Privacy Policy | Piknik

Information We Collect

Minimal Data Collection: We collect only what's essential to provide you with a meaningful experience. The data we collect depends on which features you use.

Core Account Information (Always Collected)

Email address: Required for account creation and magic link authentication
Optional name: For personalization and business listings
Account preferences: Theme, notification settings, language preferences

Business Information (Optional)

Business profile: Name, description, location, contact details, operating hours
Product/service listings: Descriptions, categories, pricing, availability
Public visibility: Business information you publish is publicly accessible

Location Data (Optional)

GPS coordinates: Only when you choose to share your location for finding nearby businesses
Map interactions: Current map center and zoom level for personalized search results

Usage Analytics (Optional - via PostHog)

Page views: Which pages you visit to improve user experience
Feature usage: What features you use to prioritize improvements
Technical data: Device type, browser, screen resolution for compatibility
Performance data: Load times and errors to maintain service quality
Session recordings: Visual recordings of how you interact with Piknik (mouse movements, clicks, scrolling) to improve user experience and identify usability issues. Only activity within the Piknik app is recorded - not other tabs or windows. Password fields and sensitive inputs are automatically excluded from recordings.

You control analytics: You can opt out of analytics tracking (including session recordings) at any time through the cookie consent banner or in your account settings. When opted out, no analytics data or session recordings are collected.

PostHog data is anonymized and used solely for product improvement. Learn more at posthog.com/privacy

Survey Responses (Fully Anonymized)

Anonymized responses: Your survey answers are stored with a one-way encrypted hash, not your actual user ID
No identity link: It is cryptographically impossible to determine who submitted a specific response
No location tracking: We do not store your GPS coordinates with survey responses
Duplicate prevention: We use the anonymous hash to prevent multiple submissions without revealing your identity
Aggregate data only: Survey creators see only aggregated statistics and answer distributions

✓ Maximum Privacy: Survey responses are designed for complete anonymity. Even if our database is compromised, your identity and the surveys you've answered cannot be determined. Your responses help local businesses improve while protecting your privacy.

Browser Storage

Theme preference: Dark/light mode setting
Map filters: Your preferred search categories and radius
Prompt dismissals: Which helpful hints you've already seen
Cookie consent: Your analytics preference choice
Notification preferences: Push notification settings
Anonymous survey ID: A random identifier stored locally to prevent duplicate survey submissions (cannot be linked to your account)

How We Use Your Information

Connect you with local food sources: Help you discover farms, restaurants, and local businesses in your area
Provide essential services: Magic link authentication, business profile management, and location-based search
Enhance user experience: Remember your preferences (theme, map filters) and personalize your local food discovery
Improve our platform: Analyze anonymized usage patterns to prioritize features and fix issues (only if you consent)
Collect anonymous feedback: Enable local businesses to gather customer feedback through surveys while protecting your complete anonymity
Send notifications: Deliver optional push notifications for updates and events (requires your permission)
Ensure service quality: Monitor performance, prevent abuse, and maintain platform security

Information Sharing and Public Data

We never sell your personal information. We only share data in specific, limited circumstances for essential platform operations.

⚠️ What Becomes Public:

Information you intentionally make public (business listings, profiles, reviews, marketplace listings, event posts) is accessible to anyone on the internet and may be indexed by search engines, cached, or copied. Once public, we cannot control how others use or share this information.

When We Share Information

Public business listings: Business information you choose to make publicly visible
PostHog analytics: Anonymized usage data for product improvement (only if you consent, processed in accordance with PostHog's privacy policy)
Email service: Necessary contact information with our email provider for magic link authentication and notifications
With your explicit consent: When you specifically authorize information sharing
Legal requirements: When required by law, legal process, or to protect our users' safety

Your Rights and Choices

Access: Request a copy of your personal information stored in our database
Correction: Update or correct your account and business information through your profile settings
Account Deletion: Delete your account at any time through Settings → Account. Your account will be permanently anonymized, removing all personal information while preserving anonymized contributions for platform integrity. Note: Public information already copied or cached by others cannot be removed.
Location sharing: Enable or disable location access at any time through your device settings or the Location tab in Settings
Analytics opt-out: Control analytics tracking through the cookie consent banner on first visit, or toggle it anytime in Settings → Account
Notification preferences: Manage push notification settings in Settings → Notifications
Browser storage: Clear your preferences by deleting browser data or using incognito mode

For additional assistance with your privacy rights, contact us at [email protected]

Data Security

We implement industry-standard security measures to protect your information:

Secure data transmission (HTTPS/SSL encryption)
Magic link authentication (passwordless login)
Regular security audits and updates
Access controls and authentication
Incident response procedures

Important Limitation: While we take reasonable measures to protect your data, no method of transmission over the internet is 100% secure. We continuously work to improve our security practices, but cannot guarantee absolute security. Only share information you're comfortable potentially becoming public.

Data Retention

We retain your information only as long as necessary:

Active accounts: Data retained while your account is active and for legitimate business purposes
Deleted accounts: Personal information is immediately anonymized upon account deletion
Public content: Information you made public may remain visible in anonymized form to maintain platform integrity
Analytics data: Anonymized analytics retained for up to 7 years for product improvement
Cached/copied data: We cannot control data that has been cached, copied, or indexed by search engines or third parties
Legal requirements: Some data may be retained longer if required by law

Children's Privacy

Piknik is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this policy. Significant changes will be communicated through the app or via email. Continued use of Piknik after changes constitutes acceptance of the updated policy.

Contact Information

Questions about this Privacy Policy?

Email: [email protected]
Mail: Piknik Privacy Officer
Waterloo Region, Ontario, Canada