Privacy Policy.

Unitopia is a nonprofit dedicated to community magic — public art, cultural programming, education, and gatherings. This policy explains what information we collect when you visit unitopia.me, sign in, participate in our programs, or contact us, and how we use it.

We aim to collect only what we need to operate the platform and to deliver the programs you've opted into. We do not sell your personal information.

1. Information we collect

Information you provide

• Account information. When you sign in with Google, we receive your name, email address, and profile photo from Google's OAuth service. You can edit your displayed name and image after sign-in.
• Profile and program data. Information you add or signal — volunteer skill tags, team membership, Burning Man interest, artist applications, blog posts you author, event RSVPs — is stored alongside your account.
• Communications. Messages you send through the platform (mentions, comments, broadcast replies) and emails you send to our team.
• Payment information. When you pay camp dues or (in the future) buy a ticket or store item, payments are processed by Stripe. Stripe receives your card details directly — Unitopia never sees or stores them. We record only the amount, currency, payment status, an internal Stripe reference, and the purpose of the payment (e.g. "Burning Man 2026 dues").

Information collected automatically

• Server logs. Our servers record IP address, user-agent, request paths, and response codes for security, debugging, and rate-limiting. Logs are rotated automatically.
• Cookies and sessions. We set a session cookie to keep you signed in. A small set of preference cookies remember UI choices. We do not use third-party advertising cookies.
• Analytics. We use Google Analytics to understand which pages are visited and how visitors arrive. Analytics data is aggregated and pseudonymized.
• Email engagement. Emails we send may contain a tracking pixel and signed click-through URLs so we can see whether a message was opened and which links were clicked. This helps us prune our suppression list and improve content; we don't share it externally.
• Bot defenses. Our sign-up page uses Cloudflare Turnstile to detect automated abuse. Turnstile may collect device-level signals from your browser.

2. How we use information

• To create and maintain your account and authenticate you across visits.
• To operate the programs you've opted into — coordinating volunteer commitments, confirming camp membership, fulfilling payments and refunds, etc.
• To send transactional emails (sign-in confirmations, payment receipts, broadcast updates for programs you've joined) and, if you opt in, occasional newsletters.
• To protect the platform — investigating abuse, debugging errors, enforcing our acceptable-use rules.
• To improve the site based on aggregated analytics.

3. Who we share information with

We share personal information only with the service providers needed to run the platform, and only the data each provider needs to do its job. We do not sell personal information.

• Google — OAuth sign-in, email delivery via Gmail API, Google Analytics.
• Stripe — payment processing for dues, tickets, and store orders.
• Cloudflare — bot detection on sign-up.
• Cloud storage — uploaded images (avatars, event hero images, artist portfolio media) are stored on managed cloud object storage.
• AI providers (Anthropic) — when an editor uses the AI-assisted event-page authoring tool, the page content being edited is sent to Anthropic. This is only invoked deliberately by signed-in editors and does not run on visitor data.
• Legal requests — we may disclose information if required by a valid legal process or to protect rights, safety, or property.

4. How long we keep it

We keep account and program data for as long as your account is active or as needed to operate the programs you've joined. Payment records are retained as required by tax and accounting law (typically 7 years in the U.S.). Server logs are retained for a short rotation window (typically days to weeks). Email engagement records are retained for campaign analysis and suppression-list management.

5. Your choices

• Access and correction. You can view and edit most of your profile information from the in-app profile page after sign-in.
• Email preferences. Every non-transactional email includes an unsubscribe link. Transactional emails (sign-in, payment receipts, refund notices) are required to operate the service and can't be opted out of while you have an account.
• Account deletion. Email privacy@unitopia.me from the address tied to your account to request deletion. We will remove your account and associated personal data, subject to legal retention requirements (payment records, etc.).
• Analytics opt-out. Most browsers support a "Do Not Track" signal or an ad-blocker / privacy extension that blocks Google Analytics. We honor these signals where the browser provides them.

6. Children

Unitopia is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us and we will delete it.

7. Security

We use industry-standard safeguards — TLS in transit, encrypted-at-rest databases, principle-of-least-privilege access controls, and credential rotation. No system is perfectly secure; we'll let you know promptly if a breach affects your data.

8. International transfers

We're based in the United States and our service providers operate primarily in the U.S. If you access the site from outside the U.S., your information will be processed in the U.S. under U.S. data-protection law.

9. Changes to this policy

We may update this policy as our practices evolve. The "Last updated" date at the top of the page reflects the most recent change. Material changes will be announced via an in-app notice or an email to active members.

10. Contact us

Questions, requests, or concerns? Email privacy@unitopia.me. We'll respond within a reasonable time, usually within a few business days.