Privacy Policy

1. Introduction

FindYourFivePM is committed to protecting your privacy. This Privacy Policy explains our minimal data collection practices and how we handle your information.

2. Data Controller

The data controller responsible for your personal data is:

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us at the email address above.

3. Data We Collect

3.1 Analytics Data (Anonymized - No Consent Required)

We use CompactSaaS Analytics, a privacy-focused service that:

• ✅ Does NOT use cookies
• ✅ Does NOT collect personal data
• ✅ Anonymizes all visitor data
• ✅ Does NOT track users across websites

CompactSaaS collects only anonymized information:

• Page views (which pages you visit)
• Referrer (where you came from)
• Browser type and version
• Device type and screen size
• Country-level location (IP address anonymized immediately)

Learn more: CompactSaaS Privacy Policy

3.2 Browser Storage (Essential - No Consent Required)

We store minimal preferences in your browser to enhance your experience:

localStorage (Persistent)

• mapStyle - Your map preference (Standard or Hybrid view)
• fyf5pm_privacy_notice_dismissed - Whether you've dismissed the privacy notice

sessionStorage (Temporary - Deleted When Browser Closes)

• fyf5pm_tour_completed - Tour completion status
• fyf5pm_tour_skipped - Tour skip status
• rikiteaMessageShown - Special Easter egg message status

How to clear browser storage: You can clear all stored preferences at any time through your browser settings:

• Chrome: Settings → Privacy and security → Clear browsing data → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data → Clear Data
• Safari: Preferences → Privacy → Manage Website Data → Remove All
• Edge: Settings → Privacy, search, and services → Clear browsing data

3.3 Server Logs (Operational - Legitimate Interest)

Our servers automatically log technical information for security and operational purposes:

• IP address (anonymized after 7 days)
• Request timestamp
• Requested URL
• HTTP status code
• User agent string (browser information)

Legal basis: Legitimate interest for security monitoring, service operation, and debugging.

3.4 Data We Do NOT Collect

We are committed to data minimization. We do NOT collect:

• ❌ Names, email addresses, or contact information (unless you contact us)
• ❌ User accounts or login credentials
• ❌ Payment information
• ❌ Precise geolocation data
• ❌ Social media profiles
• ❌ Tracking cookies or advertising cookies
• ❌ Cross-site tracking data
• ❌ Behavioral profiles

4. Third-Party Services

We use the following third-party services to provide and improve our service:

4.1 CompactSaaS Analytics

4.2 Amazon Web Services (AWS)

4.3 GeoNames

4.4 Wikipedia

5. Data Retention

We retain different types of data for varying periods based on their purpose:

After the retention period expires, data is automatically deleted or anonymized beyond recovery.

6. Your Rights

You have the following rights regarding your data:

6.1 Right to Access

You can request a copy of any data we hold about you. Given our minimal data collection, this typically includes only server logs (if within retention period).

6.2 Right to Deletion

You can request deletion of your data. You can immediately:

• Clear browser storage through your browser settings (see Section 3.2)
• Request deletion of server logs by contacting us

Note: CompactSaaS Analytics data is already anonymized and cannot be linked back to you.

6.3 Right to Object

You can opt out of analytics tracking by:

• Using browser privacy features to block analytics
• Clearing browser storage to remove preferences
• Contacting us to request server log deletion

How to Exercise Your Rights

7. International Data Transfers

Our service uses AWS infrastructure across multiple regions worldwide. Your data may be processed in the following AWS regions:

7.1 AWS Regions

• United States: us-east-1 (N. Virginia), us-east-2 (Ohio), us-west-2 (Oregon)
• European Union: eu-central-1 (Frankfurt), eu-west-1 (Ireland), eu-west-2 (London), eu-south-2 (Spain), eu-north-1 (Stockholm)
• Asia Pacific: ap-south-1 (Mumbai), ap-southeast-1 (Singapore), ap-southeast-2 (Sydney), ap-southeast-5 (Malaysia), ap-northeast-1 (Tokyo)
• Canada: ca-central-1 (Montreal)
• South America: sa-east-1 (São Paulo)

7.2 Data Transfer Safeguards

For international data transfers, we rely on:

• AWS Standard Contractual Clauses (SCCs): AWS has implemented EU-approved Standard Contractual Clauses for international data transfers.
• Data Minimization: We minimize data collection to reduce transfer risks.

7.3 CompactSaaS Analytics Data Location

CompactSaaS Analytics processes anonymized data in their cloud infrastructure. Since all data is anonymized and contains no personal information, transfer restrictions do not apply.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

8.1 Technical Measures

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS 1.2 or higher.
• Encryption at Rest: Data stored in AWS services (S3, DynamoDB) is encrypted using AWS-managed encryption keys.
• Access Controls: Strict access controls limit who can access production systems and data.
• Security Monitoring: CloudWatch and CloudTrail monitor for security events and unauthorized access attempts.
• Regular Updates: We keep all systems and dependencies up to date with security patches.

8.2 Organizational Measures

• Data Minimization: We collect only the minimum data necessary to provide our service.
• Privacy by Design: Privacy considerations are built into our architecture from the ground up.
• Incident Response: We have procedures in place to detect, respond to, and report data breaches (see Section 8.3).
• Vendor Management: We carefully select third-party services that respect user privacy.

8.3 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

• We will notify the relevant authorities promptly.
• If the breach poses a high risk, we will notify affected individuals without undue delay.
• We maintain records of all data breaches including facts, effects, and remedial actions taken.

Note: Given our minimal data collection and anonymization practices, the risk of a meaningful data breach affecting individuals is extremely low.

9. Children's Privacy

Our service is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at will@123cloud.st. We will promptly delete such information from our systems.

We do not use age verification mechanisms because:

• Our service is not targeted at children
• We do not collect personal data that would require age verification
• Age verification itself would require collecting more personal data

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Increment the version number
• Display a notice on our website for 30 days
• For material changes affecting your rights, we may use additional notification methods

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your privacy.

11. Contact Us

If you have any questions about this Privacy Policy, want to exercise your data protection rights, or have concerns about how we handle your data, please contact us:

When contacting us about data protection matters, please include:

• Your name and contact information
• A clear description of your request or concern
• Any relevant details that will help us respond effectively