CampWild Privacy Policy
Last updated: 20 June 2026
This Privacy Policy explains what personal data CampWild (the "Service") collects about you, why we collect it, who we share it with, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws in the EEA, the United Kingdom and Switzerland. It reflects what the Service actually stores and processes.
CONTENTS
- Who is responsible for your data
- What data we collect
- How and why we use it (and our legal bases)
- Cookies and local storage
- Third parties and international transfers
- Data retention and account deletion
- Your rights
- Children
- Security
- Changes to this policy
- Contact
1. WHO IS RESPONSIBLE FOR YOUR DATA
The Service is operated by Alexey Ulyanov as an individual data controller ("we", "us"). You can reach us about any privacy matter at support@campwild.org.
2. WHAT DATA WE COLLECT
We collect only the data needed to run a community map of wild-camping spots. Specifically:
-
Account data. When you sign in with Google, we receive and store your email address, your name, and your Google profile picture URL, and we create a username. You can optionally add or change your first and last name, preferred language, and a separate email address for notifications in your profile. We also store your notification preferences. We do not store your Google password; passwords are only used on local development installations of the Service.
-
Content you contribute. Camping spots you add or edit (name, free-text description and the map coordinates), photos you upload, comments and ratings, check-ins, and the spots you save to your favourites. Each contribution is stored together with your account and a timestamp. Edits to a spot's name and description are kept as a history so changes can be reviewed.
-
Photo metadata. Photos may contain embedded metadata, including the location where the photo was taken. We read location metadata to help you position a spot on the map. Please remove metadata before uploading if you do not want to share it.
-
Reports and feedback. If you report a spot, comment or photo, or send us feedback, we store your account, the reason, any text you provide, and a timestamp.
-
Activity. We record actions you take on the Service — such as viewing, adding, updating, verifying, reporting or deleting a spot, and acknowledging announcements — together with the date and time, so we can show your activity history and operate moderation features.
What we do not collect: we do not store your IP address in our database, and we do not use advertising or cross-site tracking cookies.
3. HOW AND WHY WE USE IT (AND OUR LEGAL BASES)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Creating and operating your account; signing you in with Google. | Performance of a contract — Art. 6(1)(b). |
| Publishing your contributions (spots, photos, comments, ratings, username, profile photo) on the public map, and running the community map itself. | Performance of a contract and our legitimate interest in providing a useful community map — Art. 6(1)(b) and 6(1)(f). |
| Sending you service emails you can switch off (a welcome email, and notices when your spot is approved or a photo is added to it). | Legitimate interest, subject to your preferences — Art. 6(1)(f). You can disable these in your profile. |
| Moderation, verifying spots, handling reports, preventing abuse, and keeping the Service secure. | Legitimate interest — Art. 6(1)(f). |
| Translating spot names, descriptions and comments on request. | Legitimate interest in a multilingual map — Art. 6(1)(f). |
| Understanding overall usage through privacy-friendly, cookieless analytics. | Legitimate interest — Art. 6(1)(f). |
| Complying with legal obligations and responding to lawful requests. | Legal obligation — Art. 6(1)(c). |
Your contributions are intended for public display. Other users can see your username, profile photo, and the spots, photos, comments and ratings you post. We do not carry out any automated decision-making that produces legal or similarly significant effects on you.
4. COOKIES AND LOCAL STORAGE
We use only what is needed to make the Service work. We do not use advertising or tracking cookies.
| Name | Type | Purpose |
|---|---|---|
sessionid | Cookie | Keeps you signed in. |
csrftoken | Cookie | Protects forms against cross-site request forgery. |
| Map view | Browser local storage | Remembers your last map position and zoom on your device. |
| Announcement dismissals | Browser local storage | Remembers which announcements you have dismissed on your device. |
Our analytics (see below) run without cookies. You can clear cookies and local storage in your browser settings, though doing so may sign you out or reset your map view.
5. THIRD PARTIES AND INTERNATIONAL TRANSFERS
We do not sell your personal data. We share it only with the service providers (processors) that help us run the Service, and with authorities where legally required. Some of these providers process data outside the EEA; where they do, we rely on the EU–U.S. Data Privacy Framework and/or the European Commission’s Standard Contractual Clauses as the transfer safeguard.
| Provider | What they process | Location |
|---|---|---|
| Google (Sign-in & Maps) | Authenticates your sign-in and returns your email, name and profile picture; place coordinates are sent to Google to look up the country of a spot. | EU / United States |
| Amazon Web Services – S3 | Stores uploaded photos and encrypted database backups. | EU (Ireland, eu-west-1) |
| Amazon Web Services – SES | Delivers our emails; processes recipient address and message content. | United States (us-east-1) |
| Microsoft Azure Translator | Translates spot names, descriptions and comments you ask to translate. The text is sent without your identity. | EU (Northern Europe) |
| Umami Analytics (self-hosted) | Cookieless, aggregate usage statistics. Does not collect personal profiles or set cookies. | EU |
| OpenStreetMap | Map tiles load directly in your browser, so OpenStreetMap receives your IP address and request information as part of serving the map. | EU |
We may disclose information where we reasonably believe it is necessary to comply with the law or a lawful request, to enforce our terms, or to protect the rights, safety and property of our users or the public. If you report content, we may share the substance of your report with our moderation team so it can be handled.
6. DATA RETENTION AND ACCOUNT DELETION
We keep your account data for as long as your account is active. You can ask us to delete your account at any time by emailing support@campwild.org. On deletion we remove or anonymise your account data within 30 days, and we dissociate your public contributions from your profile. We may retain some information where we have a legal obligation to do so, or to resolve disputes, prevent abuse and protect the integrity of the map. Encrypted database backups are rotated and overwritten on a rolling basis. Translations are cached without any link to your identity.
7. YOUR RIGHTS
If you are in the EEA, the United Kingdom or Switzerland, you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to our processing of your data;
- receive your data in a portable format; and
- withdraw any consent you have given, without affecting processing already carried out.
You can view and change much of your profile information directly in the Service, and switch off optional emails using the notification settings in your profile. To exercise any other right, email support@campwild.org. We will confirm your identity before acting and respond within 30 days, or as the law requires.
You also have the right to lodge a complaint with a data protection supervisory authority — for example, the Swedish Authority for Privacy Protection (IMY) in Sweden, or your competent state data protection authority in Germany, or the authority where you live or work.
8. CHILDREN
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.
9. SECURITY
We use technical and organisational safeguards to protect your data in transit and at rest, including encrypted connections, access controls and encrypted backups. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. The current version always lives at this page. If we make material changes, we will post a notice on the Service and, where appropriate, notify you by email before they take effect.
11. CONTACT
For any question about this policy or your personal data, contact us at support@campwild.org.