Roam Idaho ("we", "us") is an independent outdoor-intelligence platform built in Boise, Idaho. This page explains what we collect, why, and what your rights are. We aim for minimum-necessary data and we don't sell user data to third parties.
1. What we collect
Account data (only if you sign in)
Email address (from your Google or Apple account, or one you provide for an email-link sign-in).
Display name and profile photo URL (from Google/Apple, if provided).
An internal user ID issued by Firebase Authentication.
App data you create
Waypoints you save (name, coordinates, icon, color, notes).
Ballistics profiles you save (rifle and bullet specs).
Recently viewed and favorited units, waters, trails, and hot springs (some of this is stored only in your browser's local storage and never reaches our servers).
Usage data
Pages viewed and certain in-app events (e.g. layer toggles on the maps), anonymized where possible. Used to improve the product. Provided by Vercel Analytics.
Server logs may include your IP address, user agent, and request path for security and abuse-prevention purposes.
Billing data (only Pro subscribers)
Stripe processes all payments. We never see or store your full card number. We do receive a Stripe customer ID and your subscription status, which we use to grant Pro access.
2. What we do not collect
We do not collect or store your real-time location. The interactive maps may request your browser's location to center the map; that data stays in your device unless you explicitly save a waypoint.
We do not sell user data to third parties.
We do not share your saved waypoints, ballistics profiles, or favorites with anyone outside Roam Idaho.
3. Why we collect it
Sign-in: to identify you across visits and sync your saved data.
Saved data: so your waypoints, profiles, and favorites are available on every device you sign in from.
Usage data: to improve the product (which features get used, which pages are slow).
Billing: to provision Pro access and process renewals.
4. Where it's stored
User data lives in Google Firestore (US region) under your Firebase user ID. Authentication is handled by Firebase Authentication. Payments are processed by Stripe. Analytics events are processed by Vercel.
5. Cookies and similar technologies
roam_session: an HTTP-only signed cookie that keeps you signed in. Expires after 14 days.
Vercel Analytics may set a first-party cookie used to estimate unique visitors. No cross-site tracking.
6. Your rights
Access: you can see your saved data at any time on the dashboard.
Export: email hello@roamidaho.com for a JSON export of everything we have on you.
Delete: visit /settings and click "Delete account". Within 30 days we delete your authentication record, all Firestore data under your user ID, and (where applicable) cancel your Stripe subscription. Some server log entries may persist for up to 90 days for abuse prevention.
EU/UK users: GDPR rights apply. Contact us for any of the above.
California users: CCPA rights apply. We do not sell your personal information.
7. Third-party services we rely on
Firebase / Google Cloud (auth + database hosting)
Stripe (payments)
Vercel (hosting + analytics)
Open-Meteo, USGS, IDFG (public outdoor data — no user data is sent)
8. Children
Roam Idaho is not directed at children under 13. We do not knowingly collect personal information from anyone under 13.
9. Changes to this policy
If we materially change how we handle data, we'll update this page and the "last updated" date above. For significant changes affecting existing users, we'll also email you.