Privacy

Privacy Policy

thetrail.guide — last updated: 14 July 2026

The short version: we don't track you. There are no analytics, no advertising identifiers, no accounts and no tracking cookies. The only personal data we deliberately keep is the feedback you choose to send us.

Who we are

The Trail Guide is an independent, non-commercial trail-conditions service run by a single operator based in Zürich, Switzerland. Contact: [email protected]

What data we collect and why

1. Visitor IP address

What: Your IP address is processed on every page load.

Why: Cloudflare (proxy, WAF, Bot Fight Mode) uses it to route traffic, block malicious requests, and enforce rate limits. Our own rate limiter on the backend also processes it temporarily to prevent API abuse.

Storage: Our web server writes a standard access-log entry for every request. Each entry contains your IP address, the time, and the URL requested — including its query parameters, which for map requests describe the area of the map you were viewing. These logs are held on our own server in Switzerland, kept for a maximum of 30 days, and then automatically discarded. They are used only for debugging and investigating abuse; they are never used to build a profile of you and are never shared. Cloudflare separately retains its own logs under its policy (see the processor table below).

Legal basis: Legitimate interest — protecting service availability and security (Swiss FADP Art. 31; GDPR Art. 6(1)(f)).

2. Feedback (rating + free text)

What: If you submit feedback, we store your star rating, your free-text message, the page you were on, and your browser user-agent string. We do not ask for your name or email — but if you type them into the text box we will hold them until the record is deleted.

Why: To understand trail-report quality and improve the service.

Storage: Stored in our database on a self-hosted mini-PC in Switzerland. The same message is also emailed to [email protected] via PrivateEmail's SMTP servers.

Retention: Records are reviewed periodically and deleted when no longer needed. If you want a specific record deleted, email us with the approximate date and content and we will remove it within 30 days.

Legal basis: Legitimate interest (Swiss FADP Art. 31; GDPR Art. 6(1)(f)).

3. Map tiles and imagery

What: When the map loads in your browser, your browser makes direct requests to CARTO (basemap) and Esri (imagery). Those providers receive your IP address and the tile coordinates you are viewing (which reveals the approximate area of interest).

Why: We use their tile infrastructure to render the map — your browser fetches tiles directly; they do not pass through our server.

Storage: Not stored by us. See CARTO's and Esri's own privacy policies for their data handling.

Legal basis: Necessary for the service to function (Swiss FADP Art. 31; GDPR Art. 6(1)(b)).

4. GPX / TCX / FIT file uploads

What: If you use the "match my route" feature, your file is sent to our matching endpoint, parsed in memory, and matched against trail segments.

Why: To return a trail-matched version of your route.

Storage: Not stored. The file and its contents are discarded after the response is returned. No GPS traces, timestamps, or device identifiers are written to our database.

Legal basis: Necessary to perform the requested action (Swiss FADP Art. 31; GDPR Art. 6(1)(b)).

5. "Locate me" and nearby discovery (browser geolocation)

What: If you click the locate-me button, your browser requests your GPS position using the standard Web Geolocation API.

Why: To centre the map on your position, and — if you use the "what's good near me" discovery feature — to find trail areas around you.

Storage: Centring the map happens entirely inside your browser; your position is not sent anywhere. If you use near-me discovery, your position is rounded to roughly one kilometre before it leaves your device, so we never receive your precise location. We deliberately do not need it: the areas we rank are about 2.5 km across, so a finer position would tell us nothing useful. The rounded position is used to answer that single request and is never written to our database, though — like any request — it does appear in our access logs for their 30-day life (see §1). The Switzerland-wide discovery view sends no position at all.

Legal basis: Consent — you explicitly grant permission in your browser.

6. Donations (Ko-fi)

What: If you donate, you are redirected to Ko-fi. Payment and personal data are handled entirely by Ko-fi.

Why: To support running costs.

Storage: We receive a notification email from Ko-fi confirming a donation was made. We do not receive or store your payment details.

Legal basis: Contractual necessity for the Ko-fi transaction (GDPR Art. 6(1)(b)); Ko-fi's own privacy policy governs their processing.

7. Local browser storage

What: We set two items in your browser's localStorage: a flag recording that you acknowledged the site disclaimer, and a testing-environment access token if you are using it.

Why: To avoid showing the disclaimer on every visit and to gate test features.

Storage: Stored only in your own browser. We never read these values server-side.

What we do not collect

Third-party data processors

ProcessorWhat they receiveTheir privacy policy
Cloudflare Your IP, request metadata cloudflare.com/privacypolicy
CARTO Your IP, map tile coordinates carto.com/privacy
Esri Your IP, imagery tile coordinates esri.com privacy statement
PrivateEmail (Namecheap) Feedback message content, your browser user-agent namecheap.com privacy policy
Ko-fi Donation payment details (we see only a confirmation) more.ko-fi.com/privacy-policy

Your rights

Under the Swiss FADP and, where applicable, the GDPR, you have the right to:

To exercise any right, email [email protected]. We will respond within 30 days.

Future features

GPS observations. A planned feature will allow users to submit trail observations that include a GPS position (device location at a specific trail, at a specific time). This is significantly more sensitive data. Before this feature ships, a separate consent notice will be added to the submission flow and this policy will be updated. It will not be activated silently.

Strava integration. A planned OAuth integration with Strava will require users to explicitly authorise access to their Strava data.

Changes to this policy

We will update the "last updated" date at the top when changes are made. For significant changes affecting how we process personal data, we will note the change in the site's changelog or release notes.

Contact

[email protected] — Zürich, Switzerland