PUMSdata

Privacy Policy

Last updated: June 7, 2026

This Privacy Policy explains how [Company Legal Name] ("we", "us") collects, uses, and shares information in connection with the PUMSdata website and services (the "Service"). It supplements our Terms of Service and Service Agreement. By using the Service, you agree to this Policy.

1. A note on the Census data

The statistics shown in the Service are derived from de-identified, public-domain microdata published by the U.S. Census Bureau (ACS PUMS). It does not identify individuals, and we do not collect personal information about the people represented in that data. Attempting to re-identify any individual is prohibited under our Terms. This Policy concerns the information we collect about you, our user.

2. Information we collect

  • Account information — your name, email address, and password. Passwords are managed and stored in hashed form by our authentication provider (Supabase); we never see your plaintext password.
  • Billing information — handled by our payment processor (Stripe). We do not store full card numbers; we retain limited records such as your Stripe customer and subscription identifiers, plan, and billing status.
  • Content you create — saved maps, segments, comparisons, and preferences.
  • Usage & device data — via our analytics provider (PostHog): pages and features used, actions taken, browser/device type, referring pages, and approximate location inferred from IP address.
  • Communications — emails you send us and our records of messages we send you.
  • Cookies & local storage — see Section 6.

3. How we use information

  • Provide, operate, secure, and improve the Service.
  • Authenticate you and maintain your session.
  • Process subscriptions, billing, and renewals.
  • Send transactional messages (confirmations, password resets, billing and trial notices).
  • Provide support and respond to inquiries.
  • Understand usage through product analytics to improve features.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations and enforce our agreements.

Where required by law (e.g., GDPR), we rely on these legal bases: performance of our contract with you, our legitimate interests (operating and improving the Service), your consent (e.g., marketing emails, where applicable), and compliance with legal obligations.

4. How we share information

We do not sellyour personal information. We share it only with service providers ("sub-processors") that help us run the Service, under appropriate confidentiality and data-protection obligations:

  • Supabase — database, authentication, and storage.
  • Stripe — payment processing and subscription management.
  • Mailgun — sending transactional and account emails.
  • Zoho — business email / support correspondence.
  • PostHog — product analytics.
  • Netlify — application hosting and content delivery.

We may also disclose information if required by law or legal process, to protect our rights, users, or the public, or in connection with a merger, acquisition, or sale of assets (with notice where required).

5. Data retention

We retain your account and content while your account is active. As described in the Service Agreement, when your subscription is canceled or terminated and your access ends, we may deactivate and delete your saved content. We may retain certain records longer where necessary for legal, tax, accounting, security, or fraud-prevention purposes (for example, billing records).

6. Cookies & tracking

We use strictly necessary cookies/local storage to keep you signed in and remember your preferences, and analytics cookies (PostHog) to understand usage. On your first visit we show a cookie banner: analytics cookies load only if you choose "Accept all"— choosing "Reject non-essential" keeps only the essential cookies. You can change your choice anytime via "Cookie settings" in the footer, or through your browser. Disabling essential cookies may break sign-in.

7. Security

We use reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS), hashed passwords, access controls, and reputable infrastructure providers. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your rights & choices

  • Access, correction, deletion, portability — depending on your location (e.g., GDPR/UK GDPR, California CCPA/CPRA), you may request to access, correct, delete, or export your personal information.
  • Marketing opt-out — you can opt out of non-essential/marketing emails via the unsubscribe link or your account settings. We will still send essential transactional and billing messages.
  • Export your data — you can export your saved content before canceling.

To exercise these rights, contact privacy@pumsdata.com. We will respond as required by applicable law. We will not discriminate against you for exercising your rights.

9. International users

We operate in the United States, and your information may be processed in the U.S. and other countries where our sub-processors operate. Where required, we use appropriate safeguards for international transfers.

10. Children

The Service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be indicated by updating the date above and, where appropriate, by additional notice. Your continued use of the Service after changes take effect constitutes acceptance.

12. Contact

Privacy questions or requests: privacy@pumsdata.com. Mailing address: [Company Legal Name], [Mailing Address].