Privacy Policy

Introduction

This Privacy Policy describes how Crown Lake Aquapark ("we," "us," "our") collects, uses, shares, and protects your personal information when you visit our facility, use our website, book activities, or otherwise interact with our services. By using our services, you agree to the practices described below.

Who We Are

Crown Lake Aquapark is operated as part of Horseshoe Bend / Crown Lake KOA.

Information We Collect

We collect the following types of information when you book activities, sign waivers, visit our facility, or use our website:

Contact information

• Name
• Email address
• Phone number

Identification

• Date of birth (for age-based activity eligibility and safety equipment sizing)
• Gender, where required by activity safety protocols

Address

For waivers, refund records, and legal requirements.

Emergency contact

Name and phone number of a person we can reach in case of an on-site incident.

Booking information

Activities booked, session dates and times, and group composition.

Payment information

Payment card details are processed securely by Stripe. Crown Lake Aquapark does not store full card numbers on our systems.

Waiver signatures

Acceptance of safety rules and liability terms.

Visit history

Check-in times, sessions attended, and on-site purchases.

Website and device information

IP address, device type, browser information, pages visited, referring sources, and interaction patterns. Collected through cookies and similar technologies (see Cookies & Tracking below).

How We Use Your Information

• Provide services — process bookings, manage check-ins, fulfill reservations, and operate the aqua park.
• Support safety & legal compliance — verify age requirements, manage waivers, and maintain incident records.
• Communicate with you — send booking confirmations, reminders, receipts, and operational updates.
• Improve services — analyze how guests use our facility and website.
• Send marketing — share promotions and updates by email or SMS, where you've consented.
• Measure advertising performance — understand which campaigns lead to bookings.

Legal basis for processing (EU/UK visitors)

Where GDPR applies, we rely on: contract performance, legal obligation, consent (marketing and non-essential cookies), and our legitimate interests (improving and securing the service).

Booking Platform

We use Wakesys as our booking and management platform. When you create an account or make a booking, your information is stored in Wakesys, which acts as a data processor on our behalf.

A Wakesys account may also be usable at other facilities running the same platform; however, those facilities cannot access your information unless you make a booking with them directly. See the Wakesys Privacy Policy for more.

Refunds & Credits

Cancellations made 24 hours or more before your session start time are refundable, minus a 25% processing fee. All refunds are issued as credit to your prepaid account on file — credits do not expire and can be applied to any future booking. Refunds are not returned to the original payment method.

Cancellations within 24 hours are non-refundable. No-shows forfeit the session with no refund or credit. Specific party and buyout deposit terms are noted in your booking confirmation; the $150-or-50% deposit becomes non-refundable within 14 days of the event.

Refund-related data (transaction history, credit balances) is retained for legal and accounting purposes (see Data Retention below).

Who We Share Information With

• Wakesys — booking and operations platform (data processor)
• Stripe — payment processing
• Email and SMS service providers — for confirmations and guest communications
• Marketing and analytics platforms — Meta, Google, and TikTok, for ad performance and conversion tracking
• Government and legal authorities — when required by law, court order, or to protect rights, safety, and property

Hashed advertising data

When you complete a booking, certain information may be shared with advertising platforms in hashed form for conversion measurement. "Hashed" means the data is converted into an irreversible code before sharing — it cannot be reversed back to your original information.

Opt-out

To opt out of advertising-related data sharing, email [email protected] with the subject line "Opt Out of Advertising."

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to make the site work, remember your preferences, analyze website usage (Google Analytics), and measure advertising effectiveness (Meta, Google, TikTok pixels where applicable). You can control cookies through your browser settings.

Do Not Track

Our website does not currently respond to Do Not Track (DNT) browser signals.

SMS and Email Marketing

We may send marketing messages by email or SMS where you've opted in. You can unsubscribe from email at any time, opt out of SMS by replying STOP, or email [email protected] to be removed from all marketing. Operational messages (booking confirmations, schedule changes, safety notices) are not marketing and are sent regardless of marketing preferences.

Data Retention

• Account information — until deletion is requested
• Prepaid account credit balances — until used or account closure is requested
• Waivers — retained indefinitely for legal protection
• Financial records — retained for the legally required period, typically 7 to 10 years
• Visit history — retained for safety and legal recordkeeping

Your Rights

Depending on where you live, you may have the right to access, correct, delete, port, object to, or restrict the processing of your personal information. To exercise any right, email [email protected].

California residents (CCPA / CPRA)

California residents have additional rights including the right to know, the right to delete, and the right to opt out of the "sale" or "sharing" of personal information. While we do not "sell" personal information in the conventional sense, our sharing of hashed data with advertising platforms may qualify as "sharing" under CPRA. To opt out, email [email protected].

Children's Privacy

Bookings must be made by someone 18 years of age or older. Children may be added to a booking by a parent or guardian, who provides their information and accepts responsibility for them.

In compliance with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information directly from children under 13 through our website.

Security

We use industry-standard security measures including HTTPS/TLS encryption for data in transit, secure payment processing through Stripe, access controls on our internal systems, and regular security reviews. No system is 100% secure. If we become aware of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

Third-Party Links

Our website may contain links to third-party sites and services (Wakesys, Stripe, social media). We are not responsible for the privacy practices of those sites.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email (where you've provided one) or through a notice on our website.

Contact Us