Skip to main content

Privacy Policy

Last updated: 2026-05-17.

This Privacy Policy explains how Dynamanic LLC (“we,” “us,” “our”) collects, uses, shares, and protects information when you use Railfans Live and its regional subdomains, including but not limited to florida.railfans.live, texas.railfans.live, and georgia.railfans.live (collectively, the “Service”). It supplements our Terms of Service and our Cookie & Tracking Policy.

1. Who We Are

Railfans Live is operated by Dynamanic LLC, a U.S. limited liability company. We are the “data controller” (or, in U.S. terms, the “business”) for personal information processed through the Service. For privacy-specific questions or to exercise your rights, email privacy@railfans.live.

2. Information We Collect

We collect the following categories of information:

  • Account information. Email address, display name, handle, hashed password, region preference, and account creation metadata.
  • Profile and social graph. Avatar (if uploaded), bio, friend connections, friend-invite emails (entered by you), reputation score, and your anonymous-posting preference.
  • Sightings and logbook. Train sighting reports (railroad, train type, direction, locomotive numbers, free-text notes), optional GPS coordinates, your selected location-precision setting, observed-at timestamps, and visibility flag (public, friends-only, or private logbook).
  • Uploaded media. Photos and videos you submit, including ffmpeg-extracted poster frames and audio transcripts we produce during automated moderation. EXIF metadata may be read but is not retained in original form once moderation completes.
  • Alerts and watchlists. Alert rules you configure, including target locomotives, locations, heritage units, quiet hours, and delivery preferences.
  • Usage data. Pages viewed, features used, device and browser type, approximate location derived from IP, and event metadata captured by our analytics processor (see Section 5).
  • Communications. Support requests, abuse reports, and any correspondence you send us.
  • Billing metadata. If you subscribe to Pro, Stripe processes your card and shares back limited metadata (subscription status, last four digits, country, renewal date). We do not see or store full payment card numbers.

2.1 What We Do Not Collect

We do not collect government-issued identifiers, biometrics, or full payment-card numbers. We do not knowingly collect any information from children under 13.

3. How We Use Information

We use the information we collect to:

  • operate, maintain, and improve the Service;
  • authenticate you, secure your account, and recover access when you request it;
  • display your sightings, photos, and logbook entries to the audiences you select;
  • generate AI-assisted features (sighting cleanup, spot summaries, trip planning, moderation) using validated, schema-checked outputs;
  • send transactional emails (sign-in links, security notices, billing receipts, alert notifications, friend invites);
  • detect, prevent, and respond to fraud, abuse, spam, and violations of our Acceptable Use Policy;
  • comply with legal obligations and enforce our Terms of Service.

4. Legal Bases (for users in the EEA/UK)

Where the EU or UK General Data Protection Regulation applies, we process personal data under one or more of the following legal bases: performance of a contract (operating your account and Pro subscription), legitimate interests (security, abuse prevention, product improvement), consent (optional analytics and certain marketing emails, where required), and compliance with legal obligations.

5. Third-Party Processors and Service Providers

We share information only with vetted processors who act on our instructions. These currently include:

  • Stripe, Inc. — payment processing and subscription billing for Pro.
  • OpenAI. — large language model inference, audio transcription, and image moderation. Inputs are sent under enterprise-style data-processing terms; we do not permit use of your content to train OpenAI's public models.
  • Amazon Web Services (AWS). — S3 (media storage), RDS Postgres (application database), SES (transactional email, including friend invites), and App Runner (application hosting).
  • PostHog. — product analytics. Events are delivered through our first-party /ingest reverse proxy. When you are signed in, we attach your user ID; when you are signed out, only an anonymous distinct_id is used.
  • OpenFreeMap and OpenRailwayMap. — map tiles and rail-network overlays. These services receive tile requests (IP, requested tile coordinates) but do not receive your account identity from us.
  • Public GTFS and operator-provided real-time feeds. — we consume these feeds read-only. We do not transmit your personal data to operators.

We do not sell personal information. We do not share personal information with advertisers. We may disclose information when required by law, valid legal process, or to protect the safety of users or the public.

6. AI Processing in Detail

When you use AI-assisted features, the relevant inputs (free-text sighting notes, photo bytes, audio extracted from uploaded video) are transmitted to OpenAI for inference. AI output is validated against a strict schema before being shown to you or persisted. AI-cleaned sighting drafts are never auto-saved — you must confirm them. Moderation decisions are fail-closed: if an upload cannot be confidently cleared, it is held for human review rather than published.

7. Cross-Region and Subdomain Sharing

Railfans Live operates a single account and friends graph across all regional subdomains. Your profile, friends, alerts, reputation, and logbook follow you across subdomains. Sightings are attributed to the region that matches their geographic coordinates — reporting a Florida sighting while visiting texas.railfans.live still attributes it to Florida. Public sightings are visible across all subdomains unless you mark them friends-only or private.

8. Retention

We keep account data while your account is active and for a reasonable period afterward to honor legal, accounting, and abuse- prevention obligations. Uploaded media and public sightings remain visible until you delete them or your account. AI moderation artifacts (poster frames, audio transcripts) are retained only as long as the parent upload exists. PostHog event data follows the default retention configured for our PostHog project.

9. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to withdraw consent. You can exercise core rights from inside the Service: edit your profile, change region preference, toggle anonymous posting, delete sightings and photos, or delete your account from the account-settings page. For other requests, contact privacy@railfans.live. We will respond within the timeframes required by applicable law. You will not be discriminated against for exercising these rights.

California residents may additionally request the categories of personal information collected, sources, business purposes, and recipients during the prior 12 months. We do not sell or “share” personal information as those terms are defined under the California Consumer Privacy Act.

10. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. Users between 13 and 17 require parent or guardian consent to use the Service. If we learn we have collected personal information from a child under 13 without proper consent, we will delete it.

11. International Transfers

We are based in the United States, and our processors operate infrastructure in the United States and other countries. If you access the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States.

12. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data — including encryption in transit, hashed passwords, scoped IAM credentials, access logging, and least-privilege admin tools. No system is perfectly secure; we cannot guarantee that information transmitted through the Service will not be accessed by unauthorized parties.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced through the Service or by email at least 14 days before taking effect. The “Last updated” date above reflects the most recent revision.

14. Contact

Privacy questions or rights requests: privacy@railfans.live. General legal inquiries: legal@railfans.live. Trust and safety reports: abuse@railfans.live.