Privacy Policy

1. Who we are

TreeHaus ("we", "us", "our") operates the TreeHaus community WiFi platform, based in Iowa, USA. This policy explains what personal information we collect, how we use it, and your rights.

Our contact for privacy matters: [email protected].

2. Information we collect

Account information: When you create an account we collect your email address and a hashed (encrypted) version of your password. We never store your password in plain text.

Network usage: When you connect to a TreeHaus WiFi network we record your device's MAC address, the venue location, and the time and duration of your session. This is necessary to authorise your device and manage network access.

Community content: Posts, comments, and other content you submit to Circles, Events, or Bulletins are stored and displayed to other members of that community.

Billing information: If you subscribe to a paid plan, payment is processed by Stripe. We receive a subscription status and customer ID but do not store your card details.

Technical logs: Our servers automatically log request metadata (timestamps, response codes, error messages) for operational and security purposes. These logs do not include the content of your browsing.

3. How we use your information

• To authenticate you and authorise your device on the WiFi network
• To manage your membership, process payments, and send billing-related emails
• To display community content you have posted to other members
• To detect and prevent abuse, fraud, or violations of our Terms of Service
• To improve the reliability and performance of our platform
• To comply with legal obligations

We do not sell your personal information. We do not use it for advertising.

4. Who we share it with

We share personal information only with the following third parties, and only to the extent necessary:

• Stripe — payment processing for paid subscriptions
• Cloudflare — hosting, CDN, and database infrastructure
• Venue operators — we share session logs (time, duration, MAC address) with venue operators whose networks you use, for network management purposes

We may disclose information to law enforcement or regulators if required by law or to protect the rights and safety of users or the public.

5. Data retention

Account information is retained for as long as your account is active, plus 12 months after deletion. WiFi session logs are retained for 90 days. Community content you have posted is retained until you delete it or we remove it.

6. Security

Passwords are hashed using PBKDF2 with a unique salt before storage — we cannot recover your password. All data is transmitted over encrypted HTTPS connections. We apply reasonable technical and organisational measures to protect your information, though no system is completely secure.

7. Your rights

You have the right to:

• Request access to personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated personal data
• Opt out of any future marketing communications

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Cookies

The captive portal does not use tracking cookies. We use session-level browser storage only to manage your sign-in state during a portal session.

9. Changes to this policy

We may update this policy from time to time. We will notify you by email or via a notice on the platform before changes take effect.

---