Privacy Policy

Effective date: April 1, 2026

BasinBaron ("we," "us," or "our") operates the BasinBaron platform at basinbaron.com and map.basinbaron.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding it. By using BasinBaron, you agree to the practices described here.

1. Information We Collect

Account information. When you sign up, we collect your name and email address. These are used to create and manage your account.

Usage data. We collect information about how you use the platform — map interactions, features accessed, layer toggles, search queries, and session activity. This helps us improve the product.

User-created content. Field notes, areas of interest (AOIs), territory boundaries, and other content you create within BasinBaron are stored and associated with your account.

Payment information. Subscription payments are processed by Stripe. BasinBaron does not store your credit card number or full payment details. We receive confirmation of successful payment and your subscription status from Stripe.

Technical information. We may collect your IP address, browser type, and device information to maintain security and service reliability.

2. Government and Public Data

BasinBaron displays well, permit, pipeline, facility, and operator data sourced from public US government agencies, including the Oklahoma Corporation Commission (OCC), Texas Railroad Commission (RRC), Environmental Protection Agency (EPA), and the National Pipeline Mapping System (NPMS). This data is public record and is not user-submitted. We do not share or sell this data — it is already publicly available.

3. How We Use Your Information

• To create and maintain your account
• To provide access to the BasinBaron platform and its features
• To process payments and manage your subscription
• To send transactional emails (account confirmation, permit alerts you configure, billing receipts)
• To improve the platform based on how it is used
• To respond to support requests
• To detect and prevent fraud or abuse

We do not sell your personal information to third parties. We do not use your data for advertising.

4. Third-Party Service Providers

We share data with the following service providers only as necessary to operate the platform:

• Supabase — Authentication and database hosting. Your account credentials and user-created content are stored here.
• Stripe — Payment processing. Stripe handles all billing and stores your payment method. Stripe's privacy policy applies to payment data.
• Resend — Transactional email delivery (account emails, permit alerts).
• Vercel — Frontend hosting for basinbaron.com and map.basinbaron.com.
• Railway — API server hosting for api.basinbaron.com.
• Cloudflare — Map tile storage and CDN delivery via R2.

These providers are contractually obligated to protect your data and use it only to provide services to us.

5. Cookies and Session Storage

BasinBaron uses minimal cookies. We set a session cookie when you log in to keep you authenticated. We do not use third-party advertising or tracking cookies. Some browser storage (localStorage) is used to remember your map preferences between sessions.

On your first visit to basinbaron.com, a consent banner asks whether you agree to analytics cookies. If you click Accept, we load our privacy-focused analytics tool (PostHog) to understand how visitors use the site. If you click Decline, analytics are suppressed entirely — PostHog never loads and no analytics requests are made from your browser. Your choice is stored locally as bb_consent in your browser's localStorage; clearing site data resets the prompt.

6. Data Retention

We retain your account information and user-created content for as long as your account is active. If you cancel your subscription, your account and data are retained for 30 days before being scheduled for deletion, in case you choose to reactivate.

7. Your Rights and Data Deletion

You can request deletion of your account and all associated personal data at any time by emailing support@basinbaron.com. We will process deletion requests within 30 days. Note that we may retain certain records as required by law (e.g., billing history).

You may also request a copy of your personal data by contacting us at the same address.

8. Security

We use industry-standard security practices including encrypted connections (HTTPS), authentication tokens, and row-level security on our database. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

9. Children's Privacy

BasinBaron is intended for business use by adults. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above and notify active users by email for material changes. Continued use of BasinBaron after changes constitutes acceptance of the updated policy.