Privacy Policy
This page describes what data Mapper handles and how. We aim to keep this short and honest.
What we don't do
Mapper has no user accounts, no passwords, and no personal profile that we store. We don't track your identity. We don't sell or share data with advertisers. We don't use behavioural advertising or cross-site tracking.
What's stored on our servers
Search preferences in the URL. Your slider levels are
encoded in the page URL (e.g. ?lvl_parks=2) so the page is
shareable and the back button works. They are not associated with any
identity. Standard server access logs may record the request URL, your
IP address, and a timestamp; these are kept only for operational
diagnostics and rotated regularly.
CSRF and session cookies. Django sets a short-lived cookie to protect form submissions against cross-site request forgery. A session cookie may also be set. Both are first-party, contain no personal data, and exist only to make the site work safely.
Third-party services we call
Mapper sends requests to a few external services in your browser or on your behalf. Each has its own privacy policy:
- OpenStreetMap tile servers — your browser fetches map tiles directly from openstreetmap.org. Their server logs may include your IP and the tile URL.
- Nominatim (OpenStreetMap's geocoding service) — when you click a hex, our server makes a single request to Nominatim to translate the coordinates into a street name. The lookup is cached on our side so repeat clicks don't re-query.
- jsDelivr / unpkg CDNs — Bootstrap, Leaflet, and HTMX are loaded from their respective CDNs.
Your rights under GDPR
Because Mapper does not store personal data tied to your identity, most data-subject rights (access, deletion, portability) don't have meaningful records to act on. If you believe we hold personal data about you and want it removed, contact oro.casanova@gmail.com and we will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In Germany, the Berlin Commissioner for Data Protection and Freedom of Information is the relevant authority for our operations: datenschutz-berlin.de.
Changes to this policy
We may update this page when the service changes — for example, if we add a feature that needs new data. The version date below tracks the most recent revision.