Trust, Security & Privacy

PollyMap is built on the Lovable platform. Application code runs on managed serverless infrastructure, and data is stored in a managed Postgres database with daily backups. Traffic to PollyMap is served over HTTPS.

Lovable provides the underlying platform capabilities. PollyMap is responsible for the application code, data model, access policies, and the content shown to visitors.

Accounts use email and password, with optional Google sign-in. Passwords are never stored in plain text — authentication is handled by the managed auth provider.

Access to admin tooling, partner dashboards, and the curation queue is gated by server-side role checks. Anonymous visitors only see published, public content.

Public content: partner business profiles, city and state guides, published pollen reports, knowledge library entries, and aggregated network stats.

Account data: email address, display name, and role. For partners we also store business contact details and territory assignments.

Optional alerts: if you subscribe to email alerts we store your email address, the cities you follow, and your delivery preferences.

Database access is governed by row-level security. Anonymous visitors can read published reports, approved partner profiles (business name, location, public bio, website, social links), city and state pages, and the knowledge library.

Partner phone numbers, email addresses, street addresses, internal territory notes, renewal status, and the curation/import pipeline are not exposed to anonymous visitors.

PollyMap relies on Lovable for hosting, database, authentication, and email delivery. Map tiles are served by OpenStreetMap. We may use additional providers for analytics or transactional email; contact us for the current list.

Transactional email (account, partner, and alert notifications) is sent through the platform’s managed email service. Every alert email includes a one-click unsubscribe link, and unsubscribed addresses are suppressed from future sends.

Public content is retained while it is relevant to the network. Account and subscription data is retained while the account is active. To request deletion of your account, alerts subscription, or partner profile, contact us using the address below.

If you believe you have found a security vulnerability in PollyMap, please email admin@carefreeallergy.com with details and reproduction steps. We aim to acknowledge reports within a few business days.

Please do not publicly disclose suspected issues before we’ve had a chance to investigate and respond.

Questions about this page, privacy practices, or data requests: Contact PollyMap.

This page is app-owned editable content and may be updated as PollyMap’s practices evolve. Last reviewed: June 2026.