Privacy Policy

Version v1.0 Effective May 12, 2026

This policy explains what information the Troop 818 family + leader site collects, why we collect it, how it's protected, and the rights you and your Scout have over it. We wrote this in plain English because troop families shouldn't have to wade through legalese to understand what we do with your data.

Contents

Who we are
What we collect
Why we collect it
How we use it
Scouts under 13 (COPPA)
Data retention
Security
Your rights
Changes to this policy
Contact

1. Who we are

The Troop 818 site (troop818md.org) is the family and leader portal for Troop 818, a Scouts BSA troop based in Phoenix, Maryland. The site and its hosting are operated by Momojilabs on behalf of the troop. When this policy says "we," it means the people running the troop's site and database — the Scoutmaster, committee, and operator working together to keep family data safe.

We are not Scouting America (BSA) and we are not Intuit / QuickBooks. We share information with them only as described below.

2. What we collect

We collect only what we need to run the troop. For each person on the site we may store:

Names — first, last, and the display name your family uses.
Email — used for sign-in and transactional email (RSVP confirmations, invoices, setup links).
Phone — optional; useful for trip leaders to reach you on the trail.
BSA ID (for Scouts) — required so advancement and registration tie back to the official Scouting America record.
Date of birth (for Scouts) — used for age-appropriate event rules and to determine whether a Scout is under 13 (see COPPA below).
Family relationships — who is in your household and who is the primary contact, so leaders message the right person and Scouts get attached to the right invoice.
RSVP history — which events your family attended, who came, and any guests you added.
Payment status — whether an invoice has been paid; we do not store credit card numbers or bank account numbers.
Audit metadata — when someone in leadership viewed or edited a record, for accountability.

Passwords are stored only as salted hashes (PBKDF2). The plaintext password never touches our database.

3. Why we collect it

Troop management — full stop. Specifically:

Sending event invitations and tracking who is going.
Tracking Scout advancement (rank, joined date, patrol).
Letting the treasurer bill families accurately for events.
Keeping leaders in touch with the right adult in each family.

4. How we use it

Your data stays internal to the troop and the operator. We do not sell it. We do not share it for advertising. We do not give it to a data broker.

The only third parties that ever see your data are the services we use to run the site:

QuickBooks Online (Intuit) — when the troop opts in to invoicing through QuickBooks, family name, email, and event-fee invoice line items are pushed to QuickBooks so they can generate and track invoices. Payment card data is handled by Intuit, never by us.
Resend — delivers our transactional email (setup links, RSVP confirmations). Resend sees the recipient's name and email address only.
Cloudflare — hosts the site, the database (Cloudflare D1), and our session storage. Cloudflare is the underlying infrastructure provider; they don't read your records.

That's the whole list. If we ever add another vendor that touches your data, we'll update this page and re-version the policy.

5. Scouts under 13 (COPPA)

Scouts under 13 do not create their own accounts. The Children's Online Privacy Protection Act (COPPA) requires verifiable parental consent before we collect personal information from a child under 13, and we comply with that rule.

In practice, that means a parent or guardian, signed in to their own account, is the one who adds a Scout to the family record. At the time of creation, the parent affirms consent on the Scout's behalf — we record the consenting parent, the timestamp, and the exact version of the consent text they saw, so we can show our work later.

Parents of Scouts under 13 can, at any time, review what we have stored about their child, export it as a JSON file, or request that it be deleted. All three actions live in Settings → Privacy & Data. We do not require a parent to keep an account active to exercise these rights.

6. Data retention

Different categories of data have different retention rules:

Financial records (invoice line items, paid/unpaid status, QuickBooks linkage) — retained for 7 years, in line with standard treasury recordkeeping and IRS guidance.
Advancement records (rank, joined date, BSA ID, patrol, attendance at advancement events) — retained while the Scout is active in the troop, plus 1 year after withdrawal. After that, advancement is preserved by Scouting America's systems, not by us.
Personally identifiable information (email, phone, DOB, family relationships) — when a family withdraws from the troop, we redact identifying fields within 30 days. Audit and financial records continue to reference an anonymized internal ID, but the human-readable identifiers are wiped.
Audit logs — kept for the life of the troop's records, but they contain who-did-what metadata, not bulk PII.

If you ask for early deletion (Settings → Privacy & Data → Request data deletion), a leader follows up to confirm and complete the request manually — usually within 14 days.

7. Security

TLS in transit — every connection to the site is HTTPS-only.
Encrypted at rest — the database (Cloudflare D1) is encrypted at rest by the platform.
PII access is audit-logged — when a leader views Scout PII outside their own family, we record it, including which fields were touched. The Scoutmaster can review the audit log at any time.
Leader-permission scoping — most fields are visible only to the family they belong to, plus leaders holding specific permissions (advancement, treasury, invitations). A leader without the right permission literally does not see the data.
Passwords are hashed with PBKDF2 (100,000 iterations, SHA-256, per-account random salt). Sessions are server-side; the cookie holds only a random session ID.
Setup links expire after 7 days.

No system is perfectly secure. If you think your account has been compromised, change your password and email a leader immediately so we can review the audit log.

8. Your rights

Whether you're a parent, a Scout, or an adult leader, you have these rights — and the controls live in the app itself:

Access — download a JSON file with everything we have on your family. Settings → Privacy & Data → "Download JSON."
Correction — update your profile (name, email, phone) at Settings → My Profile. Edit family members (Scouts, co-parents) from the Roster.
Deletion — request deletion of your records at Settings → Privacy & Data → "Request data deletion." A leader follows up, and we complete the redaction per the retention rules above.

If you can't sign in, email the address in Section 10 and we'll process your request the slow way.

9. Changes to this policy

If we make material changes, we bump the version number at the top of this page and email families with active accounts. Continued use after a change means you accept the new policy. Old versions stay available on request.

10. Contact

Privacy questions, data requests, or anything that doesn't fit a button in the app: email privacy@troop818md.org (placeholder — Marin to confirm). We aim to respond within 14 days; we have to respond within 30.