The Sturgeon ProjectThe Sturgeon Project

Privacy policy

Your data, in plain language.

Last updated: May 7, 2026

Who we are

The Sturgeon Project is a digital stewardship platform for park systems around the Great Lakes basin. This policy covers information collected through sturgeonproject.org, our partner park systems' mobile apps built on this platform, and any related services.

What we collect from visitors

  • An email address, when you create an account in a park system's mobile app.
  • Your check-ins: which stamps you've collected, when, and the approximate location at the moment of the check-in.
  • Photos you upload, only if you choose to upload them. Photos default to private (visible only to you and the park system's staff).
  • Step counts and activity data, only if you grant the app permission to read from HealthKit (iOS) or Google Fit (Android).
  • Standard analytics: which screens you visit, how long, and what device you use. Used to make the app better, not to build a profile of you for advertising.

What we don’t collect

  • We don't track your location when the app is closed. Geofencing checks happen only when the app is in use.
  • We don't sell your data. To anyone. Ever.
  • We don't use third-party advertising trackers.

Multi-tenant isolation

Each park system on the platform is a separate tenant. Your data is stored alongside data from other tenants in a single database, but it is isolated at the database layer using row-level security. Park system staff from one tenant cannot see visitor data from another tenant. Period.

Who can see your data

  • You, always: your own check-ins, photos, and rewards.
  • Park system staff (Metroparks Toledo, etc.): anonymized completion data for their tenant, plus moderation access to photos uploaded inside their tenant's app.
  • The Sturgeon Project team: only when needed for technical support, debugging, or legal compliance, and never for marketing.

Third-party services we use

  • Supabase: database, authentication, file storage. Hosted in the United States.
  • Mapbox: maps and geocoding.
  • OneSignal: push notifications, when you opt in.
  • Resend: transactional email (sign-in codes, reward confirmations).
  • PostHog: privacy-friendly product analytics.
  • Sentry: error monitoring (anonymized technical data only, no personal content).

Your rights

You can:

  • Export your data: every check-in, photo, and reward we have on you. Email support@sturgeonproject.org.
  • Delete your account and everything tied to it. Same email, same response time (within 14 days).
  • Revoke individual permissions (location, HealthKit, photo library) any time in your phone's settings.

Changes to this policy

If we change anything that materially affects how we handle your data, we'll send you an email and post a banner on the home screen of any app you've installed. The version history of this page lives in our public source repository.

Contact

Questions about this policy: hello@sturgeonproject.org.