Privacy Policy

Effective Date: November 14, 2025

Last Updated: November 14, 2025

About This Policy

FLX Websites, LLC operates GreaterIthaca.com and is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

We believe in transparency and keeping things simple. We collect only the minimum data necessary to provide our service, and we do not sell your information to anyone.

Information We Collect

Account Information

When you create an account, we collect:

• Your email address
• Your password (stored securely in hashed form)

Activity Data

When you use GreaterIthaca.com, we store your activity on the platform, including:

• Places you favorite
• Places you like
• Custom lists you create
• Recommendations you submit

Form Submissions

When you submit contact forms, feedback, or other inquiries, we collect:

• Your name and email address
• Phone number (when provided)
• The content of your message
• Your IP address (collected automatically by our spam filtering service)

Business Profile Management

If you claim and manage a business profile, you may upload additional content such as:

• Photos and images
• Business descriptions and information
• Hours of operation and contact details

Payment Information

If you purchase a premium business profile, your payment information is processed directly by Stripe. We do not store your complete credit card numbers or payment details on our servers. Stripe handles all payment processing in accordance with their privacy policy.

How We Use Your Information

We use the information we collect to:

• Create and manage your user account
• Provide personalized features (favorites, lists, etc.)
• Process and fulfill premium profile purchases
• Respond to your inquiries and support requests
• Prevent spam and abuse of our platform
• Improve our services and understand how people use our site
• Comply with legal obligations

Cookies and Tracking

Essential Cookies

We use cookies only for essential functionality, specifically to keep you logged in to your account. These cookies are necessary for the website to function and cannot be disabled.

Analytics

We use Fathom Analytics, a privacy-first analytics service that collects website usage data in aggregate without using cookies or collecting personally identifiable information. Fathom is fully compliant with GDPR, CCPA, PECR, and other privacy regulations. The service processes minimal data (IP addresses are pseudonymized) and does not track, profile, or sell visitor data. Learn more about their privacy policy and compliance documentation.

Because Fathom does not use cookies and does not collect personal data, no consent banner is required under GDPR or other privacy laws.

Third-Party Services

We share your information with the following third-party service providers who help us operate our platform and deliver our services:

• Fathom Analytics - Privacy-first website analytics (Privacy Policy, GDPR Compliance)
• Stripe - Payment processing (Privacy Policy)
• Resend - Email delivery service (Privacy Policy, GDPR Compliance)
• Akismet - Spam filtering for form submissions (Privacy Policy, GDPR Compliance)
• CleanTalk - Email spam detection (Privacy Policy, GDPR Compliance)
• Supabase - Database and authentication services (Privacy Policy, Data Processing Agreement)
• Vercel - Website hosting and infrastructure (Privacy Policy, Data Processing Agreement)
• Sentry - Error monitoring and diagnostics. Collects technical error data including browser type, operating system, and page URLs to help us identify and fix issues. Does not collect IP addresses, cookies, or personally identifiable information (Privacy Policy)

These third parties are contractually obligated to use your information only as necessary to provide services to us and in compliance with applicable privacy laws. We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Data Retention

We retain different types of data for different periods:

• Account data: Until you request account deletion
• Transaction records: 7 years (required for tax and business record-keeping)
• Server logs: Up to 90 days
• Form submissions: Email logs retained for up to 30 days
• User activity (favorites, likes, lists): Until you request account deletion
• Backup data: Up to 30 days

Your Rights and Choices

Access and Correction

You can view and update your email address and account preferences through your profile settings. If you need to correct other information or have questions about the data we hold, contact us at support@greaterithaca.com.

Data Export

You have the right to request a copy of your personal data in a portable format. To request a data export, use the link in your profile settings or email us directly at support@greaterithaca.com.

Account Deletion

You have the right to request deletion of your account and all associated personal data. When you request account deletion, we will permanently delete:

• Your email address and account credentials
• Your favorites, likes, and custom lists
• Your recommendations
• Any other personal data associated with your account

To request account deletion, use the link in your profile settings or email us at support@greaterithaca.com. We will process your request promptly, typically within 45 days.

Important note for business managers: If you manage a business profile and delete your personal account, the business profile and its public information will remain on the platform unless you are the provable owner of the business and specifically request deletion of the business profile as well.

Marketing Communications

We currently send only transactional emails (account confirmations, security notifications, etc.). If we introduce marketing emails in the future, you will be able to unsubscribe using the link in each email.

Content Ownership and Liability

User-Uploaded Content

When you upload content (photos, business descriptions, etc.) to manage a business profile, you retain full ownership of that content. By uploading content, you grant us a license to display and use that content on our platform and in our marketing materials.

Platform-Generated Content

We create and maintain business profiles by collecting publicly available information and taking photos of business exteriors. Content created by us (not user-uploaded) is owned by FLX Websites, LLC.

Accuracy of Information

We strive to maintain accurate information about businesses listed on GreaterIthaca.com, but we cannot guarantee the accuracy of all content. We have zero liability for inaccurate information. If you find incorrect information, you can submit a feedback request or claim the business profile to manage it yourself.

Data Security

We take reasonable measures to protect your personal information from unauthorized access, disclosure, or destruction. Your password is stored using industry-standard hashing, and all data transmissions are encrypted using HTTPS. Payment information is processed through Stripe's secure, PCI-compliant infrastructure.

Our infrastructure is hosted by Supabase and Vercel, which maintain SOC 2, HIPAA, and GDPR compliance. We use Socket.dev to monitor dependency security and regularly analyze database access logs for suspicious activity.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification

We monitor our systems for security issues and will notify affected users promptly via email if a data breach occurs. We will also comply with applicable legal requirements regarding breach notification to authorities.

Geographic Restrictions and International Data Transfers

GreaterIthaca.com is operated from the United States and primarily serves users in the United States. All data is stored on servers located in the United States.

For users in the European Union: By using our service, you acknowledge and agree that your data will be transferred to and stored in the United States. Our service providers (Supabase, Vercel, Resend) are certified under the EU-US Data Privacy Framework and use Standard Contractual Clauses for data transfers.

We do not actively market our services to residents of the European Union. If you are located in the EU and do not agree to the international transfer of your data to the United States, please do not use our service. If you have questions about international data transfers, please contact us at support@greaterithaca.com.

We may restrict access to our platform from certain countries for security, compliance, and fraud prevention purposes.

Age Requirements

GreaterIthaca.com is intended for users who are at least 16 years old. We do not knowingly collect personal information from individuals under 16. If we learn that we have collected information from a user under 16, we will delete that information promptly.

Our service is not directed to children under 13, and we do not knowingly collect information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

If you believe we have collected information from someone under 16, please contact us at support@greaterithaca.com.

California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You can request information about the personal data we have collected about you, including the categories of data, sources, purposes, and third parties we share it with.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

We do not sell your personal information and have not sold personal information in the past 12 months. We do not share personal information for cross-context behavioral advertising purposes.

To exercise your California privacy rights, contact us at support@greaterithaca.com or use the data export and deletion request options in your profile settings. We will verify your identity before processing requests and respond within 45 days.

Law Enforcement and Legal Requests

We may disclose your information if required by law, such as in response to a subpoena, court order, or other legal process. We will comply with valid legal requests from law enforcement and government authorities as required by applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The current version will always be posted on our website with the effective date at the top. If we make material changes, we will notify users via email.

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

We aim to respond to privacy-related inquiries within 48 business hours, though response times may vary depending on the complexity of the request.