v2.0, updated October 2, 2014
This document describes what information is kept by the Evergreen Mountain Bike Alliance website and how that information is used. We make a well intentioned effort to ensure that this statement is accurate and up-to-date. If you find that parts are unclear or do not seem to match the web site's behavior, please contact us.
This document only applies to the main public website evergreenmtb.org. It does not apply to any sites we may link to, identified by other domain names, or to separate software tools installed at evergreenmtb.org for internal club functions.
This statement is getting ridiculously long, so here's the summary for those who want only an overview: most personal information that we have about you is shown in your profile, and you can edit it there. You should assume that what you do on the website is not truly anonymous, certainly not to website administrators. Our website contains a history of all rides you've ever signed up for, but your name is not displayed to visitors who are not signed in as users. We do not store your credit card information; that info is seen only by PayPal. We may contact you with mountain biking-relevant information, and sometimes may allow other organizations like IMBA to do so, but we don't sell or share email addresses otherwise.
What information we keep and don't keep:
Personal info: Our website retains your name, email address, street address, phone number, and other information that's in your profile, as well as any information you provided when signing up. We do not currently record your gender or other demographic information. Your password is recorded only in encrypted form. You may go to your profile at any time to edit your personal information.
Tracking activity: We record most actions performed on the website, like posting a ride, signing up for a ride, pledging support, and posting a ride report. We currently don't throw away any information, so there's still a record of all the rides you've signed up for in the past. Some actions on the website may appear anonymous, but you should assume that your user id is recorded in the database.
We use the ride signup data to produce pages with overall statistics (which areas are most visited) and individual rider stats (where do you go most and who do you ride with the most); your profile and your stats are available only to other supporters.
Calendar: When you sign up for a ride, your name will be visible on the calendar page to others who are logged in on the website. The ride leader will be able to email you, and everyone else who's signed up may be able to see your email address when an email is sent out to participants.
Ride Reports: In the Trail Guide section of the website, all editing actions are fully tracked and can be reviewed by any visitor to the website. In this context, you are identified to other website users only by your chosen username.
Polls: When we run a user survey, your answers to the survey are recorded with a userid to prevent repeat submissions, but are treated as anonymous when answers and statistics are shown in reports. Only staff and select volunteers have direct access to the (anonymized) survey results.
Other tracking: We currently do not track how often you visit the website or what pages you look at. This may be recorded beyond our control by the hosting company in the web server logs. We do not make use of such information, other than to check how many daily/monthly visitors we are getting.
Cookies: When you log on to the site, we use persistent a cookie to track that you're logged on to the site and to remember your userid. When you return to the site, you will be automatically signed in again based on the cookie that is stored on your machine. You can see whether you're currently signed in by checking the text in the right-hand column of the front page; it'll say "welcome back" if you are, and "why not sign in?" if you're not.
Administrator access: A small number of our staff and volunteers have access to all information in the website database, no matter what privacy settings you chose. These people have access for business purposes only (tracking donations, working on the website, etc.) and are required to use the information only as necessary for official purposes.
Information related to financial transactions
Donations: When making a donation, we require and record name and address information (separate from that in your profile) for fraud prevention purposes, to enable us to thank donors, and to be able to provide donation receipts for donors' tax purposes.
Visibility of information:
On calendar pages:
- Casual visitors who are not signed in to the site will see the ride leader's username but none of the ride participants' names.
- People who are signed in to a guest (non-Supporter) account can see usernames of ride leaders and ride participants as set in their profiles.
- People who are signed in may be able to see who is a Supporter and who is not.
Use of your contact information:
We may occasionally use the information in your profile (e.g. your address or email address) to contact you with news, support renewal reminders, notices of trail advocacy issues, or other business.
Opt-out mechanism: You can edit your preferences for receiving newsletters and advocacy emails in your profile.
We will not sell your address or email address to companies for marketing purposes. We may occasionally share our mailing list with other mountain bike organizations like IMBA to allow them to contact you about mountain bike issues we feel strongly about. This doesn't happen often. When we do so, we will require that the other organization also not sell information for commercial marketing purposes.
Protection of Children's Personal Information:
We do not currently distinguish users by age. There is no way for web site visitors to tell which users are children, and we have no knowledge of children under 13yo being registered to use the site. In the future, when we have events or rides aimed at childern, we will revisit this issue.
Administrative features of the evergreenmtb.org web site (such as editing other users' profiles or viewing transaction information) are protected by special user rights, which are granted only to our staff and volunteers who need such access. Direct access to the website database or code is protected by separate passwords known only by a minimal number of staff and volunteers.
Evergreenmtb.org is hosted on a virtual private server by a commercial domain hosting company, BlueHost.com. We rely on the hosting company to provide reasonable physical security and maintain administrative security on the server machine (i.e. guard "root" access), but of course we have no way to monitor this.
Copies of the website database may be kept on other computers for both backup purposes.
Comments about Real-Life Participation
There are some privacy implications of participation in club events that are beyond the scope of the functionality embodied in this website. If you go on a ride, other participants may take your picture, post such a picture online, including on this website, or elsewhere, and may mention your name in the caption. Ride leaders or fellow riders may post a ride report that may mention your name. This may result in your name being exposed to search engines like Google. (Please note our ride calendar does not reveal names to search engines at all.)
Changes to this policy:
When we make changes to these policies, we will update the "last modified on" date, and keep a log of changes made below so you can see what has changed. If there are dramatic changes, we may post a notice on the site's front page or post show a one-time notice when you next sign in.
Who to contact:
If you have questions about this policy or the implementation of the website, please contact us.