Privacy policy.

When you submit a listing, claim a place, create an account, or sign up for the newsletter, we ask for your name and email. If you’re a proprietor, we also collect business details (address, hours, photos, the kind of thing that goes on a public listing).

We log basic analytics events — which pages get viewed, which outbound links get clicked, which forms get submitted — so we can tell what’s useful and what to fix.

We also use Meta’s Pixel and Conversions API to measure the performance of our advertising on Facebook and Instagram. That means when you click one of our ads and then sign up for the newsletter, claim a listing, or buy something from the Mercantile, an event with your hashed email address is sent to Meta so they can credit the ad. You can opt out via the cookie banner; opting out also blocks the Pixel.

Forms are protected by routine spam mitigations (rate limits, honeypots). We don’t sell personal information to anyone.

Running a directory at this scale takes a small constellation of vendors. We pick ones with credible privacy postures and pass them only the data they need:

• Supabase — authentication and the primary database for listings, claims, and user accounts.
• Vercel — hosting and the platform analytics that count requests by region.
• Firecrawl— extracts public business information from proprietor websites we’re indexing.
• Google Gemini and Anthropic Claude APIs — assist with editorial cleanup of submitted copy. We don’t train models on your data.
• Mapbox, MapTiler, and OpenStreetMap — render the maps you see on listing and region pages.
• Google Analytics 4 — pageview and event metrics with IP anonymization. Used to understand which pages are useful, which forms get submitted, and which ads convert.
• Meta (Facebook / Instagram) — the Meta Pixel and Conversions API receive page views and conversion events (signup, claim, purchase) so we can measure ad performance and target visitors with relevant ads. Email addresses are hashed (SHA-256) before transmission. Off by default; controlled by the cookie banner.
• Stripe — payment processing for the Mercantile. Stripe receives card details directly; we never see them.
• Resend — transactional and newsletter email delivery.

We use two categories of cookies:

• Essential— required to keep you signed in, remember small preferences (region filter, dismissed banners), your shopping bag, and enforce security. These are always on; without them the site doesn’t function.
• Analytics & advertising (optional) — Google Analytics 4 (with IP anonymization) plus the Meta Pixel for ad measurement and retargeting. Off by default. The cookie banner on your first visit lets you opt in or stay opted out; you can change your choice any time via the Cookies link in the footer.

Both platforms are implemented with consent gating — for Google, this is Consent Mode v2; for Meta, the Pixel initializes in revokestate and only flushes events after you accept. When you choose “Essential only,” user-level analytics storage and ad-measurement events are blocked at the source.

We don’t sell personal information. Hashed identifiers (email, phone) are sent to Meta only when you complete a conversion event after consent is granted, and only so that ad performance can be measured.

If something about how we handle data isn’t clear, email hello@adirondackregion.com and we’ll get back to you.

We run paid advertising on Facebook and Instagram (Meta) and on Google. To make those ad budgets accountable, conversion events are reported back to the ad platforms when you opt in to analytics:

• Page views — when you accept cookies, Meta and Google receive that you visited a page.
• Sign-ups, leads, purchases — events fire with a hashed (SHA-256) version of your email address so the ad platforms can match the conversion to the click that brought you here.
• Server-side mirror— for purchases and other key events, we send the same event from our server via Meta’s Conversions API and Google’s Measurement Protocol. This is more reliable than browser pixels alone (which iOS and ad blockers often suppress) but doesn’t add data we weren’t already collecting.

You can opt out at any time via the Cookies link in the footer. Opting out blocks both the Pixel and the Google Analytics user-level storage, and we stop sending conversion events tied to your session.

Account and listing data lives in our database for as long as the account is active. Newsletter subscribers can unsubscribe with one click from any email; the address is then dropped from the active list and retained only in suppression records.

You can ask us to export your data, correct it, or delete it entirely. For accounts, the cleanest path is the portal at /my. For anything more involved, write to hello@adirondackregion.com and we’ll handle it within ten business days.

Questions, deletion requests, or concerns: write to hello@adirondackregion.com. A real person reads it.