Privacy Policy

Effective Date: March 2, 2026

1. Introduction

Bite Size Elephant LLC ("Company," "we," "us," or "our") operates WhereToAdvisor (the "Service") at https://www.wheretoadvisor.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By using the Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide. When you use the Service, you may provide: quiz responses (relocation preferences, priorities, and facet weightings), email address (if you purchase a report or create an account), payment information (processed by Stripe; we do not store credit card numbers), and any feedback or correspondence you send us.

2.2 Acceptance Profile Data. If you choose to use the Acceptance facet, you may provide demographic information such as sexual orientation, gender identity, race, ethnicity, or religious affiliation. This data receives elevated privacy protections as described in Section 5.

2.3 Automatically Collected Information. When you visit the Service, we automatically collect: IP address, browser type and version, device type, pages visited and time spent, referring URL, and anonymized usage analytics via PostHog.

2.4 Cookies. We use essential cookies required for the Service to function. We use PostHog for analytics, which may set cookies for session tracking. We do not use advertising cookies or sell data to advertisers.

3. How We Use Your Information

We use the information we collect to: generate personalized destination scores and reports, process payments, improve the Service through aggregated analytics, respond to your inquiries, comply with legal obligations, and protect the security of the Service.

We do not use your information for advertising, profiling for third-party marketing, or any purpose not described in this policy.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share information only in these circumstances:

Service Providers. We use third-party services to operate the Service: Stripe (payment processing), Supabase (data storage), Vercel (hosting), and PostHog (analytics). Each provider processes data under their own privacy policy and our data processing agreements.

Legal Requirements. We may disclose information if required by law, subpoena, court order, or governmental request.

Business Transfers. If the Company is acquired, merged, or sells assets, user data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

Aggregated Data. We may share anonymized, aggregated statistics that do not identify individual users (e.g., "40% of users prioritize safety").

5. Acceptance Profile Data: Elevated Protections

Demographic data provided for the Acceptance facet is sensitive. We apply the following elevated protections:

(a) Encryption at Rest. Acceptance profile data is encrypted in our database, separate from general user data.

(b) No Aggregation Across Users. We never aggregate individual acceptance profiles to build demographic databases or population statistics.

(c) No Demographic Filtering. The Service uses acceptance data to score destinations for you. It never uses this data to filter, sort, or categorize users by demographic group.

(d) Deletion on Request. You may request deletion of your acceptance profile data at any time by contacting us. We will delete it within 30 days.

(e) Minimal Retention. Acceptance profile data is retained only as long as needed to provide your personalized scores. It is not used for analytics, training, or any secondary purpose.

6. Data Retention

We retain your information as follows:

Quiz Responses and Scores. Retained for the duration of your account or 24 months after your last use, whichever is shorter.

Purchased Reports. Retained for 36 months after purchase to allow re-access.

Payment Records. Retained as required by tax and accounting regulations (typically 7 years).

Analytics Data. Anonymized and aggregated; retained indefinitely.

Acceptance Profile Data. Deleted within 30 days of account deletion or upon request.

7. Your Rights

Depending on your location, you may have the following rights:

Access. Request a copy of the personal data we hold about you.

Correction. Request correction of inaccurate personal data.

Deletion. Request deletion of your personal data, subject to legal retention requirements.

Portability. Request your data in a portable, machine-readable format.

Objection. Object to processing of your personal data for certain purposes.

To exercise any of these rights, contact us at legal@wheretoadvisor.com. We will respond within 30 days.

8. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

(a) Right to know what personal information we collect and how we use it.

(b) Right to delete personal information we have collected from you.

(c) Right to opt out of the sale of personal information. We do not sell personal information.

(d) Right to non-discrimination for exercising your CCPA rights.

9. EU/EEA Residents (GDPR)

If you are in the European Economic Area, our legal bases for processing are: consent (for acceptance profile data), contract performance (for generating your report), and legitimate interests (for analytics and service improvement).

You have the right to lodge a complaint with your local data protection authority. For data transfers outside the EEA, we rely on standard contractual clauses.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Data Security

We implement reasonable technical and organizational measures to protect your information, including: encryption in transit (TLS/HTTPS), encryption at rest for sensitive data, access controls limiting employee access to personal data, and regular security reviews.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

12. Third-Party Links

The Service may contain links to third-party websites and data sources. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect when posted to the Service. We will notify you of material changes via email (if you have an account) or by prominent notice on the Service.

14. Contact Information

For privacy-related inquiries:

Bite Size Elephant LLC

Email: legal@wheretoadvisor.com

Website: https://www.wheretoadvisor.com