Privacy Policy

Last updated: March 2026

1. Introduction

PowderLedger, Inc. (“we,” “us,” or “our”) operates the PowderLedger platform, a SaaS solution for ski rental shops and outdoor equipment retailers. This Privacy Policy describes how we collect, use, share, and protect information when you use our services, website, and associated products (collectively, the “Service”).

This policy applies to:

  • Merchants — ski rental shop operators and their staff who use PowderLedger to manage their business
  • End-users — customers of Merchants who interact with PowderLedger-powered experiences (customer portal, online booking, digital waivers)
  • Website visitors — individuals who browse powderledger.com

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the practices described here, please discontinue use of the Service.

2. Information We Collect

We collect information in several ways depending on who you are and how you interact with us.

Personal Information

When Merchants or end-users register for or interact with PowderLedger, we may collect: full name, email address, phone number, and physical address.

Rental & Equipment Information

To process and manage equipment rentals, we collect information including: equipment preferences, rental history, and data required for DIN (Deutsches Institut für Normung) binding-release calculations — specifically height, weight, age, boot sole length, and skier type/ability level. This data is used to calculate safe binding-release settings in accordance with ISO 11088.

Payment Information

Payments are collected and processed exclusively by our third-party payment processors, Stripe, Inc. and Square, Inc. PowderLedger never stores full credit card numbers, CVVs, or complete payment card data on our servers. We receive and retain only tokenized payment identifiers and transaction records (amounts, dates, status) from these processors.

Waiver & Liability Information

When end-users complete digital waivers through the Service, we collect: the digital signature (drawn or typed), the timestamp of agreement, and the IP address from which the waiver was signed. This information is retained for legal and safety record-keeping purposes.

Minors’ Information

For youth equipment rentals, we collect the same categories of personal and rental information described above (including height, weight, age, boot sole length, and skier type/ability for DIN calculations) for minor children. This data is collected only with the consent of a parent or legal guardian, and is used solely to ensure safe equipment fitting and rental processing.

Usage & Analytics Data

We collect information about how the Service is used, including pages visited, features accessed, time spent, browser type, device type, IP address, and referring URLs. This data helps us understand usage patterns and improve the Service.

3. How We Use Your Data

We use the information we collect for the following purposes:

  • Process and manage equipment rentals, including check-in, check-out, and equipment assignment
  • Calculate safe DIN binding-release settings per the ISO 11088 standard using customer-provided height, weight, age, boot sole length, and skier type/ability
  • Process payments, refunds, and security deposits through Stripe and Square
  • Send rental confirmations, reminders, and receipts via Twilio (SMS) and Resend (email)
  • Maintain safety records and legal documentation, including signed waivers
  • Provide customer support and respond to inquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Improve and develop new features and functionality
  • Analyze usage patterns and produce aggregated, de-identified analytics
  • Comply with legal obligations and enforce our Terms of Service

4. Third-Party Services

We do not sell personal data. We share data with the following third-party service providers solely to operate the Service:

ProviderPurposeData Shared
Stripe, Inc.Payment processingTransaction amounts, payment card data (handled directly by Stripe)
Square, Inc.Payment processingTransaction amounts, payment card data (handled directly by Square)
Twilio, Inc.SMS notificationsPhone number, message content (rental reminders, confirmations)
ResendTransactional email deliveryEmail address, message content (receipts, confirmations, reminders)
NeonDatabase hostingAll Service data (encrypted at rest and in transit)

We may also disclose data when required by applicable law, court order, or governmental authority, or in connection with a merger, acquisition, or sale of assets (subject to standard confidentiality agreements).

We require all sub-processors to maintain appropriate security measures and to process data only as directed by us and consistent with this Privacy Policy.

5. Data Retention

We retain data for as long as necessary to fulfill the purposes described in this policy, including our legal and business obligations:

  • Active customer data — retained while the customer relationship is active and for seven (7) years thereafter to comply with applicable tax, accounting, and legal recordkeeping requirements.
  • Waiver signatures — retained for the duration required by the applicable statute of limitations in the jurisdiction where the rental occurred, or as otherwise required by law.
  • Payment records — retained by Stripe and Square in accordance with their respective data retention policies. PowderLedger retains tokenized transaction records for seven (7) years.
  • Account information — retained for the duration of the Merchant subscription and for a reasonable period thereafter for legal and business purposes.
  • Usage analytics — retained in aggregated, de-identified form indefinitely; raw logs are retained for up to twelve (12) months.

Upon termination of a Merchant account, Merchants may request an export of their data within 30 days. After this period, data may be permanently deleted subject to our legal retention obligations.

6. Your Rights (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information. Depending on your jurisdiction, you may also have similar rights under other applicable privacy laws. These rights include:

  • Right to know — you have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it is shared.
  • Right to delete — you have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as data required for legal compliance or to complete a transaction).
  • Right to correct — you have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out, but you may still submit a request and we will confirm our practices.
  • Right to non-discrimination — we will not discriminate against you for exercising any of your privacy rights.
  • Right to data portability — you have the right to receive your personal data in a structured, commonly used, machine-readable format.

To exercise any of these rights, please contact us at PowderLedger@gmail.com. Include “Privacy Rights Request” in the subject line and provide sufficient information for us to verify your identity.

End-users whose data is controlled by a Merchant should direct their requests to the Merchant in the first instance. Where end-users contact us directly, we will forward such requests to the relevant Merchant where appropriate.

We will respond to verified requests within 45 days. If we require additional time (up to an additional 45 days), we will notify you in writing.

7. Children’s Privacy

PowderLedger is not directed at children under the age of 13. However, because ski rental shops serve families, we recognize that personal information of minors may be processed through the Service for the purpose of safe equipment fitting and DIN binding-release calculations.

We collect minors’ data (including height, weight, age, boot sole length, and skier type/ability) only for rental safety purposes, specifically to calculate appropriate DIN settings in accordance with ISO 11088. This data is collected and processed solely with the consent of a parent or legal guardian.

Parent/guardian consent is required for the collection of personal information from children under 13, in compliance with the Children’s Online Privacy Protection Act (COPPA). Merchants are responsible for obtaining verifiable parental consent before entering a minor’s information into the Service.

Parents and guardians may:

  • Request a review of the personal information collected about their child
  • Request deletion of their child’s personal information
  • Refuse to permit further collection of their child’s information

To make any of these requests, please contact us at PowderLedger@gmail.com or contact the Merchant directly.

8. Security

We implement industry-standard technical and organizational measures to protect information in our custody, including:

  • Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
  • Encryption at rest — data stored in our database is encrypted at rest using AES-256 or equivalent encryption provided by our infrastructure partners
  • Access controls — access to production systems and customer data is restricted to authorized personnel on a need-to-know basis
  • Payment isolation — payment card data is handled exclusively by PCI DSS-compliant processors (Stripe and Square) and never touches our servers
  • Regular security reviews — we conduct periodic security reviews and vulnerability assessments

No security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify affected parties as required by applicable law.

9. Cookies

PowderLedger uses a minimal cookie policy:

  • Session cookies — strictly necessary to authenticate logged-in users and maintain secure sessions. These cookies are deleted when you close your browser.
  • No tracking cookies — we do not use persistent tracking cookies to follow you across websites.
  • No third-party advertising cookies — we do not place or allow third-party advertising networks to place cookies on our platform.

You can control cookie behavior through your browser settings. Disabling session cookies may prevent you from logging in to the Service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify Merchants via email and/or by posting a prominent notice on the Service, and we will update the “Last updated” date at the top of this page.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

PowderLedger, Inc.

Privacy & Data Inquiries

PowderLedger@gmail.com

For data subject rights requests under CCPA/CPRA, please include “Privacy Rights Request” in the subject line of your email and provide sufficient information for us to verify your identity.