Legal

Privacy Policy

Effective July 3, 2026

This Privacy Policy explains what information MAP Equine (“we,” “us”) collects through the MAP Equine platform at mapequine.com (the “Platform”), how we use it, and the choices you have. It applies to barn owners and staff, to the clients of subscribing barns who use the client portal, and to visitors of our public pages. Capitalized terms not defined here have the meanings given in our Terms of Service.

1.Information we collect

  • Account information. Name, email address, password (stored only as a salted hash), role, and the barn workspace you belong to.
  • Barn operations records. The working records a barn keeps in its workspace: horse profiles and care histories, boarding and stall assignments, feed and medication schedules, lesson bookings, staff schedules, invoices and ledgers, signed documents, and related notes. These are entered by the barn and its clients, not gathered by us.
  • Media. Photos, video, and documents uploaded to a barn’s workspace.
  • Payment information. Subscription and invoice payments are processed by Stripe. Card numbers are handled entirely by Stripe and are never stored on our servers — we retain only non-sensitive references such as payment status, the card brand, and its last four digits.
  • Usage and log data. Sign-in events, actions recorded in the audit log (who changed what, and when), IP addresses, and basic device information — collected for security, support, and reliability.

2.How we use information

We use the information above to:

  • provide, operate, and maintain the Platform;
  • authenticate users and enforce roles, permissions, and tenant boundaries;
  • process subscription billing and, through Stripe, a barn’s client payments;
  • send transactional messages — booking confirmations, invoices, invitations, care reminders, and security notices;
  • provide support, including consulting-led onboarding and reviews of how a barn is using the system;
  • maintain audit trails, prevent abuse, and keep the Platform secure;
  • comply with legal obligations.

We do not use barn operations records or media for advertising, and we do not build advertising profiles of our users.

3.Cookies

The Platform uses a single session cookie to keep you signed in. It is httpOnly (inaccessible to scripts in the browser), marked secure in production, and expires automatically. We do not use advertising cookies, third-party analytics cookies, or cross-site tracking. If you disable cookies, you will not be able to sign in.

4.How information is shared

We do not sell personal information. We share it only with:

  • Stripe, to process payments and manage subscriptions;
  • our transactional email provider, to deliver the messages described above;
  • within your barn’s workspace, according to the roles and sharing settings the barn controls — for example, a client sees the records the barn shares about their own horses;
  • professional advisors or authorities, where required by law, to enforce our Terms, or to protect the rights, safety, or property of MAP Equine, our users, or others;
  • a successor, in connection with a merger, acquisition, or sale of assets — in which case this Policy continues to apply to the transferred information.

5.Tenant data isolation

The Platform is multi-tenant: each barn’s workspace is strictly separated. Every tenant-scoped record and file is bound to its barn, queries are constrained to the barn identified by the user’s session, and uploaded files are stored under per-barn prefixes. One barn cannot see another barn’s data, and clients see only the records their barn shares with them.

6.Retention and deletion

We retain information for as long as the barn’s subscription is active, because the records are the barn’s working books. If a subscription lapses, data is preserved in a read-only state — we do not delete data for non-payment. After a barn cancels or its account is terminated, the barn has a 30-day window to export its data, after which we may delete it from active systems; residual copies age out of backups on our normal backup rotation. Audit and security logs may be retained longer where necessary for security or legal compliance.

7.Your rights and choices

Because barns control the workspaces in which most personal information lives, requests to access, export, correct, or delete records within a barn’s workspace should be directed to that barn’s owner, who can act on them directly in the Platform (or ask us for help). For your own account information, or where a barn is unresponsive, contact us at [email protected] and we will assist, subject to the barn’s role as the controller of its operational records and to any legal retention duties.

Transactional emails are part of operating the service; we do not send marketing email to portal clients.

8.Children

The Platform is not directed at children under 13, and we do not knowingly collect personal information from them. Records about minor students (for example, a lesson booking made by a parent) are entered and controlled by the barn and the responsible adult. If you believe a child under 13 has created an account, contact us and we will remove it.

9.Security

Measures we maintain include:

  • encryption of data in transit (HTTPS/TLS);
  • passwords stored only as salted bcrypt hashes;
  • short-lived, signed session tokens in httpOnly cookies;
  • role-based permissions enforced on every request, with tenant scoping applied at the query layer;
  • audit logging of every write;
  • card data confined entirely to Stripe’s PCI-compliant systems;
  • routine backups.

No system is perfectly secure, but we treat your barn’s books with the care we would want for our own.

10.Breach notification

If we become aware of a breach of security affecting your personal information, we will notify affected barns and users without undue delay — and within any timeframe required by applicable law — describing what happened, what information was involved, and the steps we are taking.

11.Changes to this Policy

We may update this Policy from time to time. For material changes, we will give notice by email or within the Platform before the changes take effect. The effective date above always reflects the current version.

12.Contact

Privacy questions and requests may be directed to [email protected].

See also our Terms of Service.