Privacy Policy for cachetur.no

Last updated: Friday August 2nd 2019 9:10pm CEST

Ved feil i oversettelse av disse vilkår er norsk eller engelsk versjon gjeldende / In case of translation errors, the Norwegian or English version are considered to be correct

This information applies to all services delivered directly from cachetur.no. Services delivered by third parties have their own terms. See links to 3rd party information at the bottom.

For cachetur.no to be able to function, we are dependent on retrieving and storing information that can be tied to you.
The information we retrieve are stored so that it may only be accessed by the system or the administrator

Information you give us

All data you input anywhere on cachetur.no (trips, comments, waypoints etc) is stored in our systems.
Even after that the information has been deleted, some pieces of it may still remain in system logs and backups.

Data that is necessary for normal operation

To use cachetur.no, you need to be registered with a valid email address, which will be stored along side all other information you give, while registering.

In addition, the following information is stored every time you log in:

  • Date and time for login
  • Your unique login-ID
  • Your IP address
  • Information about your browser

This information is stored to eliminate the need to use your username and password everytime you open cachetur.no, and for us to make sure that only you get access to your data.

Information about attempts on unauthorized access to protected areas is logged, primarily this is done to detect attempts on attacks.

To be able to indicate whats new, date and time for the last visit on every page on cachetur.no is stored. Only the last visit is stored.

Some events that causes changes in data, is logged.
This is to help with support. Information that's stored is information that is otherwise available in other ways.

All use of the cachetur.no API is logged. Only info about API calls made (not transmitted data) will be logged.

Other information stored on cachetur.no is information you yourself have given us.

None of the data will be made available for a third party.

Data no longer necessary, like IP-addresses and browser information, is deleted automatically when logging out, or after 30 days.

Usage of your email address

We will never use your email address for marketing purposes, which is why we won't collect your consent for this either.

Your email address is used for the following:

  • Verify that you are not a robot
  • Send you important information regarding your user account
  • Send you alerts and notifications you have subscribed to
  • Send you alerts related to your trips

Information that is gathered from geocaching.com

Cachetur.no is required to follow the API-conditions set by geocaching.com, and thus you are required to authenticate against geocaching.com, before you get access to geocache data

To be able to remember your login and to allow proper working of the various functions on cachetur.no, we collect and store the following data:

  • A unique secret key connecting your account on geocaching.com with cachetur.no
    • This is used to tie your user to caches, find logs and other logs.
  • Your found logs (only date, log-ID and log type)
    • This is used to indicate found status on caches.
  • Your find count
    • This is needed in the log fetching process.
  • Information about your user that is needed for identification and access management: member ID, username, avatar, member level
    • This is needed to show your user on cachetur.no, know which data we are allowed to show you and to create a unique link to your profile on geocaching.com.
  • Your location (region calculated from home coordinates) and your home coordinates
    • Location is needed to show events on your dashboard. We also use region information to generate usage statistics.
  • Information from your unpublished geocaches if you add them to a trip/list
    • Your unpublished geocaches are visible only to you (and to second line support when they provide assistance)

Information we gather is information already publicly available on your profile.

You can withdraw the authorization of cachetur.no anytime you want. You can do that from your account settings.

Groundspeak stores information about API-calls performed by your user, for example when retrieving a cache for one of your trips

If you activate it, we will also fetch your personal cache notes. This is used to read coordinates from your notes, and to show your notes in the waypoint details and in printouts.

If you activate it, we will also fetch your geocaching.com friends. This is used to indicate caches found by friends in trips and lists and in the app.

Information about your bookmark lists, pocket queries and corrected coordinates are fetched only when you use any of the functionality related to this.

Who we share information with

Information you store in our services, will be made available externally or for other users in some cases:

  • Information in trips/lists/groups will be made available for all invitees and participants
  • Information in trip templates and public lists will be made available for all users.
  • Information about your relevant finds (found date and type, not log text) is shared with other users if they are participating in the same trip as you, and when they add you as a friend.
  • Limited information about trip templates and public lists (description and number of caches) will be made available in cachetur.no open API
  • Information about your trips and lists will be made available in cachetur.no API after you log in
  • Coordinates for your waypoints are sent to GraphHopper for route calculation, GraphHopper does not have access to waypoint names or any other information. The information will be deleted after a maximum of 5 weeks. All route calculations are run through our proxy, so no other personal information is shared with GraphHopper.
  • Search words and request information (including your IP address) is sent to GraphHopper when you use the geocoder. This information is stored for a maximum of 5 weeks. The search is forwarded to OpenCageData, which will store the information for up to 6 months.
  • Coordinates for first and last waypoint in your trips is sent to TimeZoneDB and sunrise-sunset.org to find sunrise and sunset times.

Your corrected coordinates will only be available for participants in the trip/list

We neither sell, rent nor give away any other personal information to any other 3rd party.

File upload

Files uploaded to trips etc. are saved in Amazon S3. Files uploaded to private trips or similar are encrypted. Files that are available publicly, like in trip templates, are stored without encryption.

Cookies

Cachetur.no utilizes cookies to keep track of your login status and to store information about map selections.

Cookies are required to log in, and if you disable cookies you will not be able to use cachetur.no

The blog and Help Center uses it's own cookies, to remember login and user details.

Cachetur.no and associated systems, uses cookies to collect data of user patterns. Read more below.

Cachetur.no does not use cookies to generate targeted advertisements.

Some cache descriptions may contain items that track you, e.g., flag counters.

Some map providers may use cookies to track usage. This is outside our control.

Analytical data

As most other websites, we gather anonymized data that we use to see usage patterns on our services. We gather information about operating system, browser, language, referring website (the site you came to cachetur.no from), date and time of visit and screen resolution.

We collect this using information your browser makes available to all web pages you visit, using a tool called Cloudflare Web Analytics.

This information is used to generate aggregated statistics, see usage patterns, and optimize services and development.
The statistics are used to measure if things work as well as we want, and to plan further development and optimizations.

Non-personally identifiable aggregated statistics may from time to time be published (typically a report showing the use of our systems).

Data collected is anonymous and cannot be connected directly to you

Cachetur.no has full control and ownership of all collected data, nothing is rented or sold to third parties

Financial transactions

Of legal reasons, all information related to financial transactions are stored both by us in our systems, by our bank and by our payment providers.

Server logs

Cachetur.no's server, like most other web servers, stores information about all received requests.

Information we store:

  • IP address
  • Date and time
  • Request data
  • Status code
  • Size of response (the response itself is not stored)

This information is used for troubleshooting and statistics. Only the server administrator has access to this data.

In addition, information about requests are submitted to Imunify360, which is our firewall.

Information stored by Imunify360:

  • IP address
  • Date and time
  • Request data
  • Meta data for your browser (version, resolution and browser fingerprint)
  • URL
  • HTTP/HTTPs query parameters, encrypted using one-way encryption (irreversible encryption used for comparison & analysis) - If attack is detected, HTTP parameters are collected without using one-way encryption. It will still be encrypted for the purpose of transferring it between servers.

When you use the blog, the same information is sent to Wordfence (Defiant), which is our firewall for the cachetur.no blog.

Log data cannot easily be tied to specific users.

Cachetur.no does not use any third party services for storing logs or statistical data

Data protection

We utilize firewalls, antivirus, access control and encryption where necessary to protect your data.

Daily backups, both internally at Hetzner and to Amazon S3, help protect against data loss.

Our services runs on a cloud server from Hetzner. You can read more about their security work here.

People with access to data

Administrator has access to all data, mainly to troubleshoot problems and facilitate support. But also to ensure safe operations of our services.

Ambassadors/moderators have access to limited user information (information about your account and logs, but no access to trips and lists). You can grant them additional access to your account after you have submitted a support request.

Data breach notification

We are required to report all security incidents to Groundspeak. We also always will alert you, our users, about any incident or data breach and our actions and details regarding the data that has been breached.

Data storage

We store data in the following places:

Supplier Storage location Data
Hetzner Online GmbH Falkenstein, Germany Server logs, database, user data, trips, comments, application
Amazon AWS Ireland - plus copy in all CloudFront regions when data is accessed Pictures, files and backup - files in private trips and lists are stored encrypted
Cachetur.no app - Expo.io USA (Google Cloud) and world wide (AWS, only request logs in CloudFront) Update token and logs

Access to your own data

Data you give us, with exception of files, can be easily downloaded from your profile. We do not include data that would be in breach of another user's privacy. Any uploaded files must be manually downloaded.

Deletion of your data

You have to send us a request if you want us to delete your personal data. We will remove all personally identifiable information. But please note that most will only be anonymized, in such a way that it will be impossible to tie it back to you personally. Non-personally identifiable information, trips, content generated by cachetur.no etc. will not be deleted. Residual information may still be present in old logs, comments and messages.

Cachetur.no app

Cachetur.no use Expo.io for building and automatic updates for our app. Expo.io hosts the data files the app use, and they also provide automatic updates for minor changes.

To make this happen, they store a token that is unique for your device. Request logs (containing your IP address, locale, operating system and other non-personal information about your device) from Expo are stored for 30 days.

Expo use Amplitude to measure basic app metrics, mainly on initial launch, encountered errors and successful launches. This data is used to measure the health of the framework, and help identify problems.

Expo use Fabric Crashlytics to gather crash logs and for general debugging. Crashlytics collects a unique installation ID (not personally identifiable) from your device, in addition to crash traces. This data is kept for 90 days.

3rd party terms

We use several 3rd party services, you will find links to their privacy policies below.

Geocaching.com

All cache data is fetched from geocaching.com. Read their privacy policy here.

Atlassian JIRA / Confluence

JIRA is powering our Issue tracker, and Confluence is powering our Help center. Read their privacy policy here.

Slack

Our chat platform is powered by Slack. Read their privacy policy here.

Expo.io

We use Expo.io for building and automatic updates for our app. Read their privacy policy here.

Expo use Fabric Crashlytics for collection of crash logs. Read their privacy policy here.

Contact us

You can contact us via the support system, or via [email protected] - Create new request