This Policy applies to anyone who uses the Service. The Service is intended for U.S.-based adults and is not directed to children under 13. See Section 11 ("Children's Privacy").

10Point is a wildlife habitat mapping tool. It provides interactive maps with habitat density overlays, wind condition data and forecasts, public land access boundaries, location search, and user waypoints (pins), folders, colors, and preferences.

We use PostHog, a product analytics service, to understand how the Service is used in aggregate — for example, which features are popular and where users encounter problems. PostHog collects anonymous event data (such as button taps and page views) along with basic device information (platform, app version). We do not use PostHog for advertising, behavioral profiling, or cross-site tracking. You can learn more about PostHog's privacy practices at posthog.com/privacy.

We collect information in three main ways: (1) information you provide, (2) information generated by your use of the Service, and (3) information from third parties you choose to use (like Google sign-in).

Accounts are optional for basic use. If you create an account, we collect your email address and authentication credentials (email/password or Google OAuth). Passwords are managed by Supabase Auth and stored as a hashed password — we do not store plaintext passwords.

If you sign in with Google OAuth, we receive your Google account ID and email address. We do not collect phone numbers, physical addresses, or social profile data.

If you are logged in, we sync the following to our database (via Supabase): waypoints (GPS coordinates you choose, name, color, folder assignment), folders (name, visibility toggle), and preferences (selected state, selected species, layer settings). If you are not logged in, this data is stored locally on your device only and is not synced to our servers.

If you subscribe to 10Point Pro ($6.99/month), purchases are handled by the Apple App Store (iOS), Google Play (Android), or Stripe (web) managed through RevenueCat. We do not store your credit card number or full payment details. We may receive or access limited subscription-related information such as subscription status, product identifiers, transaction timestamps, and RevenueCat's anonymous user ID.

Even without analytics SDKs, some technical data is processed when you access the Service, including through our hosting and security providers (e.g., Cloudflare). This may include IP address, user-agent and device/browser type, request timestamps, and basic diagnostic/security logs. We use this information primarily for security, reliability, and abuse prevention — not for advertising.

We use only essential cookies or local storage needed to maintain sessions (e.g., Supabase auth tokens) and keep you signed in. We do not use third-party tracking cookies for advertising.

Our native apps may detect whether you are online or offline to show user-facing status messages. We do not transmit data while offline and we do not track offline behavior.

We use collected information to:

We do not use your information for targeted advertising.

We share information only as needed to run the Service, comply with law, or protect rights.

Supabase — Authentication, database, user data storage. Data shared: email, password hash (Supabase-managed), waypoints, folders, preferences.

RevenueCat — Subscription management. Data shared: anonymous/app-specific user ID, subscription status, transaction metadata.

Stripe (via RevenueCat) — Web payment processing. Payment info is processed by Stripe, not stored by us.

Apple App Store / Google Play — App distribution and in-app purchases. Standard platform data per their policies.

Google OAuth — Optional sign-in. Data shared: Google account ID, email.

Mapbox — Location search (geocoding). Data shared: search query text (proxied; we do not intentionally send your user ID).

Cloudflare — Edge hosting, CDN, Workers. Data shared: standard request metadata (IP, user-agent, logs for performance/security).

PostHog — Product analytics. Data shared: anonymous event data (feature usage, page views), platform/device type, app version. No personally identifiable information is intentionally sent. PostHog data is used solely to improve the Service.

Protomaps — Basemap tiles. Data shared: tile requests (generally no user account data).

We may share information if we believe it is reasonably necessary to comply with law, regulation, legal process, or government request; enforce our Terms of Service; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of users, the public, or 10Point.

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

We operate in the United States (Michigan-based). Our vendors (e.g., Supabase, Cloudflare, RevenueCat, Stripe, Mapbox) may process data in the U.S. and potentially other locations where they operate.

Logged-in users: We retain your account data and synced content (waypoints, folders, preferences) as long as your account is active or as needed to provide the Service.

Non-logged-in users: Your waypoints and preferences are stored only on your device and you control retention by deleting the app/data.

Deleting content: You can delete individual waypoints and folders in-app. Deleted items are removed from your account data in Supabase (subject to typical technical delays for backups).

Account deletion: You may request account deletion by contacting [email protected]. Upon account deletion, we will delete your account record, waypoints, folders, and preferences stored in Supabase, subject to limited retention required for security, legal compliance, and dispute resolution.

Subscription records: RevenueCat and payment platforms may retain transaction records as required for tax, accounting, chargeback handling, and legal compliance under their own policies.

Some U.S. state laws provide additional rights (e.g., California, Virginia, Colorado). Depending on your state of residence, you may have rights to request access to personal information we hold about you, request deletion, request correction, and opt out of certain types of processing.

We do not sell personal information and we do not share it for cross-context behavioral advertising. To make a request, contact [email protected]. We may need to verify your request (for example, by confirming access to the email address on the account).

We use reasonable administrative, technical, and organizational safeguards designed to protect information. However, no method of transmission or storage is 100% secure. You are responsible for keeping your login credentials confidential.

10Point is not intended for children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact [email protected] and we will take steps to delete it.

We may update this Policy from time to time. If we make material changes, we will update the "Last Updated" date and may provide additional notice in the app or on 10point.app.

If you have questions or requests related to privacy, contact: Email: [email protected] Website: 10point.app