Privacy Policy

Last updated: March 2026

1. Introduction

PowderLedger, Inc. (“we,” “us,” or “our”) operates the PowderLedger platform, a B2B SaaS solution for ski rental shops and outdoor equipment retailers. This Privacy Policy describes how we collect, use, share, and protect information when you use our services, website, and associated products (collectively, the “Service”).

This policy applies to:

  • Merchants — ski rental shop operators and their staff who use PowderLedger to manage their business
  • End-users — customers of Merchants who interact with PowderLedger-powered experiences (customer portal, online booking, digital waivers)
  • Website visitors — individuals who browse powderledger.com

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the practices described here, please discontinue use of the Service.

2. Information We Collect

We collect information in several ways depending on who you are and how you interact with us.

Account & Business Information

When Merchants register for and use PowderLedger, we collect information such as: business name, owner name and contact details, billing address, tax identification (if applicable), and account credentials. Staff members added to a Merchant account provide their name and email address.

Rental & Transaction Data

We collect and store rental records, equipment assignments, pricing information, payment records, waiver signatures, lesson bookings, and related transactional data generated through the Service. This data is submitted by Merchants on behalf of their operations and their end-users.

End-User Personal Information (Collected on Behalf of Merchants)

When Merchants use PowderLedger to manage their customers, we may process end-user personal information including: names, phone numbers, email addresses, physical measurements (height, weight, boot size), skill level, payment information, and rental history. PowderLedger processes this data as a data processor acting on behalf of the Merchant (the data controller). End-users should consult the privacy policy of the Merchant whose shop they visited for information about how the Merchant controls their data.

Payment Information

Payment card information is collected and processed by our third-party payment processor, Stripe, Inc. PowderLedger does not store full payment card numbers. We receive and retain tokenized payment identifiers and transaction records (amounts, dates, status) from Stripe.

Usage & Analytics Data

We collect information about how the Service is used, including pages visited, features accessed, time spent, browser type, device type, IP address, and referring URLs. This data helps us understand usage patterns and improve the Service.

3. How We Use Information

We use the information we collect for the following purposes:

  • Providing, operating, and maintaining the Service
  • Processing payments and managing billing for Merchant subscriptions
  • Sending transactional communications (receipts, booking confirmations, rental reminders, pre-arrival emails)
  • Providing customer support and responding to inquiries
  • Detecting and preventing fraud, abuse, and security incidents
  • Improving and developing new features and functionality
  • Analyzing usage patterns and producing aggregated, de-identified analytics
  • Complying with legal obligations and enforcing our Terms of Service
  • Sending product updates, feature announcements, and marketing communications to Merchants (you may opt out at any time)

4. Data Sharing

We do not sell personal data. We do not sell, rent, or trade personal information about Merchants or end-users to third parties for their own marketing purposes.

We share data only in the following limited circumstances:

  • Stripe, Inc. — for payment processing. Stripe’s privacy practices are governed by Stripe’s Privacy Policy.
  • Resend — for transactional email delivery (rental confirmations, reminders, receipts).
  • Neon (database) and Vercel (hosting infrastructure) — for storing and serving the Service. Data is processed in the United States.
  • Law enforcement and legal process — when required by applicable law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of PowderLedger, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of all or a portion of PowderLedger’s assets, subject to standard confidentiality agreements.

We require all sub-processors to maintain appropriate security measures and to process data only as directed by us and consistent with this Privacy Policy.

5. Data Retention

We retain data for as long as necessary to fulfill the purposes described in this policy, including our legal and business obligations. Our retention practices include:

  • Rental and financial records — retained for a minimum of 7 years from the date of the transaction to comply with applicable tax, accounting, and financial recordkeeping requirements.
  • End-user personal information (PII) — retained until a Merchant requests deletion of specific customer records, or until a Merchant account is fully terminated and the post-termination data retention period expires. Deletion requests from end-users should be directed to the Merchant.
  • Waiver records — retained for the period requested by the Merchant, subject to applicable legal requirements.
  • Account information — retained for the duration of the Merchant subscription and for a reasonable period thereafter for legal and business purposes.
  • Usage analytics — retained in aggregated, de-identified form indefinitely; raw logs are retained for up to 12 months.

Upon termination of a Merchant account, Merchants may request an export of their data within 30 days. After this period, data may be permanently deleted subject to our legal retention obligations.

6. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data. These may include:

  • Right to access — the right to request a copy of the personal data we hold about you
  • Right to correction — the right to request that we correct inaccurate or incomplete data
  • Right to deletion — the right to request that we delete your personal data, subject to our legal retention obligations
  • Right to data portability — the right to receive your data in a structured, machine-readable format
  • Right to opt out of sale — we do not sell personal data, but California residents may exercise rights under the CCPA
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

Merchants may exercise these rights directly by contacting us at privacy@powderledger.com.

End-users whose data is controlled by a Merchant should direct their requests to the Merchant in the first instance. Where end-users contact us directly, we will forward such requests to the relevant Merchant where appropriate, or assist as permitted by our agreement with the Merchant.

We will respond to verified requests within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before processing certain requests.

7. Children’s Privacy

PowderLedger is a B2B platform and is not directed at children under the age of 13. We do not knowingly collect personal information directly from children under 13 without verifiable parental consent as required under the Children’s Online Privacy Protection Act (COPPA) and applicable law.

Merchants who collect personal information from minors (e.g., junior ski school participants) through the Service are solely responsible for:

  • Obtaining all required parental or guardian consent before collecting personal information from children under 13
  • Complying with COPPA and any other applicable laws governing the collection and use of children’s data
  • Ensuring that their privacy notices to parents and guardians are accurate and complete

If you believe we have inadvertently collected personal information from a child under 13 without appropriate consent, please contact us immediately at privacy@powderledger.com so that we can take appropriate action.

8. Security

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect information in our custody, including:

  • Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Encryption at rest — data stored in our database is encrypted at rest
  • Access controls — access to production systems and customer data is restricted to authorized personnel on a need-to-know basis
  • SOC 2-aligned practices — our security program is designed to align with SOC 2 Type II trust service criteria, covering security, availability, and confidentiality
  • Regular security reviews — we conduct periodic security reviews and vulnerability assessments

No security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected parties as required by applicable law.

9. Cookies

PowderLedger uses a minimal cookie policy designed to respect your privacy:

  • Session cookies — we use session cookies strictly necessary to authenticate logged-in users and maintain secure sessions. These cookies are deleted when you close your browser.
  • No tracking cookies — we do not use persistent tracking cookies to follow you across websites.
  • No third-party advertising cookies — we do not place or allow third-party advertising networks to place cookies on our platform for behavioral advertising purposes.

You can control cookie behavior through your browser settings. Please note that disabling session cookies may prevent you from logging in to the Service.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify Merchants via email and/or by posting a prominent notice on the Service, and we will update the “Last updated” date at the top of this page.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

PowderLedger, Inc.

Privacy & Data Inquiries

privacy@powderledger.com

For data subject rights requests under CCPA or GDPR, please include “Privacy Rights Request” in the subject line of your email and provide sufficient information for us to verify your identity.