Privacy
What we process, why, for how long — and your rights.
Last updated:
Data controller
Data controller: Vladyslav Cherkasov, publishing this site in a personal capacity. Contact: vladkomudrich@gmail.com.
Contact for any question about your data: vladkomudrich@gmail.com
What we process
- An anonymous device identifier (the
cp_devicecookie) — it lets you save places, like, and subscribe to alerts without creating an account. It contains no direct personal data. - Your email, if you create an account (Google sign-in or a code by email, via Supabase) or if you subscribe to alerts.
- How you use the service — saved places, check-ins (presence only), alert subscriptions, linked to your device or your account.
- Content you publish — comments, chat messages, votes, reports.
We collect nothing else. No advertising profile, no selling of data.
Geolocation: never stored
Check-in uses your position only with your explicit consent, which you can withdraw at any time in the settings. The position is verified once, server-side (are you within 150 m of the place?) and then immediately discarded: we never store your position — only the fact that you are there.
Presence counters are always aggregated: no one can see an individual's position, and small numbers are shown as “a few people”.
Why (purposes and legal bases)
- Consent — use of geolocation for check-in; sending alert emails (double confirmation — see below).
- Legitimate interest — running the features you use (saved list, likes, counters), preventing abuse (rate limiting, anti-bot), and keeping the service secure.
For how long (retention)
- Data linked to your device or account — until you delete it (see “Your rights”).
- Chat messages — automatically deleted after 24 hours.
- Comments — for as long as they remain relevant to the place.
- Alert subscriptions — until you unsubscribe (link in every email) or delete your data.
- Technical logs — limited duration (at most 6 to 12 months).
Who processes data for us (processors)
- Vercel — application hosting.
- Supabase — database and authentication, hosted in the European Union (Paris region, eu-west-3).
- Upstash — buffering layer (counters, rate limiting).
- Resend — sending alert and confirmation emails.
- Cloudflare — anti-bot check (Turnstile) on the venue-owner form; the challenge is processed by Cloudflare.
- PostHog — cookieless audience measurement, hosted in the European Union.
The database is hosted in the European Union.
Alert emails: double confirmation
An alert subscription only becomes active after you click a confirmation link in a first email (double opt-in). Every email we send contains an unsubscribe link.
Cookieless statistics
Audience measurement uses PostHog (hosted in the European Union) in cookieless mode: nothing is written to your device, visits are not linked to each other, and there is no cross-site tracking. We set no advertising or tracking cookies. Details: cookies and storage.
Your rights
You have the rights of access, rectification, erasure, restriction, and objection, and the right to withdraw consent at any time.
- One-click deletion — the “Delete my data” button (in My list and in the settings) erases everything linked to your device or account.
- By email — for any other request, write to us (address at the top of this page).
- Complaint — you can lodge a complaint with the CNIL (cnil.fr) if you believe your rights are not being respected.