Privacy Policy

Last updated: November 2025

Information We Collect

MuseumsMexico collects information you provide directly to us, such as when you create an account, save favorite museums, or plan routes.

Personal Information

  • Email address (used for account identification and password recovery)
  • Full name (displayed on your profile and reviews)
  • Password (securely hashed using bcrypt with salt rounds, never stored in plain text)
  • Museum preferences and saved favorites
  • Custom routes and travel plans
  • Museum reviews and ratings you submit
  • Earned badges and leaderboard achievements

Automatically Collected Information

  • Device information and browser type (via Google Analytics)
  • Geographic location (country and city level, via Google Analytics)
  • Session information (via authentication cookies)
  • Pages visited and interaction patterns (via Google Analytics)

How We Use Your Information

  • To provide and maintain our museum discovery service
  • To save your favorite museums and custom routes
  • To display your reviews and ratings
  • To improve our service and user experience
  • To communicate with you about service updates

Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except as described in this policy:

  • With your consent
  • To comply with legal obligations
  • To protect our rights and safety
  • With service providers who assist in our operations

Analytics and Tracking

We use Google Analytics 4 (GA4) to understand how visitors use our website. This service collects:

  • Pages visited and time spent on each page
  • Device and browser information
  • Geographic location (country/city level)
  • Referral sources and navigation patterns

Google Analytics uses cookies to collect this information. The data is anonymized and used solely for improving our service. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Authentication and Account Security

We take the security of your account seriously and implement industry-standard security measures:

  • Password Security: All passwords are hashed using bcrypt with 12 salt rounds before storage. We never store passwords in plain text.
  • Session Management: We use HTTP-only cookies with JWT (JSON Web Tokens) for secure session management. These cookies cannot be accessed by client-side JavaScript, preventing XSS attacks.
  • Session Duration: Authentication tokens expire after 7 days of inactivity. You can sign out manually at any time to invalidate your session.
  • Password Recovery: Password reset tokens are time-limited and single-use. They expire after a short period for security.
  • HTTPS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS in production.

Local Storage on Your Device

To enhance your experience, we store certain information locally on your device using browser localStorage:

  • Location Preferences: When you set your location in the "Museums Near Me" feature, we save it locally on your device for 7 days so you don't need to re-enter it on each visit.
  • Complete Privacy: This location data never leaves your device and is not transmitted to our servers. It is stored only in your browser's localStorage.
  • User Control: You can clear this saved location at any time using the "Change Location" button, or by clearing your browser's local storage.
  • Automatic Expiration: Saved location data automatically expires after 7 days.

Data Storage and Retention

Your personal data is stored securely in our database:

  • Account information (email, hashed password, name) is retained while your account is active
  • Reviews, routes, and favorites are retained while your account is active
  • Password reset tokens are automatically deleted after use or expiration
  • Session tokens expire after 7 days or when you sign out
  • When you delete your account, all associated personal data is removed from our systems

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your saved routes and favorites

Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@museumsmexico.com