Privacy Policy

This Privacy Policy describes how NextMetro (“we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our website and services (the “Service”).

By using NextMetro, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

1.2 Information You Provide Voluntarily

We may collect information you choose to provide, such as:

• Contact Information: If you contact us via email, we collect your email address and any information included in your message.
• Feedback: Any comments, suggestions, or bug reports you submit.

1.3 Information We Do NOT Collect

NextMetro does not collect:

• Names or real identities
• Physical addresses
• Phone numbers
• Payment or financial information
• Social Security numbers or government IDs
• Precise geolocation (GPS coordinates)
• Contents of private communications
• Biometric data
• Health information
• Account credentials or passwords

Note on Location: NextMetro may offer features that use your location (e.g., finding nearby stations). If implemented, this would use your device's geolocation API, which requires your explicit consent through your browser or device. We do not store precise location data on our servers. You may deny or revoke location permission at any time through your browser or device settings.

2. How We Collect Information

2.1 Server Logs

Our web servers automatically record standard log information when you access the Service. This is a standard practice for virtually all websites.

2.2 Analytics Services

We may use third-party analytics services to understand how visitors use the Service. See Section 5 (Third-Party Services) for details.

2.3 Cookies and Local Storage

We may use cookies or browser local storage to remember your preferences. See Section 6 (Cookies and Similar Technologies) for details.

2.4 Third-Party Resources

When you load the Service, your browser may request resources (such as fonts) from third-party servers. These third parties may collect information about your request. See Section 5 (Third-Party Services) for details.

2.5 Direct Communications

When you contact us directly (e.g., via email), we collect the information you provide in your communication.

3. How We Use Information

We use collected information for the following purposes:

We do NOT use your information for:

• Selling to third parties
• Targeted advertising based on personal profiles
• Building personal profiles for marketing
• Making automated decisions that affect you
• Any purpose not disclosed in this Privacy Policy

4. How We Share Information

We do not sell, rent, or trade your personal information.

We may share information in the following limited circumstances:

4.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, such as:

• Web hosting providers
• Analytics services
• Content delivery networks (CDNs)

These providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Privacy Policy.

4.2 Legal Requirements

We may disclose information if required to do so by law or in response to:

• A valid subpoena, court order, or legal process
• A request from law enforcement or government authorities
• Protection of our legal rights, safety, or property
• Protection of the rights, safety, or property of others
• Investigation of suspected fraud or illegal activity

4.3 Business Transfers

If NextMetro is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via prominent notice on the Service of any change in ownership or uses of your information.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

4.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may share statistics about overall Service usage.

5. Third-Party Services

The Service uses the following third-party services that may collect information about you:

5.1 Hosting Provider

What it is: NextMetro is hosted by Cloudflare.

What they collect: Standard server logs including IP addresses, request data, and timestamps.

Their use: Providing hosting services, security, and abuse prevention.

More information: See Cloudflare's Privacy Policy.

5.2 Essential Analytics (Always Active)

What it is: NextMetro uses a privacy-focused, cookie-free analytics service to understand how visitors use the Service. This service loads on every page without requiring consent.

What it collects: Aggregate, non-personal data including:

• Page views and referring URLs
• Browser and device type
• Country of origin (derived from IP address)

What it does NOT collect:

• Personal information or IP addresses
• Cookies or persistent identifiers
• Cross-site tracking data

Compliance: This analytics service is GDPR, CCPA, and PECR compliant. It does not require a cookie consent banner because it does not use cookies or collect personal data.

5.3 Enhanced Analytics (Consent Required)

What it is: NextMetro uses an optional enhanced analytics service to understand how visitors navigate the site in more detail. This service only loads after you explicitly consent by clicking “Accept” on the cookie consent banner.

What it collects (only after consent):

• Page views and navigation paths
• Browser, device, and operating system information
• Session data (pages visited in a single session, time on page)
• Click and interaction events
• Country and region (derived from IP address)

Cookies set (only after consent):

• Analytics session and device identifiers

Your control:

• You may decline analytics cookies when the consent banner appears
• You may change your preference at any time via the “Cookie Preferences” link in the site footer
• If your browser sends a Global Privacy Control (GPC) signal, enhanced analytics are never loaded and no consent banner is shown
• You may also block cookies through your browser settings

If you decline or revoke consent: No enhanced analytics cookies are set, no session or event data is collected by this service, and any previously set cookies are cleared.

5.4 WMATA API

What it is: Transit data displayed in NextMetro is fetched from WMATA's public API.

Data flow: NextMetro's servers request data from WMATA's servers. Your personal information is NOT transmitted to WMATA through your use of NextMetro. WMATA does not receive your IP address or any identifying information from NextMetro.

6. Cookies and Similar Technologies

6.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and provide information to website operators.

6.2 How We Use Cookies

NextMetro may use the following types of cookies:

6.3 Local Storage

We use browser local storage to save your preferences (such as favorite stations or display settings). This data is stored only on your device and is not transmitted to our servers unless necessary for functionality.

We also store your cookie consent preference (nm-consent) in local storage so we can remember your choice across visits without setting an additional cookie.

6.4 Managing Cookies

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Settings → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Cookies and Site Permissions

Note that disabling cookies may affect the functionality of the Service.

6.5 Third-Party Cookies

Third-party services we use may set their own cookies. We do not control these cookies. Please refer to the respective third-party privacy policies for more information. Note that our essential analytics service does not use cookies. Our enhanced analytics service sets cookies only after you consent.

7. Data Retention

We retain information only as long as necessary for the purposes described in this Privacy Policy:

We may retain certain information longer if required by law or to protect our legal rights.

8. Data Security

We implement reasonable technical and organizational measures to protect information from unauthorized access, loss, misuse, or alteration.

Security measures include:

• HTTPS encryption for all data transmission
• Regular software updates and security patches
• Limited access to systems containing personal data
• Secure hosting infrastructure

However: No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

You are responsible for maintaining the security of your own devices and internet connection.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

To exercise these rights, please contact us at contact@nextmetro.live.

We will respond to your request within the timeframe required by applicable law (typically 30–45 days). We may ask you to verify your identity before processing your request.

Note: Given that NextMetro collects minimal personally identifiable information (primarily IP addresses in server logs), we may not be able to locate or identify specific information associated with you. In such cases, we will explain this in our response.

10. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Your Rights

• Right to Know: You can request what personal information we collect, use, disclose, and sell.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: You can opt out of the “sale” of your personal information. NextMetro does not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: If we collected sensitive personal information, you could limit its use. NextMetro does not collect sensitive personal information.

10.2 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

10.3 We Do Not Sell Personal Information

NextMetro does not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months.

10.4 We Do Not Share Personal Information for Cross-Context Behavioral Advertising

NextMetro does not share personal information for cross-context behavioral advertising.

10.5 Do Not Sell or Share My Personal Information

NextMetro does not sell or share your personal information. However, in compliance with the CCPA, we provide a “Do Not Sell or Share My Personal Information” link in the footer of every page. Clicking this link opens the Cookie Preferences panel, where you can opt out of enhanced analytics at any time.

If your browser sends a Global Privacy Control (GPC) signal, this is treated as a valid opt-out request under the CCPA.

10.6 Exercising Your Rights

To exercise your CCPA rights, please contact us at:

Email: contact@nextmetro.live

You may designate an authorized agent to make a request on your behalf. We may require verification of your identity and authorization.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent laws.

11.1 Legal Basis for Processing

We process personal data based on the following legal bases:

11.2 Your Rights Under GDPR

• Right of Access (Article 15)
• Right to Rectification (Article 16)
• Right to Erasure (Article 17)
• Right to Restriction of Processing (Article 18)
• Right to Data Portability (Article 20)
• Right to Object (Article 21)
• Rights Related to Automated Decision-Making (Article 22) — We do not engage in automated decision-making.

11.3 Data Controller

NextMetro is the data controller for personal data collected through the Service.

Contact: contact@nextmetro.live

11.4 Supervisory Authority

If you believe we have violated your privacy rights, you have the right to lodge a complaint with a supervisory authority in your country of residence.

11.5 International Transfers

If you are in the EEA and we transfer your data outside the EEA, we will ensure appropriate safeguards are in place. See Section 13 (International Data Transfers).

12. Children's Privacy

12.1 Age Restriction

NextMetro is not directed to children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under 13.

12.2 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@nextmetro.live. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.

12.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). We do not:

• Knowingly collect personal information from children under 13
• Condition a child's participation on providing more information than necessary
• Share children's personal information with third parties for marketing

13. International Data Transfers

13.1 Data Location

NextMetro is operated in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

13.2 Safeguards

Data protection laws in the United States may differ from those in your country. By using the Service, you consent to the transfer of your information to the United States.

For users in the European Economic Area, United Kingdom, or Switzerland: If we transfer personal data outside these regions, we will ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Transfers to countries with adequate data protection laws
• Other lawful transfer mechanisms

13.3 EU-U.S. Data Privacy Framework

We do not currently participate in the EU-U.S. Data Privacy Framework. We rely on standard contractual clauses and consent for international transfers.

14. Do Not Track and Global Privacy Control

Global Privacy Control (GPC): NextMetro respects the Global Privacy Control signal. If your browser sends a GPC signal (Sec-GPC: 1 or navigator.globalPrivacyControl), we treat this as an opt-out of enhanced analytics. No consent banner is shown, no analytics cookies are set, and the enhanced analytics service is never loaded.

Do Not Track (DNT): NextMetro also honors the DNT signal. If your browser sends a DNT signal, enhanced analytics are not loaded.

You may also control tracking through:

• The cookie consent banner (decline when prompted)
• The “Cookie Preferences” link in the site footer (change your choice at any time)
• Browser privacy settings
• Browser extensions that block trackers

15. Links to Other Websites

The Service may contain links to third-party websites, including:

• WMATA's official website (wmata.com)
• Third-party transit resources
• External reference materials

These third-party websites have their own privacy policies, and we have no control over their content or practices. We are not responsible for the privacy practices of third-party websites.

We encourage you to review the privacy policies of any third-party websites you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted on this page with an updated “Last Updated” date.

For material changes, we will:

• Post a prominent notice on the Service
• Update the “Last Updated” date at the top of this policy
• If required by law, seek your consent before applying changes to previously collected data

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: contact@nextmetro.live

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

Summary: What We Collect and Why

Summary: Your Rights