Privacy Policy

Shop Madeira (“Shop Madeira,” “we,” “us”) is a neighborhood loyalty and discovery program for Madeira, Ohio, operated by LeadTimber LLC, an Ohio limited liability company located at 7610 Railroad Ave, Madeira, OH 45243, USA. This Privacy Policy explains what information we collect from you when you use our websites at shop-madeira.com and m.shop-madeira.com, our iOS mobile application, and the merchant and administrative portals (collectively, the “Service”); how we use it; who we share it with; and the choices you have about it.

If you have questions about this policy, write to us at privacy@shop-madeira.com.

Summary at a glance

• We collect only what we need to run the program: who you are, what businesses you favorite or visit, and which rewards you earn or redeem.
• When you sign in with Google, Apple, or Facebook, we receive only your basic profile (name, email, profile picture). We use it only to create and maintain your Shop Madeira account.
• We do not sell your data. Ever.
• We never share individual resident activity with merchants, merchants see only aggregated, anonymized counts.
• You can export your data or delete your account at any time from your profile settings.

1. Information we collect

1.1 Information you provide to us

• Account information. Your display name, email address, and (if you choose phone sign-in) your phone number.
• Optional profile information. A Madeira street address if you choose to verify your residency to unlock the Verified Madeira Resident badge. We use the address only to confirm a 45243 ZIP match; we do not display it publicly.
• Photos and content you submit. If you submit a photo, hours correction, or tip for a business listing, we store your submission and the business it relates to.

1.2 Information we receive from sign-in providers

When you sign in with Google, Apple, or Facebook, the provider shares a limited profile with us. Specifically:

• Google (OpenID Connect, scopes: openid, userinfo.email, userinfo.profile). We receive your Google account’s unique identifier, primary email address, name, locale, and profile picture URL. We do not request access to Gmail, Drive, Calendar, Contacts, or any other Google product.
• Apple (Sign in with Apple). We receive your Apple identity token, name (on first sign-in only), and a per-app-relay email address (or your real email if you choose to share it).
• Facebook Login. We receive your Facebook account identifier, name, primary email address, and profile picture URL.
• Phone sign-in. Your phone number, used to deliver a one-time code via SMS through Twilio.
• Email sign-in. Your email address, used to deliver a magic-link via Resend.

1.3 Information about how you use the Service

• Favorites and saves. The businesses you favorite or save.
• Check-ins. Each time you check in at a participating business, we record the business, the time, and whether the check-in was verified by location, QR scan, or staff confirmation. Your precise location is used only at the moment of the check-in and only with your explicit permission; we do not persist your continuous location.
• Stamps ledger. Every stamp you earn or redeem is recorded as an append-only entry in our stamps ledger, tagged with the business and the reason. The ledger is the source of truth for your balance.
• Reward claims. Rewards you claim, the redemption code, and whether and when the merchant honored the redemption.
• App and device information. Browser type, operating system, device model, language preference, and other technical information your device shares automatically with any modern website.
• Crash and error data. If the app crashes or hits a server error, our error-monitoring tool records the stack trace and basic device context (no personal data) so we can fix it.

1.4 Information we do NOT collect

• Continuous background location. We request location only at the moment of a check-in, and only with your explicit consent each time, unless you opt into geofence-based “Near you” alerts (a separate opt-in).
• Your contacts, photos library, microphone, or any other device data beyond what you explicitly share with us.
• Financial information. We do not collect credit card numbers, bank account information, or any payment data. Shop Madeira has no in-app purchases at this time.
• Sensitive categories of personal information (race, religion, health, political affiliation, sexual orientation, biometrics).

2. How we use your information

We use the information described above to:

• Create your account and authenticate you on future sign-ins.
• Run the loyalty program: award stamps for check-ins, present rewards you’re eligible for, and apply tier benefits.
• Show you which Madeira businesses are near you (when you allow location).
• Send you transactional emails and (if you opt in) the optional weekly digest.
• Provide aggregated, anonymized statistics to merchants, never individual resident activity.
• Detect fraud and abuse (e.g., GPS spoofing, sharing of QR codes).
• Comply with legal obligations and respond to lawful government requests.
• Diagnose technical problems and improve the Service.

3. How we use data received from Google Sign-In

Shop Madeira’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In plain terms:

• We use Google account information only to create and operate your Shop Madeira account (sign-in, profile display, account recovery).
• We do not use Google user data to serve advertisements.
• We do not sell, license, or rent Google user data to anyone.
• We do not transfer Google user data to third parties except: (a) as necessary to provide or improve the Service itself (our subprocessors, listed in Section 6); (b) for security purposes (e.g., investigating abuse); or (c) to comply with applicable law.
• We do not allow humans to read Google user data unless we have your explicit consent for specific messages, the access is required for security purposes (such as investigating abuse), or it’s required by law.

If you want to revoke Shop Madeira’s access to your Google account at any time, visit https://myaccount.google.com/permissions. That removes our access immediately on Google’s side. Your Shop Madeira account will continue to exist; you can sign in with another method or delete the account separately (see Section 8).

4. Legal bases for processing

For users in jurisdictions that require a legal basis for processing (such as the European Economic Area, the United Kingdom, or California under the CCPA), we process your information on the following bases:

• Performance of a contract, to provide the Service you signed up for.
• Consent, for optional features like push notifications, location-based nearby alerts, the weekly email digest, and Verified Madeira Resident verification.
• Legitimate interests, to keep the Service secure, prevent fraud, improve its features, and communicate with you about account-related matters.
• Legal obligation, when responding to law enforcement requests or complying with applicable laws.

5. How long we keep your information

• Account information, for as long as your account is active, plus 30 days after a deletion request to honor any appeal window.
• Stamps ledger entries, retained for seven (7) years after deletion, in anonymized form, for financial and audit purposes. We rewrite your display name to Neighbor #ABCD and null out your email and phone, so the rows remain auditable without identifying you.
• Check-in location data, the raw latitude/longitude of a check-in is retained 90 days, then aggregated into the per-business counters that drive “n neighbors have been here.”
• Audit logs, 7 years.
• Analytics events, 25 months.
• Fraud signals, 2 years.
• Email and push delivery logs, 1 year.

6. Who we share information with

We share your information only as needed to run the Service, and only with the third-party processors listed below. We do not sell your personal information.

• Clerk, authentication provider. Stores your identifiers, email, phone, and password (if you use one).
• Neon, managed Postgres database where your account and activity records live (US-East region).
• Vercel, application hosting and Vercel Blob for image uploads.
• Resend, transactional email delivery (welcome, claim verification, weekly digest, etc.).
• Twilio, SMS one-time code delivery for phone sign-in only.
• fal.ai, generates ambient illustration imagery for unclaimed business listings. We do not send any personal data to fal.ai; only category and brand prompts.
• Google Maps Platform, used for one-time business directory enrichment. No personal data is sent.
• Apple Push Notification service (APNs), delivers push notifications to the iOS app.
• Sentry, receives crash and error reports. Scrubbed of personally identifiable information.
• PostHog, product analytics. Self-hostable; we identify users by Shop Madeira user ID, not by email or name.
• Upstash, Redis used for rate limiting and queue state. Does not store personal information.
• Cloudflare, Turnstile CAPTCHA on the takedown form, traffic protection.

We share aggregate, non-identifying statistics with participating merchants (e.g., “42 neighbors visited last week”). We never share an individual resident’s identity or activity with a merchant unless that resident has redeemed a reward at that merchant, in which case the merchant sees only the redemption code and the resident’s display name.

We may disclose information when required by law (e.g., subpoena), to protect Shop Madeira’s legal rights, to investigate fraud or abuse, or in connection with a business transfer (sale, merger, acquisition). If our business is transferred to another organization, such as a future handoff of Shop Madeira to the Madeira Chamber of Commerce. We will notify you and you will have the option to delete your account before the transfer takes effect.

7. Cookies and similar technologies

We use a small number of cookies and similar technologies:

• Authentication cookies set by Clerk to keep you signed in. Strictly necessary.
• Preference cookies for things like your favorite businesses and your dark-mode preference.
• Analytics via PostHog, which uses a single cookie to deduplicate page views. We do not use any cross-site tracking cookies.

You can clear cookies at any time through your browser settings, and you can opt out of analytics in your account settings.

8. Your rights and choices

You can, at any time:

• Access the information we have about you by opening your profile page in the app.
• Export all of your account data as a downloadable JSON file. Go to Profile → Settings → Privacy → “Request data export.” You’ll get an email with a signed link within 24 hours.
• Correct your display name, address, and contact preferences from your profile page.
• Delete your account. Profile → Settings → Privacy → “Delete my account.” Your identity is removed immediately; the stamps ledger entries remain in anonymized form for the retention period in Section 5.
• Opt out of marketing emails, push notifications, and nearby-alerts at any time from Profile → Settings → Notifications.
• Revoke a sign-in provider’s connection (for example, removing Google access to your Shop Madeira account) either in the provider’s settings or in your Shop Madeira profile.
• Object to certain processing, and lodge a complaint with a supervisory authority if you are in the EU/UK.

We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California or other US state privacy laws. The opt-out under California law (“Do Not Sell or Share My Personal Information”) does not apply to us because we do not engage in any such sale or sharing.

9. Security

We use industry-standard safeguards to protect your information:

• Encryption in transit (TLS 1.2+) and at rest.
• Strict role-based access control. Only a small number of authorized Shop Madeira staff can access account data, and every access is logged.
• Multi-factor authentication required for administrative access.
• Row-level security on the database for resident-scoped tables.
• Immutable audit logs and an append-only stamps ledger.
• Annual security review and patch management for all third-party dependencies.

No system is perfectly secure. In the event of a data breach that affects your personal information, we will notify you within 72 hours, comply with all applicable breach-notification laws (including Ohio Revised Code § 1349.19), and provide the support you need.

10. International users and data transfers

Shop Madeira is operated from the United States. Our subprocessors are primarily based in the United States. If you access the Service from outside the United States, you understand that your information may be transferred to and processed in the United States. We rely on Standard Contractual Clauses or equivalent transfer mechanisms for any cross-border transfers as required by applicable law.

11. Children’s privacy

Shop Madeira is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with information, please contact us at privacy@shop-madeira.com and we will delete that information immediately. We rely on each sign-in provider (Apple, Google, Facebook) to enforce their own age requirements at signup.

12. AI-generated imagery

For unclaimed business listings, Shop Madeira displays AI-generated ambient illustrations as a placeholder. These illustrations are produced by Flux Pro 1.1 (operated by Black Forest Labs / fal.ai) from a category-keyed prompt template and are clearly labeled in the image’s alt text. They do not depict the actual interior, products, or staff of any business. Once a business owner claims their listing and uploads real photographs, the AI-generated imagery is archived and replaced.

We do not send any personal information to fal.ai. Our prompt templates contain only business category and brand styling guidance.

13. Business listings and resident-submitted content

Shop Madeira maintains a public directory of every business in Madeira, Ohio, sourced from publicly available business information (Google Maps, the City’s business license registry) and from owner submissions. Listings remain in our directory unless the business owner submits a takedown request, which we honor within 48 hours.

If you submit a photo, hours correction, tip, or other content related to a business, you grant Shop Madeira a non-exclusive, royalty-free license to display, store, and moderate that content for as long as the listing exists. You retain ownership of your content.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time as the Service evolves and as legal requirements change. If we make a material change, for example, sharing data with a new category of third party, or changing the retention period, we will notify you by email and require you to re-affirm your consent before the change takes effect. Non-material changes (clarifications, formatting, typo fixes) take effect immediately and are reflected in the “Last updated” date at the top of this page.

15. Contact us

Questions about this Privacy Policy or about how Shop Madeira handles your information should go to:

• Email: privacy@shop-madeira.com
• Mail: LeadTimber LLC, Attn: Privacy, 7610 Railroad Ave, Madeira, OH 45243, USA

For accessibility issues with this Privacy Policy or any other part of the Service, write to accessibility@shop-madeira.com and we will respond within 7 business days.

Shop Madeira is operated by LeadTimber LLC, an Ohio limited liability company. LeadTimber LLC is the entity legally responsible for the data described in this Privacy Policy.