Privacy Policy

Plotter is a personal, non-commercial web application for plotting and tracking incidents on a map. It is hosted on Vercel and operated by a private individual. There is no business entity behind this service.

If you have any privacy-related questions, contact us at the email address you used to sign up (or via GitHub issues if the repository is public).

Account data

• Email address (collected when you sign up or sign in with email/password)
• Google account identifier and email (if you use Google Sign-In)

Incident data you submit

• Title, description, category, and severity of incidents you report
• Geographic coordinates and optional address of incidents
• Timestamps of creation and last update
• Your user ID linked to incidents you report

Technical data

• Session tokens stored in browser cookies (managed by Supabase)
• Aggregated, anonymised page-view analytics via Vercel Analytics (no personal identifiers or cross-site tracking)

• To authenticate you and maintain your session
• To display incidents you and other users have submitted on the map
• To let you manage (update or delete) incidents you own
• To improve the service using aggregated, anonymous usage statistics

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Plotter relies on the following third-party services, each with their own privacy policy:

• Supabase (supabase.com) — authentication and database hosting. Your account credentials and incident data are stored on Supabase infrastructure, which is GDPR compliant. Supabase Privacy Policy
• Vercel (vercel.com) — application hosting and anonymous analytics. Vercel Privacy Policy
• Google — optional Google Sign-In. If you use this feature, Google shares your email and account ID with us under Google's OAuth terms. Google Privacy Policy
• OpenStreetMap — map tiles are loaded directly from OpenStreetMap tile servers. Your IP address may be visible to their tile CDN as part of loading the map. OSM Privacy Policy

We use the following browser storage:

• Authentication cookies — set by Supabase to maintain your login session. These are strictly necessary and cannot be disabled without logging you out.
• Theme preference — stored in localStorage to remember your light/dark mode choice. No personal data, no expiry.
• Vercel Analytics — uses privacy-preserving, cookie-free measurement. No persistent identifiers are set.

Your account and all incidents you have created are retained for as long as your account exists. You can delete individual incidents at any time from the app. To delete your account and all associated data, contact us and we will remove it within 30 days.

Incidents you create are visible to all users of the app, including unauthenticated visitors. Do not include sensitive personal information in incident titles, descriptions, or addresses.

All data is transmitted over HTTPS. Passwords are hashed by Supabase and never stored in plain text. Row Level Security (RLS) policies in the database ensure users can only modify their own incidents. We do not have access to your password.

Depending on where you are located, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict certain processing
• Data portability

To exercise any of these rights, contact us via the email on your account. We will respond within 30 days.

Plotter is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the service after changes are posted constitutes acceptance of the updated policy.