Last Updated: February 1, 2023
Welcome to the Privacy Policy of AllTrails, Inc. (“AllTrails,” “we,” “us,” or “our”). AllTrails provides a digital platform that helps people explore the outdoors with a collection of detailed, hand-curated trail maps, trail reviews, and photos crowdsourced from a community of registered hikers, mountain bikers, and trail runners. This Privacy Policy applies to the following services operated by AllTrails (collectively, the “Service”):
www.alltrails.com and other websites owned and/or operated by AllTrails that contain a link to this Privacy Policy (collectively, the “Site");
- All mobile applications that contain a link to this Privacy Policy (the “AllTrails Apps”); and
- All services made available by AllTrails through the Site and the AllTrails Apps, collectively, the “Service”.
This Privacy Policy explains what Personal Data (defined below) we collect, how we use and share that data, and your choices concerning our data practices.
This Privacy Policy constitutes an integral part of our Terms of Service, accessible at: https://www.alltrails.com/terms.
Please read this Privacy Policy before using our Service or submitting any Personal Data to AllTrails and contact us if you have any questions.
INFORMATION WE COLLECT
When you contact us or interact with our Service, we collect information that alone or in combination with other information could be used to identify you (“Personal Data”) as follows:
Personal Data You Provide to Us: We collect Personal Data when you sign up for our Service through the Site or an AllTrails App or contact us. The Personal Data collected during these interactions may vary based on what you choose to share with us, but it may include any of the following:
Account Data: When you sign up, some information is required to create an account on our Service, such as your name, username, email address, and mailing address.
Payment Data: If you choose to purchase a subscription to our Service via credit card, debit card or other payment method, our third party payments processor (Stripe, Inc. or “Stripe”) will process certain payment and billing information, such as billing address, payment card details, and authentication features. That information is collected by Stripe directly, and we do not collect or store it. If you have questions about how Stripe protects such information, please read Stripe’s services agreement and privacy policy.
Social Media Data: We have pages (“Social Media Pages”) on social media sites like Facebook, Instagram, Pinterest, Twitter, and LinkedIn (each a “Social Media Site”). The platforms that host our Social Media Pages or Social Media Features may provide us with aggregate information and analytics regarding the use of our Social Media Pages and Social Media Features.
User Generated Content: User-generated content, such as profile pictures, photos, images, videos, posts, comments, questions, messages, user interactions, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
Contacts Book Data: Our mobile applications may allow you to synchronize the numbers in your Contacts address book on a regular basis in order to identify any friends and/or relatives who use the Service. When you do so, we will ensure that the relevant data is encrypted and will not use it for any purpose other than matching your contacts to users of the Service. If any of your contacts are using the Service, we will let you know so that you can connect with them. You can revoke our access to your Contacts address book at any time through your mobile device settings.
Additional Information: To help improve your experience or enable certain features of the Service, you may choose to provide us with additional information, such as your date of birth/age, height, weight, gender, profile picture, city of residence, community username, statistics on your hiking and biking history and your reviews and photographs of trails.
Information We Generate From Your Use of Our Service: When you visit, use, interact and register with the Service, we may automatically generate certain information about your visit, use, interactions or registration. For example, we may monitor the number of people that visit our Site or AllTrails Apps, peak hours of visits, which page(s) are visited on our Site or AllTrails Apps, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access and visit our Site (e.g., Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and Site- and AllTrails App-navigation pattern. In particular, the following information is created and automatically logged in our systems:
Log Data: Information that your browser automatically sends whenever you visit the Site or AllTrails Apps. Log data includes your IP address (so we understand which country you are connecting from when you visit the Site or AllTrails Apps), browser type and settings, the date and time of your request, and how you interacted with the Site or AllTrails Apps.
Cookies Data: We use cookies and similar technologies to operate and administer our Site and AllTrails Apps, make it easier for you to use the Site and AllTrails Apps during future visits, and gather usage data on our Site and AllTrails Apps. For more information about the technologies used and information collected on our Site and AllTrails Apps, please refer to our Cookie Policy, which forms part of this Privacy Policy.
Device Data: Includes the model of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings. We may also collect data from your device to estimate a variety of metrics like the time, frequency and duration of, and calories burned during, your activities for the purpose of calculating your Usage and Activity Data (described below).
Usage and Activity Data: We collect information about how you use our Site and AllTrails Apps, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency and duration of, and calories burned during, your activities.
Geolocation Data: If you have enabled location services for an AllTrails App on your mobile device or on your computer via the Site, we may collect your precise location information based on city, state, zip code, country, latitude and longitude. AllTrails may also derive your approximate location from the IP address of your computer or mobile device. Geolocation data is used for purposes of directing you to nearby trails and parks and offering other relevant content and services.
Session Replay Data: We use third party services provided by Hotjar that employ software code to record users’ interactions with the Services in a manner that allows us to watch DVR-like replays of those user sessions. The replays include users’ clicks, mobile app touches, mouse movements, and scrolls during those sessions. These replays help us diagnose usability problems and identify areas for improvement. You can learn more about Hotjar at https://www.hotjar.com/legal/policies/privacy/ and you can opt-out of session recording by Hotjar at https://www.hotjar.com/legal/policies/do-not-track/.
Information We Receive From Third Parties. If you elect to authenticate to our Service using your account on another service (such as a Facebook, Google, or Apple account), we may receive from the other service information like your external account name as well as other information you may choose to make available to us based on your external account settings, such as contact lists and profile photos (if any). You can stop sharing the information from the other service with us by removing our access to that other service.
HOW WE USE PERSONAL DATA
We use your Personal Data for a variety of purposes, which are listed in the table below. If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy to explain any such new purpose.
In addition, in respect of each of the purposes for which we use your Personal Data, privacy laws in certain jurisdictions require us to ensure that we have a ‘legal basis’ for that use. Most commonly, we will rely on one of the following legal bases:
Where we need to process your Personal Data to deliver our Service to you, or to otherwise perform our contractual obligations to you (“Contractual Necessity”).
Where we need to process your Personal Data for our legitimate business interests, and your interests and fundamental rights do not override those interests (“Legitimate Interests”).
Where we need to process your Personal Data to comply with a legal or regulatory obligation (“Compliance with Law”).
Where we have your specific consent to carry out the processing for the purpose in question (“Consent”).
We have set out below, in a table format, the various purposes and legal bases we rely on in respect of the processing of your Personal Data:
| PURPOSE | LEGAL BASIS |
| Account creation - to create and manage your account on the Service. | Contractual Necessity |
| Service delivery - to operate and deliver our Service to you. | Contractual Necessity |
| Lifeline Group - to communicate with your Lifeline Notification Group regarding your whereabouts as described on our Service. | Contractual Necessity |
| Payments processing - to process your payments via our third-party payments processor. | Contractual Necessity |
| Customer support - to deliver customer support to you and respond to your queries. | Contractual Necessity |
| Contacts syncing – to match the phone numbers in your Contacts address book to users of the Service, if you have chosen to do so. | Contractual Necessity |
| Service improvement – to analyze how you use our Service and to improve it. | Legitimate Interests |
| Fraud prevention – to keep our Service and associated systems operational and secure. | Legitimate Interests |
| Legal compliance – to comply with our legal obligations, for example our accounting and tax reporting obligations. | Compliance with Law |
| Marketing – to send you information about our products and services (including via email). | Consent |
Marketing. We may contact you to provide information we believe will be of interest to you. For instance, if you elect to provide your email address, we may use that information to send you promotional information about our products and services. If we do, we will only send you such emails if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving emails at any time by following the instructions contained in each promotional email we send you or by contacting us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding our Site and Services and to respond to your requests.
In certain circumstances, we may share your Personal Data with third parties without further notice to you, unless required by the law, as set forth below:
Affiliates: Other companies in our corporate group may help us deliver our Service to you.
Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with service providers, including hosting, cloud services and other information technology services providers; email communication software providers and email newsletter providers; data base and sales services; customer relationship management, customer engagement, and customer feedback services; payment processors; security services; and analytics services. Pursuant to our instructions, these parties will access, process or store Personal Data in the course of performing their duties to us.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, including to respond to lawful requests from public authorities and to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.
Other Users. Your profile and other User Generated Content (except for private messages) may be visible to other users of the Service (which may include all users of the Service or a limited number of users, depending on your privacy settings). For example, other users of the Service may have access to your information if you chose to make your profile or other personal information available to them through the Service, and may also have access to content that you submit to the Service such as when you provide comments, reviews, survey responses, or share other content. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of information.
DATA RETENTION
We keep your Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
UPDATE YOUR INFORMATION
If you need to change or correct your Personal Data, please contact us at [email protected]. We will address your request as required by applicable law.
CALIFORNIA PRIVACY RIGHTS DISCLOSURES
Collection, Disclosure, and Use of Personal Data: The categories of Personal Data we have collected in the preceding twelve months are described above in the “Information We Collect” section. In the preceding twelve months, we have disclosed for business purposes each of the categories identified in that section to the categories of third parties identified in the “How We Share and Disclose Personal Data” section. The business and commercial purposes for collecting Personal Data are described in the “How We Use Personal Data” section. We collect Personal Data directly from you and from external accounts you use to log-in to the Service.
Privacy Rights: Where provided for by law and subject to any applicable exceptions, California residents may have the following rights under the California Consumer Privacy Act of 2018 (“CCPA”):
To know the categories of Personal Data that AllTrails has collected about you, the business purpose for collecting your Personal Data, and the categories of sources from which the Personal Data was collected.
To access the specific pieces of Personal Data that AllTrails has collected about you.
To know whether AllTrails has disclosed your Personal Data for business purposes, the categories of Personal Data so disclosed, and the categories of third parties to whom we have disclosed your Personal Data
To have AllTrails, under certain circumstances, delete your Personal Data; and
To be free from discrimination related to the exercise of these CCPA rights.
AllTrails does not sell your Personal Data.
If you would like to exercise any or all of these rights, you may do so by contacting [email protected] or https://lp.alltrails.com/en/data-magagement/. Your authorized agent may submit requests in the same manner. Once we receive your request, we will verify your identity by sending an email to the email address you provide to us.
If you have questions about your rights or our disclosures under the CCPA, or to request access to an alternative format of this notice, you may reach us at [email protected].
Online Tracking and Do Not Track Signals: We and our third party service providers, including Facebook, may use cookies, pixels, or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Site and use that information to send targeted advertisements. Our Site currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will describe how we do so in this Privacy Policy.
CHILDREN
Our Service is not directed to children who are under the age of 16. AllTrails does not knowingly collect Personal Data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to AllTrails through the Service, please contact us and we will endeavor to delete that information from our databases.
EEA and UK USERS
Scope: This section applies to users located in the European Economic Area (“EEA”) or the United Kingdom (“>UK”).
Data Controller: AllTrails, Inc. is the data controller for the processing of your Personal Data. You can find our contact information in the “Contact Us” section below.
EEA + UK Representatives: For requests, inquiries or issues related to our processing of your Personal Data and/or this Privacy Policy, users in the EEA may contact our EEA Representative directly by emailing Julia Muench at [email protected]; Users residing in the UK may contact our UK Representative, Gareth Mills, by emailing [email protected].
Legal Bases for Processing. This Privacy Policy (the paragraph “How We Use Personal Data”) describes the legal bases we rely on for the processing of your Personal Data. Please contact us if you have any questions about the specific legal basis we are relying on to process your Personal Data.
Your Rights. Pursuant to applicable privacy laws in the EEA and the UK, you have the following rights in relation to your Personal Data, under certain circumstances:
Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details.
Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to data portability: You have the right to obtain a copy of your Personal Data from us, to the extent that it is processed by automated means. We will give you a copy of your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
If we are relying on a Legitimate Interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing or we need to process your Personal Data in order to establish, exercise, or defend legal claims.
If we are processing your Personal Data for direct marketing -- we may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above).
Right to withdraw consent: If we rely on your Consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your Personal Data before we received notice that you wished to withdraw consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to your local data protection authority.
Typically, you will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data. This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month of receipt. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
Please see the “Contact Us” section below for information on how to exercise your rights.
INTERNATIONAL TRANSFERS
AllTrails is based in the United States. Some of our vendors and service providers may also be located in the United States or another country. As such, any processing of your Personal Data may involve an export of your Personal Data outside of your country of residence, including to countries which may have data protection laws that are less stringent than the laws in effect in the country in which you are located. Whenever we transfer your Personal Data out of your country of residence, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards which comply with applicable privacy laws. If you would like to receive more information about these safeguards, please Contact Us.
HEALTH SERVICES
Our Service may utilize connections to the Apple Health App (“HealthKit”), Google Fit, Garmin Connect, and other third-party fitness, health, and tracking applications and services (together with HealthKit, “Health Services”). For more information on HealthKit, please click here. You can choose to connect and share information with Health Services. If you grant access for us to write data to Health Services, we can add information such as your activity recordings and related information like activity distance, calories burned, active energy, and flights climbed, amongst other data, to HealthKit.
Your unique health data you choose to send to Health Services Kit is not accessible by AllTrails. Our Apps cannot write data to Health Services unless you grant access. You can remove access at any time inside the Health Service.
Since we do not obtain or read any data from Health Services, such Health Services data cannot be used by us for marketing or advertising purposes, or shared with or sold to advertising platforms, data brokers, or information resellers.
AllTrails is in no way responsible for the protection of any of your information that you agree to store with Health Services, which is governed by the privacy policies and other terms of the applicable Health Service. You and the Health Service are solely responsible for the protection of such information. Please review the Health Service’s applicable policies and procedures before granting permission to sync your health data and/or other information with the Health Service.
LINKS TO OTHER WEBSITES
The Site and AllTrails Apps may contain advertisements for or links to other websites, products, or services not operated or controlled by AllTrails, including Social Media Sites (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
SECURITY
You use the Service at your own risk. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, which comply with industry standards and applicable privacy laws. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. Please keep this in mind when disclosing any Personal Data to AllTrails via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
We have also put in place procedures to deal with any actual or suspected data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so), we may notify you of breaches affecting your Personal Data.
YOUR CHOICES
Whether or not you provide Personal Data to us is completely up to you, but if you choose not to provide information that is needed to use some features of our Service, you may be unable to use those features. You can also contact us to request access to your Personal Data or to ask us to update, correct, or delete your Personal Data.
CHANGES TO THE PRIVACY POLICY
The Service and our business may change from time to time. As a result, we may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.
CONTACT US
If you have any questions about our Privacy Policy or the information practices of the Site, please feel free to contact us at [email protected].