Privacy Policy

Last updated: April 14, 2026

Treeline is a small, community-focused platform. We collect the minimum amount of information needed to connect trades providers and clients in the Sierra Foothills, and we don't sell data to anyone. This page explains what we collect, why, and your rights.

Plain-English summary: We store your account info (name, email, phone, payment methods, profile) to run the marketplace. Your phone and payment methods are never shown publicly — they're revealed only to the other party after a bid is accepted. Photos you upload are visible to anyone viewing the job. We don't track you across other websites. We don't sell your data.

What we collect

Account information you give us at signup: display name, username, email, password (stored as a salted hash — never readable as plain text), and role.
Profile details you choose to add: bio, service area, ZIP code, services, hourly rate, certifications, website, and — for private contact — phone number and preferred payment methods.
Platform activity: jobs posted, bids submitted, completions documented, messages sent through the platform, photos uploaded, commendations given or received, and board posts.
Verification and security data: email verification tokens, password-reset tokens, session tokens, rate-limit counters keyed on IP address.
Contact-form submissions: whatever you type into the "Get in Touch" form, which we store and also email to the site owner.

We do not use third-party analytics or advertising trackers. We do not store your browser fingerprint, precise geolocation, or cross-site activity.

Who can see what

Public to anyone: display name, username, bio, role, services, service area, hourly rate, certifications, website, commendations, your job posts, job photos, completion records, and public board posts.
Revealed only after a bid is accepted: phone number, preferred payment methods, and the email address of the party you've matched with. Outside of that match, your phone and payment methods are never exposed via the API or UI.
Only you can see: your password, your rate-limit counters, verification tokens, session tokens.
Site operator can see: everything above, plus your email address and contact-form submissions, for moderation and support purposes.

Photos

Photos uploaded to a job are visible to anyone viewing the job's detail page. This is intentional — it allows inspectors, fire councils, and insurers to see defensible-space documentation without needing accounts. Don't upload photos that contain personal details you wouldn't want publicly visible (faces, license plates, interiors, documents).

Photo EXIF metadata (camera, date, GPS if your phone included it) is preserved in the file as uploaded. We may surface certain metadata (date/time, approximate location) on job pages in the future to support insurer verification.

How we use this information

Run the marketplace: let providers and clients find each other, post jobs, bid on jobs, document completed work.
Send you transactional emails: email verification, password resets, and contact-form responses.
Moderate the platform: remove content that violates our terms, and suspend accounts when necessary.
Build aggregate impact reports (e.g., "X acres cleared across Y homes") that never identify individual users.

What we don't do

We don't sell your data.
We don't share your data with advertisers.
We don't use third-party analytics or tracking pixels.
We don't share your phone or payment methods with anyone outside the specific bid-accepted partnership you've authorized.

Service providers we use

To actually run the site, we rely on a small number of hosting services:

Render — runs the web server and stores the database (in a SQLite file on an encrypted persistent disk).
Gmail SMTP (Google) — sends transactional emails on our behalf (verification, password reset, notifications).
GitHub — stores the source code for the platform.

These providers see only what's needed to do their job (e.g., an outgoing email's recipient and body; a database file at rest). They don't have independent rights to your personal information.

Data retention

Account information is retained while your account is active. Platform activity (jobs, bids, completions, photos, commendations) is retained indefinitely because it forms a public community record — unless you request deletion. Session tokens expire when you sign out or reset your password. Verification and reset tokens expire after 7 days and 1 hour respectively. Rate-limit counters reset on a rolling 15-minute to 60-minute window.

Your rights

You can:

Access and update your profile at any time through the Edit Profile dialog.
Request a copy of the personal data we hold about you.
Request deletion of your account and personal data. Some public records tied to your account (e.g., completed job documentation referenced by others) may persist in anonymized form.
Object to processing or ask questions about how we handle your data.

California residents additionally have the rights described in the California Consumer Privacy Act (CCPA), including the right to know, delete, correct, and opt out of the sale of personal information. We don't sell personal information, so there's nothing to opt out of — but the other rights are fully supported.

To exercise any of these rights, email michael@treeline.work.

Security

Passwords are salted and hashed. Session tokens are long, random, and rotated when you change your password. Rate limits slow down brute-force attempts. The persistent disk Render allocates for us is encrypted at rest. Despite these measures, no online service is perfectly secure — if you suspect unauthorized access to your account, email us immediately and change your password.

Children

Treeline is for adults arranging trade work. We do not knowingly collect information from anyone under 18. If you believe a minor has created an account, let us know and we'll remove it.

Changes

We'll update this page when our practices change materially. Continued use after a change means you accept the updated policy.

Contact

Questions or requests about privacy: michael@treeline.work.