MUSHROOM SPOT
Privacy Policy
Last updated: October 9, 2025
We are committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, share and protect the information collected through the Mushroom Spot app (“App”), mushroomspot.io and share.mushroomspot.io websites (“Websites”) (altogether, the “Services”).
In this Privacy Policy, "we,” "us," and "our" refer to FOREST SPOT LLC.
This Privacy Policy applies when we act as the data controller of the Personal Data of natural persons who use the Services (“you” or “your”); in other words, where we determine the purposes and means of the processing of that Personal Information.
Our Terms of Service are incorporated into this Privacy Policy whenever applicable. Any capitalized word used but not defined in this Privacy Policy have meanings as provided in the Terms of Service. Together, they form a binding agreement between you and us.
​
PLEASE READ THIS PRIVACY POLICY CAREFULLY because it affects your rights under the law. By accessing or using the Services, you confirm that you have read and agreed to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you cannot use, access, create content or publish in the Services.
1. PERSONAL DATA
1.1. “Personal Data” means any information relating to an identified or identifiable natural person. We collect your Personal Data in the course of providing the Services to you. Depending on your use of the Services, you might provide us with such information as:
​
1.1.1. your name, email address, social media profile image, social media login name, and other optional information (“Account Data”);
​
1.1.2. your Apple or Google user ID, country, and other payment information (“Purchase Data”); and
​
1.1.3. information about your location.
​
1.2. We never collect sensitive personal information.
2. USE OF PERSONAL DATA
2.1. Provide the Services. We use your Personal Data to provide and deliver the Services and process transactions related to the Services, including Account creation, subscriptions, and payments. The legal basis for this processing is contractual necessity.
2.2. Measure, Support, and Improve the Services. We use your Personal Data to measure use of, analyse performance of, fix errors in, provide support for, improve, and develop the Services. The legal bases for this processing are contractual necessity and our legitimate interests.
2.3. Recommendations and Personalization. We use your Personal Data to recommend the Services that might be of interest to you, identify your preferences, and personalize your experience with the Services. The legal bases for this processing are your consent and our legitimate interests.
2.4. Communicate with You. We use your Personal Data to communicate with you in relation to the Services via different channels (e.g., by phone, email, chat) and to respond to your requests. The legal bases for this processing are your consent and our legitimate interests.
2.5. Marketing. We use your Personal Data to market and promote the Services. The legal bases for this processing are consent and our legitimate interests (where we do not need your consent).
2.6. Comply with Legal Obligations. In certain cases, we have a legal obligation to collect, use, and/or retain your Personal Data.
2.7. With Your Consent. We may also ask for your consent to use your Personal Data for a specific purpose that we communicate to you. When you consent to our processing your Personal Data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.
2.8. We never sell your Personal Data. We never share your Personal Data with third-parties for their marketing purposes, unless you consent thereto. The list of third parties to whom we may disclose to and/or share your Personal Data with is available on request.
2.9. Should we need to process your Personal Data for a new purpose entirely unrelated to the above, we will inform you of such processing in advance and you may exercise your applicable rights in relation to such processing. Please note that without certain Personal Data, we may not be able to provide some or all of the Services or even to guarantee the full features of the Services.
3. NON-PERSONAL DATA
3.1. “Non-Personal Data” includes information that does not personally identify you, but may include tracking and usage information about your location, demographics, use of the Services and the internet. When you interact with the Services, we may collect Non-Personal Data and our servers may automatically keep an activity log of your use of the Services. Generally, we collect and store the following Non-Personal Data:
​
3.1.1. Device information about your computer, mobile device, or other device that you use to access the Services. This information may include IP address, geolocation information (city-level), unique device identifiers, browser type, browser language, and other transactional information;
​
3.1.2. Usage information about your use of the Services. This information includes a reading history of the pages you view;
​
3.1.3. Additional “traffic information” such as time of access, date of access, software crash reports, session identification number, access times, and referring site addresses;
​
3.1.4. Your search terms and search results;
​
3.1.5. Other non-personal information regarding your use of the Services.
3.2. Use of Non-Personal Data. We may disclose or share Non-Personal Data (or other information, other than Personal Data) in any other manner that we deem appropriate or necessary. Among other things, we will disclose Non-Personal Data to third parties to help us determine how users use parts of the Services and who our users are so we can improve the Services. We will also disclose Non-Personal Data to our partners and other third parties about how our users collectively use the Services.
4. LEGAL BASES FOR DATA PROCESSING
4.1. Account Data. We process your Account Data to authenticate your Account, provide the Services to you, personalise the Services for you, and communicate with you. We also collect Account Data to safely store your user data in our servers, so that it is always accessible to you, even when changing a device. We also use your Account Data to display your public User Content to others, where you will be mentioned as an author of that User Content. The legal basis for this processing is performance of a contract between you and us.
4.2. User Content Data. We process information in the User Content that you post on the Services ("User Content Data") to enable the core App features and display your User Content on the App. The legal basis for this processing is the performance of a contract between you and us.
4.3. User Support Data. We process information contained in any email, enquiry, communication, or feedback and any attachments therein that you submit to us ("User Support Data") to provide the support you requested, manage our relationships with you, communicate with you, and keep records of those communications. The legal basis for this processing is our legitimate interests, specifically the proper management of our customer relationships.
4.4. Mushroom Spot Mapping and Identification Data. We process the mushroom spot and identification data that you submit to the App to generate outputs and be displayed on the Services. The legal basis for this processing is the performance of a contract between you and us.
4.5. Mushroom Private Spot Data. We use Private Spot data only for internal analytics, research and development purposes, and to improve the Services. Your Private Spots data are not visible to other users of the App nor disclosed to third parties, unless you make them public or explicitly share them with others. The legal basis for this processing is the performance of a contract between you and us.
4.6. Crash Reporting Data. We process limited technical data such as call stacks, error messages, performance matrix, device data, location data (such as IP-based location), to detect, diagnose, debug, and fix crashes and stability issues on the Services. The legal basis for this processing is our legitimate interests, specifically the maintenance of a secure and reliable service.
4.7. Websites and App Analytics Data. We process Non-Personal Data and other analytics data to understand how the Services is used, measure performance, diagnose navigation issues, and prioritize improvements on the Services. The Services use Google Analytics / Firebase Analytics and Microsoft Clarity for usage measurement and session diagnostics. The legal basis for this processing is your consent.
4.8. Marketing and Advertising Data. We process marketing and advertising data for ad personalisation, frequency capping, campaign measurement, interest-based advertisements, and marketing purposes. The legal basis for this processing is your consent.
4.9. Purchase Data. We process and retain limited metadata of your Purchase Data to manage your Subscriptions, and comply with tax, accounting, and statutory audit requirements. This processing is necessary to meet our legal obligations under applicable financial-recordkeeping laws.
5. SHARING OF PERSONAL DATA
5.1. Our Affiliates. We share Personal Data as described in this Privacy Policy and with our affiliates that we control that are either subject to this Privacy Policy or follow practices at least as protective as those described in this Privacy Policy.
5.2. Third-Party Service Providers. We employ other companies and individuals to perform functions on our behalf. Examples include, cloud storage, sending communications, analysing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management, and providing training. These third-party service providers have access to Personal Data needed to perform their functions, but may not use it for other purposes. Further, they must process that information in accordance with this Privacy Policy and as permitted by applicable data protection law.
5.3. Business Transfers. We might sell or buy businesses and/or the Services. In such transactions, Personal Data generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the individual consents otherwise).
5.4. Our and Others’ Protection. We release Account Data and other Personal Data when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or our security, our customers, or of others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
5.5. With Your Consent. Other than as set out above, you will receive notice when Personal Data about you might be shared with third parties, and you will have an opportunity to choose not to share the information.
6. MARKETING COMMUNICATIONS; OPTING OUT
6.1. We only send mail, messages and other communications relating to marketing where we are authorized to do so by law. In most cases, we rely on your consent to do so (especially where we use electronic communications). If, at any time, you no longer wish to receive direct marketing communications from us, you can exercise this right by clicking the “unsubscribe” or “opt-out” link in the marketing emails we send you, or contacting us, or updating your preferences on your Account and/or in our Services.
6.2. Even if you withdraw any consent, you may have given us or if you object to receiving such direct marketing material from us (in those cases where we do not need your consent), we may still need to send you administration and transactional communications from which you cannot opt-out.
7. INTEREST-BASED ADVERTISING; OPTING OUT
7.1. To help ensure that you receive ads on the Services that are relevant to your interests, our advertisers’ services, and elsewhere on the Internet, we and third parties (including service providers, advertisers, and advertising companies) may collect information about your online activities over time and across different sites, apps, and devices. We and third parties may use that information to help understand audience segments. Advertisers may use the segments to determine the audience groups to which they wish to deliver particular ads. Through this process, we do not use information that directly identifies you.
7.2. Opt-Out. You can opt out of receiving interest-based advertising on your computer or device from some companies, including us and our service providers. If you wish to opt out of receiving interest-based advertising on your mobile device, please see the advertising preferences information on support.apple.com for iOS devices or support.google.com for Android devices. Opting out does not mean you will no longer receive advertising. It means that the company or companies from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.
8. MOBILE PERMISSIONS
8.1. Permissions. The Services requests only for the mobile permissions needed to deliver the features that you choose to use. It will ask for your consent before accessing a permission, and you may withdraw consent at any time without affecting core app functionalities (other than the specific feature).
8.2. Image Features. You may capture or upload images for in-App features that you choose to use (e.g., posting a spot or mushroom identification). The Services may access the camera or photo-library of your device only when you allow access. The App does not scan your entire photo library, and only the images you select are uploaded and processed by the App.
8.3. Location. If you allow it, the App will use your device location to show your position on the map and to attach coordinates you choose to save with a mushroom spot. The location is used to render the map and, if you submit a spot, to store the coordinates you confirm. The App can access location data only while the map or a location picker is in use, but it does not collect or store your movement history.
8.4. Notifications. The App pushes notifications to deliver service messages you request or reasonably expect (e.g., account/security alerts, replies to your posts, subscription, or payment status). You can disable notifications at any time.
8.5. No Background Data Collection. The App does not collect Personal Data when the App is closed or running in the background; nor does it access the camera, microphone, photo library, or device location in the background. Any limited background activity performed by the operating system of your device (e.g., maintaining a push token) does not involve the App’s collection of data.
9. SECURITY MEASURES
9.1. Security is our highest priority. We design our systems with your security and privacy in mind. We maintain the following security measures in connection with the collection, storage, and disclosure of Personal Data, that are reviewed, tested, and improved regularly to maintain their effectiveness.
9.1.1. Encryption in Transit (TLS/SSL). All data transmitted between the Apps, Websites APIs, and backend services are protected using industry-standard Secure Sockets Layer/Transport Layer Security to mitigate interception and alteration risks.
​
9.1.2. Encryption at Rest (Vendor-Managed). Data stored with our cloud and infrastructure vendors are encrypted at rest using vendor-managed encryption. We select vendors that provide strong encryption controls, maintain appropriate certifications to implement security measures no less protective than ours.
​
9.1.3. Password Security (bcrypt). The Services hash passwords using bcrypt with per-credential salts and a strong work factor aligned with current best practice. User authentication secrets are never stored in plaintext.
​
9.1.4. Rate-Limiting and Abuse Prevention. The Services apply rate-limits and other automated controls to authentication and other sensitive endpoints to reduce credential-stuffing, scraping, and denial-of-service risks.
​
9.1.5. Access Logging and Monitoring. Security-relevant events (e.g., authentication) in the Services are logged with timestamps and identifiers. Logs are monitored for anomalies and retained for a limited period consistent with our retention schedule and legal obligations.
​
9.1.6. Data Access: Restricted Administrative Access. Production systems and raw Personal Data are accessible only to the three founders of the company and employees in administrative roles, on a least-privilege, need-to-know basis.
​
9.1.7. Incident Response Plan. We maintain a written incident response plan covering detection, triage, containment, eradication, recovery, and post-incident review. We keep records of all security incidents and breaches.
​
9.2. Please note, however, that no website or storage mechanism, including used by the Services, can guarantee 100% security, and no method of transmission or storage is completely secure. Nevertheless, we continually work to protect Personal Data through the measures above. You can report a suspected security issue using the contact details in clause 24 below.
​
10. BREACH PLAN
10.1. Scope. A “personal data breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
​
10.2. Immediate Containment. Upon suspicion or confirmation of a personal data breach, we will promptly isolate affected systems, revoke/rotate credentials; enable rate-limits and other protective controls, preserve forensic evidence (access logs, snapshots), and convene our incident team.
​
10.3. Armenia Actions.
​
10.3.1. Public Notice. Where necessary in the public interest or required by Armenian laws or regulations, we will issue a public notice in Armenia through a notification in the Services.
​
10.3.2. Police. If criminal activity is suspected, we will notify law enforcement (Police of the Republic of Armenia).
​
10.3.3. Data Protection Authority. If the breach is likely to result in risk to individuals, we will notify the competent Armenian authority without undue delay.
​
10.4. GDPR Notifications.
​
10.4.1. Supervisory Authority. If the breach is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent EU/UK supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If notification is delayed, reasons will be provided.
​
10.4.2. Data Subjects. If the breach is likely to result in a high risk to individuals, we will notify affected users without undue delay in clear, plain language, describing the nature of the breach, likely consequences, steps we have taken, recommended steps they should take, and contact details.
11. DATA TRANSFER AND INFRASTRUCTURE
11.1. FOREST SPOT LLC is located in Yerevan, Republic of Armenia, and our affiliated companies are located around the world. Depending on the scope of your interactions with the Services, your Personal Data may be stored in or accessed from multiple countries, including the Republic of Armenia, and Sweden, Germany. For the complete list of potential regions and countries where your Personal Data may be transferred to or from, please see our cloud provider’s global infrastructure list of regions and availability zones here: https://aws.amazon.com/about-aws/global-infrastructure/ and https://firebase.google.com/docs/firestore/locations.
12. RETENTION OF DATA
12.1. We keep your Personal Data to enable your continued use of the Services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Policy, as may be required by law (including for tax and accounting purposes), to establish, exercise, or defend legal claims, we may retain limited records or as otherwise communicated to you. How long we retain specific Personal Data varies depending on the purpose for its use, and we will delete your Personal Data in accordance with applicable law.
​
12.2. We retain Account Data only for as long as your Account remains active. If you delete your Account, your Account Data will be removed from production systems immediately. Encrypted disaster-recovery backups may still contain Account Data for up to eight (8) days on a rolling basis. Backups are used only for restoration in case of an incident, are not accessed for routine processing, and are automatically purged or overwritten after the 8-day cycle.
​
12.3. We retain Purchase Data only for the period mandated by applicable accounting/tax laws and to the extent necessary to establish, exercise, or defend legal claims. After that period, Purchase Data records are deleted or irreversibly anonymized.
​
12.4. We retain User Content Data until you delete the specific User Content from the Services or you delete your Account.
​
12.5. We retain Analytics Data only for as long as necessary for usage measurement and improvement of the Services.
​
12.5.1. Google Analytics / Firebase Analytics data are maintained for up to 26 months, then deleted or aggregated/anonymized by the provider’s lifecycle controls.
​
12.5.2. Microsoft Clarity session data (with sensitive fields masked) are retained for up to 12 months, then deleted or aggregated/anonymized per provider policy.
​
12.6. We retain Crash Reporting Data for up to ninety (90) days from collection, solely to detect, diagnose, and prevent crashes in the Services.
​
12.7. We retain Support Communications Data permanently by default to preserve a service history and ensure consistent, identify repeat issues, defend, or resolve disputes, and improve support quality and safety.
13. DE-IDENTIFICATION OF PERSONAL DATA
13.1. When allowed by applicable law, we will take reasonable steps to de-identify and store your Personal Data after the retention period. We may use de-identified data in some instances. We maintain such data without attempting to re-identify it. We may also retain minimal, anonymised, or aggregated statistics derived from other data, as they are no longer personal data.
14. YOUR RIGHTS
14.1. Subject to applicable laws, the following are your rights pertaining to your Personal Data:
14.1.1. Right to Access. You have the right to ask whether we hold Personal Data about you and request copies of such Personal Data and information about how it is processed.
​
14.1.2 Right to Correct. You have the right to request that inaccurate Personal Data that we hold about you be corrected.
​
14.1.3. Right to Delete. You have the right to request deletion of your Personal Data that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements.
​
14.1.4. Right to Restrict. You have the right to request us to restrict the processing of your Personal Data where the processing is inappropriate.
​
14.1.5. Right to Object. You have the right to object to the processing of your Personal Data.
​
14.1.6. Right to Data Portability. You have the right to request portability of your Personal Data that you have provided to us (which does not include information derived from the collected information), where the processing of such Personal Data is based on consent or a contract with you and is carried out by automated means.
​
14.1.7. Right to Withdraw Consent. To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
​
14.1.8. Right to Complain to a Supervisory Authority. If you consider that our processing of your Personal Data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
​
14.2. If you want to exercise any of your rights, please contact us or email us at support@mushroomspot.io. We will reply to you within three (3) working days from our receipt of your communication, and complete the resolution within thirty (30) days. In some particular cases (for example, if the matter is particularly complex or if you send us multiple requests), it may take us longer than a month. In such cases, we will notify you accordingly and keep you updated.
​
14.3. If you are not satisfied with the outcome of your request, or if you are concerned about a potential violation, you also have the option to report the issue or make a complaint to the data protection authority in your jurisdiction. We will not discriminate against any data subject for exercising their rights.
15. SUB-PROCESSORS
15.1. We engage the third-party processors below to support delivery of the Services. Each processor is bound by a written DPA meeting GDPR Article 28 requirements, including confidentiality, security, assistance with data subject rights, breach notification, and restrictions on onward transfers. Where processing involves a third country, we implement a valid transfer mechanism under GDPR Chapter V (e.g., Standard Contractual Clauses (SCCs) and documented transfer risk assessments). We review these providers periodically.
​
Processor: Google Firebase
Service / Role: Authentication, Cloud messaging, Functions, Crash Reporting
Purpose: Authentication, Push notifications, Backend logic, Reliability
DPA: cloud.google.com/terms/data-processing-terms
​
Processor: Amazon Web Services (AWS)
Service / Role: Object storage (e.g., S3), Serverless compute
Purpose: Store and process user-submitted images and related assets
DPA: d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
​
Processor: MongoDB Atlas
Service / Role: Managed database
Purpose: Application data persistence
DPA: mongodb.com/legal/dpa
​
Processor: Wix
Service / Role: Marketing website & web forms
Purpose: Host website pages and receive contact/lead forms
DPA: wix.com/about/privacy-dpa
​
Processor: Microsoft (Clarity / Bing)
Service / Role: Product analytics (Clarity), Search/traffic insights (Bing)
Purpose: Understand visits to the marketing site and improve UX
DPA: privacy.microsoft.com
​
Processor: RevenueCat
Service / Role: Subscription and purchase management
Purpose: Manage in-App purchases, subscriptions, and receipts
DPA: revenuecat.com/dpa
​
Processor: Mapbox
Service / Role: Maps, tiles, geocoding
Purpose: Render maps and location features you opt to use
DPA: mapbox.com/legal/dpa
​
Processor: Kindwise.id
Service / Role: Image analysis (AI)
Purpose: Perform mushroom-identification on images you choose to submit
DPA: FlowerChecker ToC Art 20 (GDPR 28 statement)
​
16. COOKIE POLICY
16.1. Cookies. The Services use “cookies”, an element of data (usually, a very small file) that a website or app can send to your browser, which may then store it on your computer or device. These cookies allow us to correctly operate the Services and/or to provide you with pages or content that are tailored for you. This information can, in some cases, be carried from one visit of our Services (or related site) to the next (for example, to help you avoid having to re-enter certain information when you visit the same page later. Some of these cookies require your consent (as explained below).
​
16.2. Essential Cookies are strictly necessary to ensure that the Services function as designed and expected. Cookies used for the sole purpose of carrying out or facilitating the transmission of a communication will also be considered as essential cookies. We do not require your consent to use essential cookies, but you may still block or delete them.
​
16.3. Non-Essential Cookies are not required for the essential functioning of the Services, although they may greatly enhance your user experience. We shall only place non-essential cookies on your computer or mobile device with your consent through a pop-up during the first time you visit it and possibly subsequently (if necessary) or other similarly effective mechanism.
​
16.4. Analytics Cookies allow us to collect information, such as the most used pages or error messages, to understand how you use the Services and enable us to create a better user experience.
​
16.5. Marketing Cookies are third-party cookies that track user behaviour and online activities to enable them to tailor their advertising for you. The cookies are placed by our advertisers with our permission.
​
16.6. Third Party Cookies. Approved third parties may also set cookies when you interact with the Services. These third parties use cookies in the process of delivering content and to perform services on our behalf.
16.7. Cookies We Use. The Services use the following Cookies:
Essential Cookies:
COOKIE: svSession
PROVIDER: Wix
PURPOSE: Visitor ID / Sessions
EXPIRY: 2 years
​
COOKIE: bSession
PROVIDER: Wix
PURPOSE: Performance and Measurement
EXPIRY: 30 minutes
​
COOKIE: server-session-bind
PROVIDER: Wix
PURPOSE: Session stickiness
EXPIRY: Session
​
COOKIE: XSRF-TOKEN
PROVIDER: Wix
PURPOSE: CSRF security
EXPIRY: Session
​
COOKIE: hs
PROVIDER: Wix
PURPOSE: Security flag
EXPIRY: Session
​
COOKIE: ssr-caching
PROVIDER: Wix
PURPOSE: Caching status
EXPIRY: 1 minute
​
COOKIE: consent-policy
PROVIDER: Wix
PURPOSE: Stores cookie preferences
EXPIRY: 2 years
​​
Analytics Cookies:
​
COOKIE: _ga, ga***
PROVIDER: Google Analytics
PURPOSE: Distinguish users, session stats
EXPIRY: 2 years
​
COOKIE: _clck
PROVIDER: Microsoft Clarity
PURPOSE: Persistent visitor ID
EXPIRY: 1 year
​
COOKIE: _clsk
PROVIDER: Microsoft Clarity
PURPOSE: Session stitching
EXPIRY: 1 day
​
COOKIE: CLID
PROVIDER: Microsoft Clarity
PURPOSE: Visitor ID for heatmaps
EXPIRY: 1 year
​
COOKIE: MUID (clarity.ms)
PROVIDER: Microsoft Clarity
PURPOSE: Universal MS user ID
EXPIRY: 2 years
​
COOKIE: ANONCHK
PROVIDER: Clarity
PURPOSE: Indicates anonymized session
EXPIRY: 10 minutes
​
COOKIE: MR (bing.com/clarity.ms)
PROVIDER: Clarity
PURPOSE: Refresh/retain MUID
EXPIRY: 1 week
​
COOKIE: SM
PROVIDER: Clarity
PURPOSE: Session flag
EXPIRY: Session
​​
Marketing Cookies:
​
COOKIE: MUID (bing.com)
PROVIDER: Microsoft Bing
PURPOSE: Cross-site ad ID
EXPIRY: 2 years
​
COOKIE: SRM_B / SRM_I / SRM_M
PROVIDER: Bing
PURPOSE: Remarketing / campaign data
EXPIRY: 18 months
​
COOKIE: ACLUSR
PROVIDER: Bing
PURPOSE: User activity tracking
EXPIRY: 6 months
​
COOKIE: BFB, BFBFB, BFBUSR
PROVIDER: Bing
PURPOSE: User preferences/ads
EXPIRY: 1 year
​
COOKIE: CSRFCookie
PROVIDER: Bing
PURPOSE: Security for ad services
EXPIRY: Session
​
COOKIE: dsc
PROVIDER: Bing
PURPOSE: Display settings
EXPIRY: Session
​
COOKIE: ipv6
PROVIDER: Bing
PURPOSE: Network tracking
EXPIRY: Session
​
COOKIE: KievRPSSecAuth
PROVIDER: Bing
PURPOSE: Auth for MS services
EXPIRY: 1 year
​
COOKIE: NAP
PROVIDER: Bing
PURPOSE: Ad performance metrics
EXPIRY: 1 year
​
COOKIE: PPLState
PROVIDER: Bing
PURPOSE: Consent state
EXPIRY: 1 year
​
COOKIE: SRCHUSR, SRCHHPGUSR
PROVIDER: Bing
PURPOSE: Search personalization
EXPIRY: 1 year
​
COOKIE: WLS
PROVIDER: Bing
PURPOSE: Web location services
EXPIRY: Session
16.8. Managing Cookies. You can manage cookies through your browser and device settings. The 'help' feature on most browsers and devices will tell you how to remove cookies, prevent your browser or device from accepting new cookies, notify you when you receive a new cookie, disable cookies, and when cookies will expire. If you block cookies, you will not be able to use all the features on the Services.
17. LINKS TO OR FROM OTHER PLATFORMS
17.1. The Services may contain links to other websites, apps, and other platforms operated by our affiliates or third parties. These companies may collect information about you when you interact with their content or services. Please be aware that we do not control and are not responsible for their information collection, use, and disclosure practices. Please review and understand their privacy practices and policies, if any, before providing any personal data to them or using any of their services. We are not responsible for the content or information of these third-party sites, any products or services that may be offered through them, or any other use of the sites.
18. PUBLIC AREAS
18.1. Any information you share in public areas, such as community areas, becomes public and anyone may take and use that information. Please be careful about what you disclose and do not post any Personal Data that you expect to keep private. Please consult the applicable guidelines, if any, for use of our public areas for more information.
19. NO PERSONAL DATA FROM CHILDREN
19.1. We do not knowingly collect Personal Data from children under 16 years of age. If you are under 16 years of age, you should not provide Personal Data to us. If we discover that a child has provided us with Personal Data and we do not have parental consent, we will immediately delete that child’s information.
20. REVISIONS AND CHANGES
20.1. Our Services change constantly, and so our Privacy Policy may also change. We reserve the right, at our complete discretion, to change, modify, add and/or remove portions of this Privacy Policy at any time. You are responsible for checking the Services frequently to see recent changes. You can see the date when the latest version of this Privacy Policy was posted. Your continued use of the Services following the posting of changes will mean you accept those changes. Unless stated otherwise, our current Privacy Policy applies to all Personal Data we have about you and your Account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of Personal Data collected in the past without informing affected customers and giving them a choice.
21. ADDITIONAL TERMS FOR U.S. CITIZENS
21.1. “Sell,” “Share,” and “Targeted Advertising.” We do not sell your Personal Information for money. If you opt in to marketing cookies/SDKs, we may “share” personal information for cross-context behavioral advertising and/or engage in targeted advertising. You may opt-out of the sale and sharing at any time. You may still submit a “do not sell” request to us, and we will respond within statutory timelines.
​
21.2. If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us, information regarding the disclosure of your Personal Data to the third parties for direct marketing purposes in the preceding calendar year, free of charge, once a year.
​
21.3. California residents, who are under 18 and are registered users of our Service, are allowed to request and have removed any content or information that they have posted publicly. However, in cases where the law does not require or allow the removal of information, this may not be applicable. This is under California Business and Professions Code Section 22581.
​
21.4. Profiling Disclosure. We do not engage in profiling of consumers in furtherance of automated decisions that produce legal or similarly significant effects, as those terms are defined under the Colorado Privacy Act.
22. GENERAL DATA PROTECTION REGULATION
22.1. This Privacy Policy and our data practices comply with the EU General Data Protection Regulation (EU GDPR) and the UK GDPR, in addition to applicable Armenian law. We process Personal Data in line with the GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and accountability.
23. CONTROLLER INFORMATION
23.1. We, FOREST SPOT LLC, are the data controller of your Personal Information that we collect through the Services. If you have any questions or comments, please contact us through FOREST SPOT LLC, Republic of Armenia, Kotayk Province, Jrvezh 2227, Horticultural Area, 5-th District / 1-2, support@mushroomspot.io.