Privacy Policy

Introduction

Here we outline what data we collect as you use the app, why we collect it and how we protect it. We may update our privacy policy from time to time to reflect changes in our practices, as we add new features or for other operational, legal, or regulatory reasons. Please revisit this page periodically to stay up to date on our practices.

Geolocation Data

If geolocation monitoring is supported by your browser and device, you may opt into our location services. Unless and until you grant Zoo Guide access to your location, we will not have access to it and you will not be able to utilize our location services. We only have access to your location data while you are using the app; we do not have access to it while the app is closed or running in the background. You may revoke our location access at any time either within the app or in your browser's settings.

We use your location data for 4 purposes:

1. Providing walking directions upon your request
2. Displaying your location on the map
3. Determining which zoo, if any, you are currently visiting
4. Sending you information on animals as you approach exhibits

The only third party we provide your location data to is Google and only in case number 1 (when you have requested walking directions). We must provide the coordinates of your current location to Google as, obviously, your optimal route cannot be calculated without your current position as the starting point. Although, to be clear, Google has no way of knowing who our server has made the directions request on behalf of, or even if anyone is currently at your location. Your use of Zoo Guide's location services never provides Google with your location in a way that can be connected to you.

It is possible that in the future we may provide ananymous location data to zoos which they could use to make data driven decisions on how best to allocate their limited resources. We do not currently do this and there are no concrete plans to at the moment, but it is an idea we are considering.

Third-Party Sign-In

We offer the option to sign in to our website using your Google account through OAuth2, a secure authentication method. When you choose to sign in with Google, we request access to the following limited information:

• Email: To identify and communicate with you.
• Profile: To access basic information such as your name for personalization purposes.

We collect and use this information to facilitate your sign-in process and provide a seamless user experience on our site. Your Google account data is handled securely in accordance with Google's policies and our own data protection practices.

Browser Storage

There are a few different forms of storage supported by modern web browsers; Zoo Guide uses cookies, IndexedDB and local storage.

Cookies

While ZooGuide provides its content and services free of charge, we do have expenses, such as the electricity and hardware which power and host our server, the third party services we utilize, and the hundreds of hours we have spent, and will continue to spend, developing and maintaining the app. In order to pay our bills, we use a Google service called AdSense to display ads. Google AdSense uses cookies to show you personalized advertisements based on your browsing history. Advertisers pay more for opportunities to show their ads to targeted users (again, based on browsing history), so by allowing cookies, not only are you likely to see more appealing ads, but ZooGuide should generate a bit more revenue from AdSense. You can decline cookies, however, you will likely find that the ads you see on our site are less relevant to you. You can update your cookie preferences in your browser's settings. As mentioned in Google's privacy policy, security measures are in place to protect your data. We understand and sympathize with your privacy concerns, and we know that you don't visit our site for the ads. If you're tired of seeing ads, you can purchase a pass which will give you unlimited access to premium app features and remove ads until your pass expires.

We also use cookies to store authentication tokens so that our server can identify who is making the request. This is important because we don't want to send you or others information which you / they are not authorized to view, or allow regular site users to make changes to our database. You do not need to register an account, in which case we will not send your browser authentication related cookies. However, you will not be able to use premium app features without an account, and we cannot tie you to that account without sending you cookies.

IndexedDB

Cookies are useful for storing small amounts of data meant to be sent to a server on each network request to that server, but for storing large amounts of data, including files, Zoo Guide uses your browser's IndexedDB API. With the exception of image recognition services, when you take photos in the app, they are not uploaded to Zoo Guide's server; the files are stored directly on your device via IndexedDB. They are not visible to us or anyone else unless you share them. You can delete these photos within the app or by clearing the data out in your browser's settings. If your device is low on available storage, your photos may fail to save.

Local Storage

In order to remember your setting selections in between visits to the app or site, Zoo Guide uses your browser's local storage API. For example, remembering your preferred zoo to serve as a default selection when you want to look up the weather forecast. Without storing this information, you would have to make a selection every time you open up the app, which can be annoying.

Security

We take the following reasonable measures to protect your information and ensure the security of our website and the information you entrust to us. However, please be aware that no data transmission over the internet is completely secure.

HTTPS (Secure Connection)

Our site is served over HTTPS (HyperText Transfer Protocol Secure). You web browser allows you to verify this. Essentially what this means is that all information exchanged between your browser and our server is encrypted and cannot be easily intercepted and unencrypted by third parties. HTTPS is becoming the standard practice across the web as it protects the confidentiality and integrity of the data being transmitted. We want to emphasize the importance of never providing sensitive information, such as passwords, bank account numbers, credit card numbers or personal details, on websites served over the unsecured HTTP protocol, as this type of connection relays communications between you and that server in plain text, so it is possible for bad actors who obtain access to your network traffic to "eavesdrop" on your conversations.

Password Hashing

We do not store your password in plain text. Rather, we use a secure process called hashing. When you provide your password, it is encrypted before it is sent to our server (because of HTTPS). Once our server receives your encrypted password, it decrypts it using a secret key. We then run your password through a hashing algorithm and compare the result to the hashed password we have on file for your account and / or store the hashed result in our database. The important thing to understand is, while encrypted data can be decrypted with the correct key, when data is hashed, it cannot be recovered. You can pass another password into the same hashing function and compare the results; if the results match, you can have some confidence that the two plain text passwords passed into the hashing function match. This is similar to baking a cake; you can mix the ingredients together and bake it, but once you have the cake, there is no way to separate back out the flour, sugar, oil, etc... Hashing is an important step in password protection as it ensures that no one, not even Zoo Guide, can determine your password. Even if we or some hacker were to look up your account's entry in our database, we / they would only find a useless and incomprehensible string of characters (your hashed password, rather than your plain text password). It is very common (although highly discouraged by cybersecurity experts) for people to use the same password for multiple different websites. This can be a huge problem because even if all but one of the sites you provide your password to properly secure it, if the one which does not gets hacked, the hacker can then try that same password on any other site you have an account on, some of which could be especially sensitive, such as an online banking site.

Contact Us

If you have any further questions about our privacy policies, please send an email to info@zooguide.io and we will respond as soon as possible.