Privacy policy

Plain-language summary: we don't sell your data, we don't run ads, we don't have user accounts, and the only personal data that ever touches our servers is whatever you actively type into a review or photo you upload — plus anonymous, cookieless analytics about which pages get visited.

This page is the long version, written so it's understandable rather than legalistic. If anything is unclear, get in touch via our GitHub.

Last updated: 2026-04-27.

Who runs this site

Public Toilet Finder is a free, signup-free map operated by Quantum Possibilities, a small software and 3D-printing studio. We are the data controller for the personal data described below.

What runs in your browser only

The following data stays in your browser and is never sent to our servers:

• Your precise GPS location — used to centre the map and compute distances. We never receive these coordinates.
• Your last map view, theme, language, and the name you optionally save when leaving a review — stored in your browser's localStorage so the next visit feels familiar.
• Cached toilet data — to avoid re-downloading the same data on every visit.

You can wipe all of this from your browser's site-data settings at any time without losing access to anything.

What we always collect

The following are loaded on every visit. They do not use cookies and do not personally identify you:

• Vercel Analytics — anonymous page-view counts and Web Vitals (load times, layout shifts). Vercel hashes your IP, drops the hash within minutes, and never stores anything that can identify you. Vercel privacy policy.
• Vercel Speed Insights — same model: anonymous performance metrics, no cookies, no PII.
• Standard server logs — IP and user agent for ~30 days, used only for spam / abuse defence. Hosted on Vercel.

Under the GDPR these qualify as legitimate-interest "audience measurement" because they're cookieless and anonymous. They cannot identify you, and you don't need to opt in to them.

What we collect only with your consent

If — and only if — you click Allow on the consent banner:

• Microsoft Clarity — records anonymised mouse movements, clicks, scrolls and a heatmap of every page you visit. Input fields (your name, your review text) are auto-masked client-side and never reach Microsoft. Used purely to find usability problems and fix them. Microsoft privacy statement.
• Hotjar (Contentsquare) — same kind of data as Clarity (mouse movements, clicks, scrolls, page heatmaps), captured by Contentsquare's behavioural-analytics tag. We run both because their analyses surface different patterns — there is no extra data collection beyond what Clarity already does. Same masking; same purpose. Hotjar privacy policy · Contentsquare privacy center.

You can withdraw this consent at any time from Settings → Privacy. Withdrawal stops new data being recorded immediately; previously recorded data is purged within each provider's retention window (Microsoft Clarity: up to 13 months; Hotjar: up to 12 months — see their policies).

What you actively share

If you submit a review, the following is stored in our Supabase database:

• Your chosen display name (free-text, no email or login required).
• Your 1–5 star score and review text.
• The toilet you reviewed and the timestamp.
• Photos if you choose to attach them. Photos are held in a private bucket as pending and only become public after a human reviewer approves them. EXIF GPS data is stripped client-side before upload.

Reviews are public. By submitting one you are publishing it.

Third parties we route requests through

Some features depend on third-party services. Each call sends only what's necessary for that lookup; none of them know who you are.

• Nominatim — when you search for a city or street name. Sees your search query and IP.
• Overpass API — when we fetch toilet locations for a country. Sees only a country code or bounding box.
• OSRM — when you tap "Take me there". Sees the start and end coordinates.
• ipapi.co — only if you decline the GPS prompt and we fall back to a country-level guess. Sees your IP. Coordinates are not stored on our side.
• CARTO — serves the map tiles you see on screen. Sees your IP and which tiles you load.
• Supabase — stores the reviews and review photos described above. Hosted in the EU.

Where data is processed

Our hosting is on Vercel. Reviews and review photos live on Supabase (EU region). Microsoft Clarity processes data in Microsoft's global cloud; Hotjar / Contentsquare process data in their EU and US infrastructure. Both Microsoft and Contentsquare commit to GDPR via Standard Contractual Clauses for any transfers outside the EU.

Your rights

If you are in the EU/EEA, the UK, or another jurisdiction with similar laws (Switzerland, Brazil, California, etc.), you have the right to:

• Access the personal data we hold about you.
• Correct data that is wrong.
• Delete your data ("right to be forgotten"). For reviews this means we delete the review row and any associated photos.
• Withdraw consent for Clarity at any time from Settings → Privacy.
• Object to processing or port your data to another service.
• Lodge a complaint with your local data-protection authority — for Slovenia that's Informacijski pooblaščenec.

To exercise any of these, open an issue on our GitHub with enough information for us to find your data (e.g. the display name and approximate timestamp of the review you want removed) and we'll act within 30 days.

Children

The site is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has submitted a review, tell us and we'll delete it.

Changes

If we ever add new tracking or data-collection, the consent banner will reappear and you can opt in or out again. Material changes are reflected in the "Last updated" date at the top of this page.