Effective: 2026-05-20. Applies to the Ridgefield Main Street mobile application ("RMS," "the app") published by Warden Systems LLC on Google Play and the Apple App Store.
1. About the app
Ridgefield Main Street is an interactive guide to Downtown Ridgefield, Washington — a community-events, business-directory, badge-collection, and ticketing app that connects residents and visitors with the local businesses and events that make our downtown distinct. During an active community event that you have registered for, the app uses your device's location to recognize when you arrive at participating businesses or event locations and award badges or unlock event content. Outside of active events, the app does not require ongoing location access.
The app is intended for users 13 years of age or older. We do not knowingly allow children under 13 to create accounts or use the app.
2. What we collect, why, and how long we keep it
| Category | What | Why | Retention |
|---|---|---|---|
| Approximate location | Device coarse-location reading | Determine whether you are within range of an active Ridgefield event; show event listings near you | Discarded within 24 hours of the reading; never stored linked to your identity beyond that window |
| Precise location (foreground) | Device fine-location reading while the app is open | Recognize when you arrive at a participating business or event location. Collected only when discovery mode is enabled (we turn it on automatically when you join an event; you can toggle it off any time). | Discarded at the end of the event session, or within 24 hours, whichever is sooner |
| Account email | Email address you provide at signup | Authenticate your account, contact you about events you have registered for, deliver password resets | Retained while your account is active; deleted within 30 days of account-deletion request |
| Display name | Name or handle you choose | Show your progress on event leaderboards | Same as account email |
| Event progress | Events you have registered for, badges you have earned, ticket purchases, mystery-event progress when applicable | Operate the app — show your badges, track event registration, deliver event content | Aggregated into event-level statistics and de-identified within 48 hours of event close; individual event records are not retained linked to your identity after that window |
| Device identifier | OS-provided app instance identifier (Android App Set ID / iOS IDFV) | Distinguish your installation for sync between experience state and account; abuse prevention | De-identified within 48 hours of last app session, except where retained for active-account sync |
| Crash and diagnostic data | Anonymized crash stack traces, OS version, app version | Diagnose bugs | Aggregated; not linked to your account or device identifier |
We do not collect: contacts, calendar, microphone audio, camera content (except when you explicitly take a photo as part of an event challenge, in which case the photo is stored locally on your device only), SMS, browser history, advertising identifiers, or any health/fitness data.
3. Location data — detailed disclosure
Ridgefield Main Street uses your foreground (in-use) location only when discovery mode is enabled. We turn discovery mode on automatically when you join a community event, and you can toggle it off any time in your account settings. While discovery mode is on, we record location pings to recognize when you arrive at a participating business or event location and award the right badge or unlock the next part of an experience. We do not collect location in the background. We do not share your location with anyone, do not retain raw coordinates beyond 24 hours (or end of the event, whichever is sooner), and you can revoke this permission at any time in your device settings.
RMS uses these Android permissions:
ACCESS_COARSE_LOCATION— used to determine your general area for event discovery.ACCESS_FINE_LOCATION— used in the foreground only while discovery mode is on, to recognize when you arrive at a participating business or event location.
We no longer request ACCESS_BACKGROUND_LOCATION; a prior version of the app did so with explicit in-app disclosure, but the current app is foreground-only.
We use location data solely to deliver in-event experiences (badge awards, event content, mystery-event progression where applicable). Specifically, we do not:
- transmit location data to any third party (no analytics, no advertisers, no data brokers);
- use location data to infer health conditions, sexual orientation, religious affiliation, immigration status, or any other sensitive attribute;
- operate any geofence within 2,000 feet of an in-person healthcare facility for any purpose prohibited by RCW 19.373.040;
- build a long-term location history of any user;
- retain identifiable location data beyond the windows in §2.
If you revoke any location permission, the app continues to function for non-location features (account, event browsing, leaderboards for past events).
4. The 48-hour de-identification window
For any data we collect that is linked to your identity (your account, your device identifier, your event-progress records), we apply a 48-hour de-identification window: within 48 hours of the data's collection, we strip the linking identifier and retain only aggregated, de-identified records. This window applies to all copies of the data, including encrypted backups and database replicas: we either de-identify before backup or rotate backups so that no identifier-linked copy is retained beyond 48 hours. After de-identification:
- the resulting data cannot reasonably be used, alone or in combination with other information we hold, to identify a particular individual;
- we maintain technical safeguards and business processes to prevent re-identification;
- our employees and contractors are prohibited from attempting to re-identify the data.
This window does not apply to data we are required to retain longer to operate your account or comply with law: your account email, display name, and password hash are retained until you delete your account; certain billing records (if you make a purchase in-app) are retained for as long as US tax and accounting law requires; customer support correspondence is retained for case continuity; and records subject to a legal hold or active fraud investigation are retained for the duration of the hold or investigation.
5. We do not sell or share your data
We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising. We do not transmit your personal information to advertising networks, data brokers, social-media platforms, or analytics vendors. RMS contains no third-party SDKs for advertising, analytics, attribution, or behavioral profiling.
6. Service providers
We use the following service providers to operate RMS. Each acts as a data processor on our behalf, under contractual terms restricting use of the data to providing the service:
- Self-hosted infrastructure. The RMS backend runs on infrastructure operated directly by Warden Systems LLC. We do not outsource the database or application server to a third-party cloud provider.
- Cloudflare, Inc. — provides edge networking, DNS, and the secure tunnel between our backend and the public internet.
- Resend (Resend Labs, Inc.) and Amazon Web Services (Amazon SES) — send transactional email (password reset, event confirmations).
We do not use third-party crash reporting that transmits user data to the vendor. Crash diagnostics are aggregated on our own infrastructure.
7. Your rights and controls
You can, at any time:
- Revoke location permissions from your device's system settings.
- Delete your account from within the app (Settings → Account → Delete Account) or by emailing [email protected]. Account deletion removes your email, display name, and any retained identifiable data within 30 days.
- Export your data — request a portable copy of your account data and current event state by emailing us.
- Ask what we have — request a summary of any identifiable data we hold about you.
- Correct — ask us to correct inaccurate data.
We respond within one (1) business day. We honor deletion requests on the same business day unless a legal hold applies, in which case we will tell you what is held and why.
8. Children
RMS is intended for users 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an RMS account, contact [email protected] and we will delete the account and any associated data.
Community events often draw families. If you are a parent or guardian playing RMS with a child under 13, please use your own account; your child does not need a separate account to participate alongside you.
9. Security
- TLS 1.2 or higher for all data in transit between the app and our servers.
- AES-256 encryption at rest for stored personal information and backups.
- Role-based access control with audit logging for all engineer access to production data.
- We do not store passwords in plaintext; passwords are hashed with a salted, computationally hard algorithm (Argon2id or bcrypt).
10. Changes
If we change this policy, we will update the effective date above and post the new version at wardensystems.ai/legal/privacy/rms. For material changes affecting how we collect or use data, we will notify active users in-app and by email.
11. Governing law
This policy is governed by the laws of the State of Washington, without regard to conflict-of-laws principles.
12. Contact
[email protected]. Warden Systems LLC, PO Box 1177, Ridgefield, WA 98642, United States.