Privacy

What we process, why, for how long — and your rights.

Last updated:

Data controller

Data controller: Vladyslav Cherkasov, publishing this site in a personal capacity. Contact: vladkomudrich@gmail.com.

Contact for any question about your data: vladkomudrich@gmail.com

What we process

  • An anonymous device identifier (the cp_device cookie) — it lets you save places, like, and subscribe to alerts without creating an account. It contains no direct personal data.
  • Your email, if you create an account (Google sign-in or a code by email, via Supabase) or if you subscribe to alerts.
  • How you use the service — saved places, check-ins (presence only), alert subscriptions, linked to your device or your account.
  • Content you publish — comments, chat messages, votes, reports.

We collect nothing else. No advertising profile, no selling of data.

Geolocation: never stored

Check-in uses your position only with your explicit consent, which you can withdraw at any time in the settings. The position is verified once, server-side (are you within 150 m of the place?) and then immediately discarded: we never store your position — only the fact that you are there.

Presence counters are always aggregated: no one can see an individual's position, and small numbers are shown as “a few people”.

Why (purposes and legal bases)

  • Consent — use of geolocation for check-in; sending alert emails (double confirmation — see below).
  • Legitimate interest — running the features you use (saved list, likes, counters), preventing abuse (rate limiting, anti-bot), and keeping the service secure.

For how long (retention)

  • Data linked to your device or account — until you delete it (see “Your rights”).
  • Chat messages — automatically deleted after 24 hours.
  • Comments — for as long as they remain relevant to the place.
  • Alert subscriptions — until you unsubscribe (link in every email) or delete your data.
  • Technical logs — limited duration (at most 6 to 12 months).

Who processes data for us (processors)

  • Vercel — application hosting.
  • Supabase — database and authentication, hosted in the European Union (Paris region, eu-west-3).
  • Upstash — buffering layer (counters, rate limiting).
  • Resend — sending alert and confirmation emails.
  • Cloudflare — anti-bot check (Turnstile) on the venue-owner form; the challenge is processed by Cloudflare.
  • PostHog — cookieless audience measurement, hosted in the European Union.

The database is hosted in the European Union.

Alert emails: double confirmation

An alert subscription only becomes active after you click a confirmation link in a first email (double opt-in). Every email we send contains an unsubscribe link.

Cookieless statistics

Audience measurement uses PostHog (hosted in the European Union) in cookieless mode: nothing is written to your device, visits are not linked to each other, and there is no cross-site tracking. We set no advertising or tracking cookies. Details: cookies and storage.

Your rights

You have the rights of access, rectification, erasure, restriction, and objection, and the right to withdraw consent at any time.

  • One-click deletion — the “Delete my data” button (in My list and in the settings) erases everything linked to your device or account.
  • By email — for any other request, write to us (address at the top of this page).
  • Complaint — you can lodge a complaint with the CNIL (cnil.fr) if you believe your rights are not being respected.