voiceprints	No
Internet/Network Activity	Browsing history, App interactions, logs	Limited
Geolocation Data	Precise GPS location (with consent)	Yes*
Sensory Data	Audio, visual, thermal, olfactory	Photos only**
Professional/Employment	Job title, employer, work history	No
Education Information	School records, grades	No
Inferences	Profiles reflecting preferences, behavior	No
Sensitive Personal Information	SSN, financial accounts, precise geolocation, health data, racial/ethnic origin	Geolocation only*

* Precise geolocation is collected only with your explicit consent and only while actively using the App. We do not store location history.
** Photos are collected only if you voluntarily upload them to the catch log feature.

1.2 Information You Provide Directly

Email Address: If you join our waitlist or create an account, we collect your email address for communication purposes.
Phone Number: If you create an account, we collect your phone number for account authentication and verification purposes.
Catch Log Data: If you use our catch logging feature, we collect information you voluntarily provide including fish species, location codes, dates, and any photos you upload.
Hunting Journal Data: If you use our hunting journal feature, we collect information you voluntarily provide including harvest records, species, location data, dates, and any photos you upload.
User Preferences: Settings, favorites, and preferences you configure within the App.
Communications: Any information you provide when you contact us for support or feedback.

1.3 Information Collected Automatically

Device Information: Device type, operating system version, unique device identifiers, and platform information (iOS/Android) to ensure proper App functionality.
Push Notification Tokens: If you enable push notifications, we store a device-specific token to deliver river flow alerts. This token does not personally identify you.
Usage Data: Anonymized analytics data about how you interact with the App to improve functionality and user experience.
Log Data: Our servers may automatically record information including your IP address, access times, and App crashes for debugging and security purposes.

1.4 Precise Geolocation Information

Collection: With your explicit opt-in consent, we access your device's GPS location to display your position on the map and show nearby rivers.
When Collected: Only while you are actively using the App (foreground use only).
Storage: We do NOT store your location history on our servers or transmit your precise location to third parties.
Your Control: You may revoke location permissions at any time through your device settings. The App will continue to function without location access.

1.5 Sensitive Personal Information

Under various state privacy laws, precise geolocation is considered "sensitive personal information." We collect precise geolocation only with your explicit opt-in consent and use it solely to provide location-based features within the App. We do not use sensitive personal information for profiling, advertising, or any purpose beyond providing the core App functionality you requested.

1.6 Information We Do NOT Collect

Real names or personal identifiers beyond email and phone number
Physical addresses or payment information
Social Security numbers or government-issued IDs
Financial account information
Health or medical information
Biometric data (fingerprints, facial recognition)
Racial or ethnic origin, religious beliefs, or political opinions
Sexual orientation or gender identity
Browsing history outside the App
Data from minors under 13 (or 16 in certain jurisdictions)

1.7 Sources of Personal Information

We collect personal information from the following sources:

Directly from you: When you create an account, submit catch logs, configure settings, or contact us
Automatically from your device: When you use the App (device info, usage data, crash logs)
With your consent: Location data when you grant permission

We do NOT purchase personal information from data brokers or collect information from third-party sources about you.

2. How We Use Your Information

2.1 Business Purposes

We use the information we collect for the following business purposes:

Service Delivery: To provide, maintain, and improve the App's features and functionality
Notifications: To send push notifications about river flow conditions, weather conditions, and hunting-related alerts you've configured
Communications: To respond to your inquiries, provide customer support, and send service-related announcements
Analytics: To analyze usage patterns and improve user experience (using anonymized and aggregated data)
Security: To detect, prevent, and address technical issues, fraud, or security threats
Debugging: To identify and repair errors that impair App functionality
Legal Compliance: To comply with applicable laws, regulations, and legal processes

2.2 We Do NOT Use Your Information For:

Selling your personal information to third parties
Sharing your personal information for cross-context behavioral advertising
Targeted advertising or ad personalization
Building consumer profiles for marketing purposes
Automated decision-making that produces legal or similarly significant effects
Profiling in furtherance of decisions that produce legal or similarly significant effects

Important: DriftLine Co. does NOT sell, share, or rent your personal information to third parties for monetary or other valuable consideration. We do NOT engage in targeted advertising or cross-context behavioral advertising.

3. Legal Basis for Processing

3.1 For All Users

We process your personal information based on the following legal grounds:

Contractual Necessity: Processing necessary to provide the App services you requested
Consent: Where you have given explicit, informed consent (e.g., push notifications, location access, email communications)
Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the App, ensuring security, preventing fraud), balanced against your rights and interests
Legal Obligation: Processing necessary to comply with applicable laws and regulations

3.2 Withdrawing Consent

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. To withdraw consent:

Push Notifications: Disable in device settings or App settings
Location Access: Revoke in device settings
Email Communications: Click "unsubscribe" in any email or contact us
Account/Data: Contact info@getdriftline.com to request deletion

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Personal Information

DriftLine Co. does NOT sell your personal information. We have not sold personal information in the preceding 12 months and do not have plans to sell personal information in the future.

4.2 We Do Not Share for Targeted Advertising

DriftLine Co. does NOT share your personal information for cross-context behavioral advertising or targeted advertising purposes.

4.3 Limited Disclosure for Business Purposes

We may disclose your information only in the following limited circumstances:

Recipient Category	Purpose	Categories of PI Disclosed
Cloud Service Providers (AWS)	Data hosting and storage	Identifiers, user content, usage data
Push Notification Services (Expo)	Delivering push notifications	Device tokens only
Map Services (Mapbox)	Map display functionality	Anonymous usage metrics
Legal/Government Authorities	Legal compliance, law enforcement	As required by law
Professional Advisors	Legal, accounting, audit services	As necessary for services
Business Transferees	Merger, acquisition, or sale	All categories (with notice)

4.4 Service Provider Requirements

All service providers who receive personal information are contractually required to:

Use personal information only for the specified business purpose
Not sell or share the personal information
Not use the information for their own purposes
Implement appropriate security measures
Notify us of any data breaches
Delete or return personal information upon request
Allow audits of their data handling practices

4.5 Legal Disclosures

We may disclose personal information if required or permitted by law, including:

In response to a subpoena, court order, or other legal process
To comply with applicable laws and regulations
To protect our rights, property, or safety, or that of our users or the public
To investigate potential violations of our Terms of Use
To cooperate with law enforcement investigations

5. Third-Party Services

The App integrates with the following third-party services. Each operates under its own privacy policy, which we encourage you to review:

Service	Purpose	Data Shared	Privacy Policy
Amazon Web Services (AWS)	Cloud hosting and storage	Account data, catch logs (encrypted)	AWS Privacy
Mapbox	Map display and navigation	Anonymous telemetry per their policy	Mapbox Privacy
Expo	Push notification delivery	Device push tokens only	Expo Privacy
USGS Water Services	River flow data	No personal data shared	Government public data
Water Survey of Canada	Canadian river flow data	No personal data shared	Government public data
NOAA NWRFC	Forecast data	No personal data shared	Government public data
Stormglass.io	Marine weather, tides, astronomy	Anonymous location coordinates for weather lookup	Stormglass Privacy
WDFW / Data.WA	Fishing regulations, fish stocking data	No personal data shared	Government public data
USDA NAIP (via Mapbox)	Aerial imagery	No personal data shared	Government public data

We are not responsible for the privacy practices of third-party services. When you interact with these services, their privacy policies govern.

6. Data Storage, Security, and Retention

6.1 Data Storage Location

Your data is stored securely using Amazon Web Services (AWS) infrastructure located in the United States (specifically, the us-west-2 region). By using the App, you consent to the transfer and storage of your information in the United States.

6.2 Security Measures

We implement industry-standard technical, administrative, and physical security measures including:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
Encryption at Rest: Stored data is encrypted using AES-256 encryption
Access Controls: Strict role-based access controls limiting employee access to personal data
Authentication: Secure authentication mechanisms for all system access
Monitoring: Continuous monitoring for security threats and unauthorized access
Regular Assessments: Periodic security assessments and penetration testing
Incident Response: Documented incident response procedures

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge and accept this inherent risk when using the App.

6.3 Data Retention Schedule

Data Type	Retention Period	Deletion Trigger
Push Notification Tokens	12 months	Automatic after inactivity
Account Data (email, phone number)	Until deletion request or 24 months of inactivity	User request or inactivity
Catch Log Data	Until deleted by user or account deletion	User-initiated deletion
Catch Log Photos	Until deleted by user or account deletion	User-initiated deletion
Hunting Journal Data	Until deleted by user or account deletion	User-initiated deletion
Hunting Journal Photos	Until deleted by user or account deletion	User-initiated deletion
App Preferences/Settings	Until account deletion	Account deletion
Server Logs (IP, access)	90 days	Automatic rotation
Crash Reports	12 months	Automatic deletion
Anonymized Analytics	Indefinite	Not deleted (no personal info)

Upon account deletion, we will delete or anonymize your personal information within 45 days, except as required to comply with legal obligations, resolve disputes, or enforce our agreements.

7. Your Rights and Choices - All Users

Regardless of your location, all DriftLine Co. users have the following rights:

Access: Request information about what personal data we have collected about you
Deletion: Request deletion of your personal information
Correction: Request correction of inaccurate personal information
Data Portability: Request a copy of your data in a portable format
Opt-Out of Communications: Unsubscribe from marketing emails at any time
Push Notifications: Disable at any time via device settings or within the App
Location Access: Revoke permissions in your device settings at any time

To exercise any of these rights, contact us at info@getdriftline.com.

7.1 How to Delete Your Account

You can delete your account and all associated data at any time using one of these methods:

Option 1: Delete In-App (Recommended)

Open the DriftLine app
Go to More → Settings
Scroll down and tap Delete Account
Confirm your decision

Your account and all associated data (catch logs, trip notes, photos, preferences) will be permanently deleted immediately.

Option 2: Request Deletion via Email

If you cannot access the app, you may request account deletion by emailing:

info@getdriftline.com

Please include the email address associated with your account. We will process your request within 3 days and confirm deletion.

What Gets Deleted

Your account credentials and profile
All catch log entries and associated photos
All hunting journal entries and associated photos
All trip notes
Saved waypoints and preferences
Alert configurations
Any other data associated with your account

Note: Deletion is permanent and cannot be undone. Anonymized analytics data that cannot be linked to you may be retained.

8. U.S. State Privacy Rights

This section provides additional disclosures required under various U.S. state privacy laws. If you are a resident of any of the following states, you may have additional rights as described below.

8.1 California (CCPA/CPRA)

Applicable Law: California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it
Right to Delete: Request deletion of your personal information, subject to certain exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (geolocation) for providing the service you requested
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.

Verification: We will verify your identity before fulfilling requests by matching information you provide with information we have on file.

Response Time: We will respond within 45 days of receiving a verifiable request, with one 45-day extension if necessary.

Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information for direct marketing purposes.

To Submit a Request: Email info@getdriftline.com with "California Privacy Request" in the subject line.

8.2 Virginia (VCDPA)

Applicable Law: Virginia Consumer Data Protection Act (VCDPA) - Effective January 1, 2023

If you are a Virginia resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable, readily usable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General at oag.state.va.us.

To Submit a Request: Email info@getdriftline.com with "Virginia Privacy Request" in the subject line.

8.3 Colorado (CPA)

Applicable Law: Colorado Privacy Act (CPA) - Effective July 1, 2023

If you are a Colorado resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days. If the appeal is denied, you may contact the Colorado Attorney General at coag.gov.

To Submit a Request: Email info@getdriftline.com with "Colorado Privacy Request" in the subject line.

8.4 Connecticut (CTDPA)

Applicable Law: Connecticut Data Privacy Act (CTDPA) - Effective July 1, 2023

If you are a Connecticut resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Connecticut Attorney General at portal.ct.gov/AG.

To Submit a Request: Email info@getdriftline.com with "Connecticut Privacy Request" in the subject line.

8.5 Utah (UCPA)

Applicable Law: Utah Consumer Privacy Act (UCPA) - Effective December 31, 2023

If you are a Utah resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Delete: Delete personal data you have provided
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising and sale of personal data. Note: We do not engage in these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

To Submit a Request: Email info@getdriftline.com with "Utah Privacy Request" in the subject line.

8.6 Texas (TDPSA)

Applicable Law: Texas Data Privacy and Security Act (TDPSA) - Effective July 1, 2024

If you are a Texas resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We will honor universal opt-out mechanisms beginning January 1, 2025.

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Texas Attorney General.

To Submit a Request: Email info@getdriftline.com with "Texas Privacy Request" in the subject line.

8.7 Oregon (OCPA)

Applicable Law: Oregon Consumer Privacy Act (OCPA) - Effective July 1, 2024

If you are an Oregon resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data, including a list of specific third parties to whom we have disclosed data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained, including from third parties
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days. If the appeal is denied, you may contact the Oregon Attorney General.

To Submit a Request: Email info@getdriftline.com with "Oregon Privacy Request" in the subject line.

8.8 Montana (MCDPA)

Applicable Law: Montana Consumer Data Privacy Act (MCDPA) - Effective October 1, 2024

If you are a Montana resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Montana Privacy Request" in the subject line.

8.9 Delaware (DPDPA)

Applicable Law: Delaware Personal Data Privacy Act (DPDPA) - Effective January 1, 2025

If you are a Delaware resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by January 1, 2026).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Delaware Privacy Request" in the subject line.

8.10 Iowa (ICDPA)

Applicable Law: Iowa Consumer Data Protection Act (ICDPA) - Effective January 1, 2025

If you are an Iowa resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Delete: Delete personal data you have provided
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising and sale of personal data. Note: We do not engage in these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Response Time: We will respond within 90 days.

To Submit a Request: Email info@getdriftline.com with "Iowa Privacy Request" in the subject line.

8.11 Nebraska (NDPA)

Applicable Law: Nebraska Data Privacy Act (NDPA) - Effective January 1, 2025

If you are a Nebraska resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request.

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Nebraska Privacy Request" in the subject line.

8.12 New Hampshire (NHPA)

Applicable Law: New Hampshire Privacy Act (NHPA) - Effective January 1, 2025

If you are a New Hampshire resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by January 1, 2027).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "New Hampshire Privacy Request" in the subject line.

8.13 New Jersey (NJDPA)

Applicable Law: New Jersey Data Privacy Act (NJDPA) - Effective January 15, 2025

If you are a New Jersey resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation). New Jersey has an expanded definition of sensitive data that includes financial information and certain demographic data - we do not collect these categories.

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by July 15, 2025).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days.

To Submit a Request: Email info@getdriftline.com with "New Jersey Privacy Request" in the subject line.

8.14 Tennessee (TIPA)

Applicable Law: Tennessee Information Protection Act (TIPA) - Effective July 1, 2025

If you are a Tennessee resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Tennessee Privacy Request" in the subject line.

8.15 Minnesota (MCDPA)

Applicable Law: Minnesota Consumer Data Privacy Act (MCDPA) - Effective July 31, 2025

If you are a Minnesota resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.
Right to Question Profiling: Question the result of profiling and be informed of the reason. Note: We do not engage in profiling.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by July 31, 2026).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 45 days.

To Submit a Request: Email info@getdriftline.com with "Minnesota Privacy Request" in the subject line.

8.16 Maryland (MODPA)

Applicable Law: Maryland Online Data Privacy Act (MODPA) - Effective October 1, 2025

If you are a Maryland resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising and sale of personal data. Note: We do not engage in these activities.

Important: Maryland prohibits the sale of sensitive data entirely (not just requiring consent). We do not sell any personal information, including sensitive data.

Data Minimization: Maryland requires data minimization - we only collect data reasonably necessary for the purpose disclosed.

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by October 1, 2027).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Maryland Privacy Request" in the subject line.

8.17 Indiana (ICDPA)

Applicable Law: Indiana Consumer Data Protection Act (ICDPA) - Effective January 1, 2026

If you are an Indiana resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Indiana Privacy Request" in the subject line.

8.18 Kentucky (KCDPA)

Applicable Law: Kentucky Consumer Data Protection Act (KCDPA) - Effective January 1, 2026

If you are a Kentucky resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Kentucky Privacy Request" in the subject line.

8.19 Rhode Island (RIDPA)

Applicable Law: Rhode Island Data Privacy Act (RIDPA) - Effective January 1, 2026

If you are a Rhode Island resident, you have the following rights:

Right to Access: Confirm whether we are processing your personal data and access that data
Right to Correct: Correct inaccuracies in your personal data
Right to Delete: Delete personal data you have provided or we have obtained
Right to Data Portability: Obtain a copy of your personal data in a portable format
Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling. Note: We do not engage in any of these activities.

Sensitive Data: We obtain your opt-in consent before processing sensitive data (precise geolocation).

Universal Opt-Out: We honor Global Privacy Control (GPC) signals as a valid opt-out request (required by January 1, 2027).

Response Time: We will respond within 45 days, with one 45-day extension if reasonably necessary.

Right to Appeal: If we decline your request, you may appeal by contacting us. We will respond to appeals within 60 days.

To Submit a Request: Email info@getdriftline.com with "Rhode Island Privacy Request" in the subject line.

8.20 Other States

Privacy laws are rapidly evolving across the United States. If you are a resident of a state not listed above and your state has enacted a consumer data privacy law, we will honor the rights provided under that law. Please contact us at info@getdriftline.com with your state-specific request, and we will respond in accordance with applicable law.

We actively monitor privacy legislation and will update this Privacy Policy as new laws take effect.

8.21 Summary of State Privacy Rights

State	Law	Effective Date	Appeal Right	GPC Required
California	CCPA/CPRA	Jan 2020/2023	No	Yes
Virginia	VCDPA	Jan 1, 2023	Yes (60 days)	No
Colorado	CPA	Jul 1, 2023	Yes (45 days)	Yes
Connecticut	CTDPA	Jul 1, 2023	Yes (60 days)	Yes
Utah	UCPA	Dec 31, 2023	No	No
Texas	TDPSA	Jul 1, 2024	Yes (60 days)	Yes (2025)
Oregon	OCPA	Jul 1, 2024	Yes (45 days)	Yes
Montana	MCDPA	Oct 1, 2024	Yes (60 days)	Yes
Delaware	DPDPA	Jan 1, 2025	Yes (60 days)	Yes (2026)
Iowa	ICDPA	Jan 1, 2025	No	No
Nebraska	NDPA	Jan 1, 2025	Yes (60 days)	Yes
New Hampshire	NHPA	Jan 1, 2025	Yes (60 days)	Yes (2027)
New Jersey	NJDPA	Jan 15, 2025	Yes (45 days)	Yes (Jul 2025)
Tennessee	TIPA	Jul 1, 2025	Yes (60 days)	No
Minnesota	MCDPA	Jul 31, 2025	Yes (45 days)	Yes (2026)
Maryland	MODPA	Oct 1, 2025	Yes (60 days)	Yes (2027)
Indiana	ICDPA	Jan 1, 2026	Yes (60 days)	No
Kentucky	KCDPA	Jan 1, 2026	Yes (60 days)	No
Rhode Island	RIDPA	Jan 1, 2026	Yes (60 days)	Yes (2027)

9. International Privacy Rights (GDPR)

9.1 European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent laws:

Right of Access (Article 15): Request confirmation of whether we process your personal data and receive a copy
Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing (Article 18): Request limitation of how we process your data
Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format and transmit it to another controller
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
Right Not to be Subject to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that produce legal effects. Note: We do not engage in such automated decision-making.
Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local supervisory authority (Data Protection Authority)

9.2 International Data Transfers

Your personal data may be transferred to and processed in the United States, where our servers are located. The United States may not have the same level of data protection as your home country. We implement appropriate safeguards for international transfers, including:

Standard Contractual Clauses approved by the European Commission
Reliance on adequacy decisions where applicable
Your explicit consent to the transfer

9.3 Data Protection Officer

For GDPR-related inquiries, you may contact us at info@getdriftline.com. We will respond to your request within 30 days as required by GDPR.

9.4 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes applicable law.

10. Canadian Privacy Rights (PIPEDA & BC PIPA)

If you are located in Canada, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level, and if you are a resident of British Columbia, additionally under the Personal Information Protection Act (PIPA).

10.1 Your Rights Under PIPEDA (All Canadian Residents)

Under PIPEDA, you have the following rights regarding your personal information:

Right to Access: Request access to your personal information held by us and information about how it has been used and disclosed
Right to Correction: Request correction of any inaccurate or incomplete personal information
Right to Withdraw Consent: Withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions
Right to Complain: File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

10.2 PIPEDA Fair Information Principles

We comply with the ten fair information principles under PIPEDA:

Accountability: We are responsible for personal information under our control and have designated a privacy officer
Identifying Purposes: We identify the purposes for collecting personal information at or before the time of collection
Consent: We obtain your knowledge and consent for the collection, use, or disclosure of personal information, except where inappropriate or not required by law
Limiting Collection: We limit our collection of personal information to what is necessary for the identified purposes
Limiting Use, Disclosure, and Retention: We use or disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary
Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used
Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information
Openness: We make information about our policies and practices relating to personal information management readily available
Individual Access: Upon request, we inform you of the existence, use, and disclosure of your personal information and provide access to that information
Challenging Compliance: You may challenge our compliance with these principles by contacting our privacy officer

10.3 British Columbia Residents (BC PIPA)

If you are a resident of British Columbia, your personal information is also protected under British Columbia's Personal Information Protection Act (PIPA). Under BC PIPA, you have the following additional rights:

Right to Access: Request access to your personal information in our custody or control, and information about how we have used and disclosed it during the preceding year
Right to Correction: Request correction of errors or omissions in your personal information
Right to Know: Be informed about our policies and practices regarding the management of personal information
Right to Withdraw Consent: Withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice
Right to Complain: File a complaint with the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC)

10.4 Consent Under Canadian Law

We obtain your consent before collecting, using, or disclosing your personal information. Consent may be:

Express Consent: Given explicitly (orally, in writing, or electronically) for sensitive information such as precise geolocation
Implied Consent: Reasonably inferred from your actions or inaction for less sensitive information

You may withdraw your consent at any time by contacting us. Withdrawal of consent may affect our ability to provide certain services.

10.5 Cross-Border Data Transfers

Your personal information may be transferred to, stored, and processed in the United States, where our servers are located. By using the App, you consent to the transfer of your personal information outside of Canada. We ensure that any service providers who access your personal information outside of Canada provide a comparable level of protection.

Under BC PIPA, we notify you that your personal information may be stored or accessed outside of Canada and may be subject to the legal requirements of foreign jurisdictions, including lawful requirements to disclose personal information to government authorities in those jurisdictions.

10.6 Breach Notification (Canada)

In accordance with PIPEDA and BC PIPA breach notification requirements, if we experience a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will:

Notify you as soon as feasible of the breach
Report the breach to the Office of the Privacy Commissioner of Canada
Report to the BC OIPC if the breach involves BC residents
Notify any other organization or government institution that may be able to reduce the risk of harm
Maintain records of all breaches for at least 24 months

10.7 Retention and Disposal (Canada)

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal information is no longer needed, we will securely destroy, erase, or anonymize it.

10.8 Submitting Requests (Canadian Residents)

To exercise your privacy rights under PIPEDA or BC PIPA, please contact us at:

Email: info@getdriftline.com

Include "Canadian Privacy Request" in the subject line and specify your province of residence.

Response Time: We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reasons.

10.9 Filing a Complaint

If you are not satisfied with our response to your privacy concern, you may file a complaint with:

Office of the Privacy Commissioner of Canada:
Website: priv.gc.ca
Toll-free: 1-800-282-1376
Office of the Information and Privacy Commissioner for British Columbia (for BC residents):
Website: oipc.bc.ca
Phone: 250-387-5629

10.10 Other Canadian Provinces

If you are a resident of Alberta or Quebec, additional provincial privacy legislation may apply:

Alberta: Personal Information Protection Act (AB PIPA) - Similar rights to BC PIPA. Contact the Office of the Information and Privacy Commissioner of Alberta (OIPC Alberta) at oipc.ab.ca
Quebec: Act Respecting the Protection of Personal Information in the Private Sector (Quebec Private Sector Act) and Law 25 amendments. Quebec residents have enhanced rights including data portability. Contact the Commission d'accès à l'information du Québec at cai.gouv.qc.ca

For residents of other Canadian provinces and territories, PIPEDA applies as the governing federal privacy law.

11. Children's Privacy

The App is not intended for and is not directed at children. We do not knowingly collect personal information from:

Children under the age of 13 (United States - COPPA, Canada - PIPEDA)
Children under the age of 16 (European Economic Area, United Kingdom - GDPR)
Children under the minimum age specified by applicable law in your jurisdiction

If you are a parent or guardian and believe we have inadvertently collected personal information from your child, please contact us immediately at info@getdriftline.com. We will promptly:

Verify the claim
Delete all personal information associated with the child
Confirm deletion to you

12. International Data Transfers

DriftLine Co. is based in the United States, and your information is stored and processed on servers located in the United States (AWS us-west-2 region).

By using the App, you acknowledge and consent to the transfer, storage, and processing of your personal information in the United States and potentially other countries where our service providers operate. These countries may have data protection laws that are different from—and potentially less protective than—the laws of your country of residence.

We implement appropriate safeguards for international data transfers, including:

Standard Contractual Clauses for transfers to third-party service providers
Technical and organizational security measures
Contractual data protection obligations on all recipients

13. Do Not Track & Global Privacy Control

13.1 Do Not Track (DNT)

Some web browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for interpreting DNT signals. The App does not currently respond to DNT signals. However, we do not engage in cross-site tracking or targeted advertising.

13.2 Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid request to opt out of the "sale" or "sharing" of personal information as defined by applicable state privacy laws (including California, Colorado, Connecticut, Montana, Oregon, and others).

Note: Since we do not sell or share personal information for targeted advertising, honoring GPC signals does not change how we process your data—but we respect and acknowledge these signals as required by law.

Learn more about GPC at globalprivacycontrol.org.

14. Data Breach Notification

In the event of a data breach involving your personal information, we will:

Investigate and contain the breach promptly
Assess the risk to affected individuals
Notify affected individuals as required by applicable law, including:
- Within 72 hours to supervisory authorities under GDPR (if applicable)
- Within timeframes required by applicable U.S. state breach notification laws (typically 30-60 days)
Provide information about the breach and steps you can take to protect yourself
Document the breach and our response

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

We will update the "Last Updated" date at the top of this Privacy Policy
For material changes, we will provide prominent notice by:
- Displaying a notice in the App
- Sending a push notification (if you have enabled notifications)
- Sending an email to registered users
Where required by law, we will obtain your consent before implementing material changes

Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

You can access previous versions of this Privacy Policy by contacting us at info@getdriftline.com.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

DriftLine Co. LLC
Privacy Inquiries: info@getdriftline.com
Legal Inquiries: info@getdriftline.com
General Inquiries: info@getdriftline.com

When contacting us about a privacy request, please include:

Your state or country of residence
The specific right you wish to exercise
Enough information for us to verify your identity

We will respond to your inquiry within the timeframes required by applicable law:

California (CCPA/CPRA): 45 days
Most U.S. State Laws: 45 days
Iowa: 90 days
GDPR (EEA/UK): 30 days
Canada (PIPEDA/BC PIPA): 30 days

Privacy Policy

Table of Contents

1. Information We Collect

1.1 Categories of Personal Information Collected

1.2 Information You Provide Directly

1.3 Information Collected Automatically

1.4 Precise Geolocation Information

1.5 Sensitive Personal Information

1.6 Information We Do NOT Collect

1.7 Sources of Personal Information

2. How We Use Your Information

2.1 Business Purposes

2.2 We Do NOT Use Your Information For:

3. Legal Basis for Processing

3.1 For All Users

3.2 Withdrawing Consent

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Personal Information

4.2 We Do Not Share for Targeted Advertising

4.3 Limited Disclosure for Business Purposes

4.4 Service Provider Requirements

4.5 Legal Disclosures

5. Third-Party Services

6. Data Storage, Security, and Retention

6.1 Data Storage Location

6.2 Security Measures

6.3 Data Retention Schedule

7. Your Rights and Choices - All Users

7.1 How to Delete Your Account

Option 1: Delete In-App (Recommended)

Option 2: Request Deletion via Email

What Gets Deleted

8. U.S. State Privacy Rights

8.1 California (CCPA/CPRA)

8.2 Virginia (VCDPA)

8.3 Colorado (CPA)

8.4 Connecticut (CTDPA)

8.5 Utah (UCPA)

8.6 Texas (TDPSA)

8.7 Oregon (OCPA)

8.8 Montana (MCDPA)

8.9 Delaware (DPDPA)

8.10 Iowa (ICDPA)

8.11 Nebraska (NDPA)

8.12 New Hampshire (NHPA)

8.13 New Jersey (NJDPA)

8.14 Tennessee (TIPA)

8.15 Minnesota (MCDPA)

8.16 Maryland (MODPA)

8.17 Indiana (ICDPA)

8.18 Kentucky (KCDPA)

8.19 Rhode Island (RIDPA)

8.20 Other States

8.21 Summary of State Privacy Rights

9. International Privacy Rights (GDPR)

9.1 European Economic Area, United Kingdom, and Switzerland

9.2 International Data Transfers

9.3 Data Protection Officer

9.4 Supervisory Authority

10. Canadian Privacy Rights (PIPEDA & BC PIPA)

10.1 Your Rights Under PIPEDA (All Canadian Residents)

10.2 PIPEDA Fair Information Principles

10.3 British Columbia Residents (BC PIPA)

10.4 Consent Under Canadian Law

10.5 Cross-Border Data Transfers

10.6 Breach Notification (Canada)

10.7 Retention and Disposal (Canada)

10.8 Submitting Requests (Canadian Residents)

10.9 Filing a Complaint

10.10 Other Canadian Provinces

11. Children's Privacy

12. International Data Transfers

13. Do Not Track & Global Privacy Control

13.1 Do Not Track (DNT)

13.2 Global Privacy Control (GPC)

14. Data Breach Notification

15. Changes to This Privacy Policy

16. Contact Us