Privacy Policy

Mountain Pros – Privacy Policy

Last updated: 28 Aug 2025

Important Note This Privacy Policy explains how Mountain Pros (“MP,” “we,” “us,” or “our”) collects, uses, shares, and safeguards your personal information. It also describes your rights and choices. By accessing or using the Platform you agree to this Policy. If you do not agree, please do not use Mountain Pros.

⸻

1. Scope

This Policy applies to all visitors, Students, Instructors, Resort Partners, and any other users of the Mountain Pros website, progressive-web app, or related services (collectively, the “Platform”).

⸻

2. Information We Collect

Category Examples Collected From Account Data Name, email, password, profile photo You Identity & Certification Data Government ID, instructor credentials, first-aid certificates Instructors Lesson Data Booking details, chat messages, waivers, reviews You / Auto-generated Payment Data Last four digits of card, payout account, transaction IDs (via Stripe) Stripe Connect Device & Usage Data IP address, browser type, language, referring URL, pages viewed, time spent Cookies / Analytics Location Data Resort selected, meeting pin, coarse geolocation (e.g., city) You / Device Marketing Data Preferences, survey responses, referral codes You

We do not store full payment-card numbers; these are handled by Stripe.

⸻

3. How We Use Your Information
   1. Account creation & authentication
   2. Lesson facilitation – Matching Students and Instructors, processing payments, and sending confirmations
   3. Communication – In-app messages, booking notifications, service updates
   4. Safety & verification – ID checks, certification validation, insurance eligibility
   5. Compliance & legal obligations – Tax, accounting, dispute resolution
   6. Marketing – Newsletters, promotions, referral programs (you may opt out at any time)
   7. Analytics & improvements – Understand Platform usage to enhance features and security

⸻

4. Legal Bases (GDPR)

We process personal data under one or more of the following bases: • Contractual necessity – To deliver the services you request • Legitimate interests – Fraud prevention, network security, product improvement • Consent – Marketing emails, optional cookies • Legal obligation – Financial record-keeping, law-enforcement requests

⸻

5. Sharing & Disclosure

Recipient Purpose Safeguards Stripe Connect Payment processing & payouts PCI-DSS compliance Resort Partners Daily manifests (student & instructor names, lesson time) Share only required lesson info Insurance Providers Policy issuance & claims Contractual confidentiality Service Vendors Cloud hosting, analytics, communication tools Data-processing agreements Law Enforcement / Regulators Compliance with legal requests Verified, lawful requests only Business Transfers Merger, acquisition, restructuring Notice provided before transfer

We never sell your personal information for monetary compensation.

⸻

6. International Data Transfers

We are headquartered in Canada but use cloud infrastructure that may be located in other countries. Where required, we rely on standard contractual clauses (SCCs) or equivalent safeguards for cross-border transfers.

⸻

7. Cookies & Similar Technologies

Type Purpose Control Essential Site login, security, booking flow Cannot be disabled Analytics Understand usage, improve performance Opt-out via cookie banner Marketing Remember preferences, deliver promotions Opt-out via cookie banner & email links

⸻

8. Data Retention

Data Type Retention Period Account info Until you delete your account + 6 months (audit) Booking & payment records 7 years (tax & compliance) Messages & reviews While account is active or as required by law Backup logs 30 days

⸻

9. Security Measures • Encryption in transit (TLS 1.2 +) and at rest (AES-256) • Role-based access controls & MFA for admin accounts • Annual penetration testing & continuous monitoring • Incident-response plan aligned with ISO 27001/27701 principles

⸻

10. Your Rights

Region Rights GDPR (EU/EEA) Access, rectification, erasure, restriction, portability, objection CCPA/CPRA (California) Know, delete, correct, opt-out of “sale,” limit sensitive data PIPEDA (Canada) Access, correction, withdraw consent

Exercise Your Rights: Email privacy@mtnpros.com or use Account > Privacy Dashboard. We respond within 30 days (GDPR) / 45 days (CCPA).

⸻

11. Children’s Privacy

Mountain Pros is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from minors without parental consent.

⸻

12. Third-Party Links

Our Platform may link to external sites (e.g., resort pages). We are not responsible for their privacy practices. Review those policies separately.

⸻

13. Changes to This Policy

We may update this Policy from time to time. We will post the new version and notify users via email or in-app banner if material changes occur. Continued use constitutes acceptance.

⸻

14. Contact Us

If you have questions, concerns, or complaints: • Email: privacy@mtnpros.com • Postal: Mountain Pros Privacy Team 206-145 Renfrew Dr, Markham, ON L3R 9R6, Canada

You may also lodge a complaint with your local data-protection authority.

⸻

By using Mountain Pros, you acknowledge that you have read, understood, and agree to this Privacy Policy.