Privacy, in plain English.

Summary

No tracking cookies, no analytics, no trackers, no data sale. The only cookies set are the strictly necessary ones any web framework issues for form security and session integrity (detailed below). The site is static-feeling by design: you read it, you leave, no strings.

What we collect

The absolute minimum needed to run a public website:

• Standard HTTP server logs (your IP, the URL you visited, timestamp, user agent), kept for up to 30 days for security and troubleshooting, then rotated out.
• Strictly necessary cookies only — a CSRF token and a session cookie issued by Laravel for form security (e.g. the contact form). They expire after 2 hours, are not used for tracking, and are not shared with third parties. No consent banner is required by the ePrivacy Directive for these.
• No third-party analytics, no advertising pixels, no fingerprinting.

Third parties

Three services are involved when you view a page:

• Cloudflare — CDN + TLS termination. Cloudflare may log requests per their own policy.
• CARTO / OpenStreetMap — The interactive map loads tiles from CARTO (on OpenStreetMap data). Your IP is visible to them while the map is open.
• Google Gemini — We call Google Gemini server-side to generate route narratives in batches. Your request is not sent to Gemini — only the route metadata we already store is.

Your rights under GDPR

EU visitors have the right to access, correct, or delete any personal data we hold about them. Since we don't hold personal data beyond short-retention server logs, requests usually resolve in "we don't have anything to delete". Send access or deletion requests to the contact email below.

Contact

Questions about this policy? Email [email protected].