Fallspots

Last updated 2026-05-18

Privacy & cookies

Short version: we use Google Analytics 4 with consent required, store nothing on our server, never sell your data, and you can decline cookies and still use every feature.

What we collect

Google Analytics 4 (with your consent)

If you click Accept on the cookie banner, Google Analytics 4 sets one first-party cookie (_ga) and tracks pageviews, country (approximate from IP, then discarded), device type, and browser. We use this to know which waterfall pages people actually find useful.

If you click Decline, GA4 still loads but in consent-denied mode — it sends anonymous “ping” requests without cookies and without your IP. No identifiers, no profile. You can revoke or change consent any time by clearing site data in your browser.

We have disabled Google Signals, ad personalization, and IP-based location precision in our GA4 configuration.

Local storage (no consent needed)

Two features use your browser's localStorage:

Geolocation (only with permission)

The “Find waterfalls near me” button asks your browser for your location. Your browser asks you to permit it. If you allow, we use the coordinates ONCE to find the closest waterfall in our dataset, then immediately discard them. Nothing is sent to our server. Nothing is stored.

Server logs (essential, no consent)

Our hosting provider (Cloudflare Pages) keeps standard HTTP access logs for security and abuse prevention. These contain IP addresses and user agents, kept for up to 30 days. We don't access them unless investigating an incident.

Email (only when you write us)

If you email hello@fallspots.com — for trip planning, photo submissions, corrections, etc. — we use your email address only to reply. We do not add it to any list and we do not share it.

Affiliate links

Some outbound links on Fallspots — typically to Amazon, REI, Booking.com, or GetYourGuide — are affiliate links. If you click and buy, we earn a small commission at no extra cost to you. We mark these links individually with a small (aff) tag.

We only link to gear we own and have used in the field, or to publishers we'd recommend even without a commission (REI for the co-op model, Booking when it's the closest hotel option to the trailhead). We do not write fake “best of” lists to push commissions.

Affiliate clicks are tracked by the destination site (Amazon, etc.) per their own privacy policies — we don't see the click data ourselves beyond what GA4 reports.

What we don't do

Your rights (GDPR + CCPA)

Because we store nothing about you on our side, most data-subject rights are already satisfied by your own browser controls. Specifically:

For anything else, write to hello@fallspots.com.

Children

The site is general-audience and we don't knowingly collect data from children under 13. If you believe a child has interacted with us, contact us and we'll investigate.

Changes to this policy

We'll update this page if we add or remove tracking. The “Last updated” date at the top tells you when. We don't email you about it — there's no list to email.

Contact

Email hello@fallspots.com. We read it. We're Marina and Theo Vance, the two people who run this site.


See also: Terms of service · Safety disclaimer · DMCA notice