Data Privacy

Data Collection Summary

Data Type	Purpose	Retention	User Control
IP Address (Server Logs)	Server operations	14 days	None
IP Address (Web Stats)	Traffic analysis	Indefinite (anonymized)	N/A (anonymized)
User Agent (Server Logs)	Server operations	14 days	None
Usage Metrics (Incident Card Opens)	Understand feature usage	Indefinite (aggregated by hour)	None (no PII collected)
Welcome Acknowledgement	Consent tracking	Until cleared (or session-only)	Full control
Bookmarks	User convenience	Until cleared	Full control
Theme Preference	User convenience	Until cleared	Full control
Language Preference	User convenience	Until cleared	Full control
Read/Unread Status	UI state	Until cleared	Full control

What This Site Does Not Do

This site does not:

✗ Use third-party analytics services (no Google Analytics, Matomo, Plausible, Adobe Analytics, etc.)
✗ Set cookies (usage metrics do not use cookies)
✗ Track individual user behavior or sessions
✗ Create user profiles or fingerprints
✗ Share data with advertisers or third parties
✗ Implement cross-site tracking or remarketing
✗ Log IP addresses for analytics purposes (Apache logging is disabled for the metrics endpoint)

Note: Minimal, anonymous usage metrics are collected (see "Usage Metrics" section below) using self-hosted infrastructure. This differs from third-party analytics services.

User-Submitted Data

When a report is submitted to flag incorrect incident data:

Data Collected

Incident ID (which incident was flagged)
Description (explanation of the issue, max 500 characters)
Language (interface language when submitted)
Timestamp (automatic)

Server Logs

Apache Access Logs

Retention: 14 days (GDPR-compliant)

Purpose: Server operations, security monitoring, troubleshooting

Data Logged:

IP addresses
Request timestamps
HTTP methods and paths
Response status codes
User agent strings
Referrer headers

Automatic Deletion: Logs older than 14 days are automatically deleted via system log rotation.

Web Statistics

IP Anonymization: Strong anonymization (level 2)

Retention: Indefinite (anonymized data permitted under GDPR)

IP addresses are irreversibly anonymized before processing. Anonymized data is not considered personal data under GDPR and can be retained for operational insights.

Usage Metrics

What Is Tracked

Anonymous, aggregated metrics are collected about how users interact with the site to understand feature usage. These metrics are collected regardless of storage or maps preferences and do not require localStorage, sessionStorage, or third-party services.

Metrics Collected

Incident card opens: When an incident card is clicked to view details, an hourly counter is incremented
Welcome screen views: When the welcome screen is displayed, an hourly counter is incremented

What Is Not Collected

✗ IP addresses (Apache logging is disabled for the metrics endpoint)
✗ User agents or browser fingerprints
✗ Timestamps beyond hourly aggregation
✗ Individual incident IDs (which specific incidents were viewed is not recorded)
✗ Session tracking or user identification

How It Works

When an incident card is opened, the browser sends a single anonymous request. The server rounds the time to the nearest hour and increments a counter. No data is returned to the browser.

Example: If 100 people open incident cards between 2:00 PM and 2:59 PM, the stored data is simply "2 PM: 100 opens" with no information about who or which incidents.

GDPR Compliance

This data collection is considered GDPR-compliant because:

✓ No personally identifiable information (PII) is collected
✓ Data is aggregated by hour, making individual activity untraceable
✓ IP addresses are not logged for the metrics endpoint
✓ Anonymous statistical data is permitted under GDPR without consent

Opting Out

Since no PII is collected, there is no opt-out mechanism required under GDPR. Browser extensions that block network requests may prevent the metrics from being sent. The site functions normally regardless.

Data Retention

Usage metrics are retained indefinitely as they contain no personal data. This allows for understanding long-term usage patterns.

Local Storage (Browser)

Opt-In

Local storage is disabled by default. It must be explicitly enabled via the welcome screen or in the settings menu.

What Gets Stored (When Enabled)

Welcome Acknowledgement: Consent/acknowledgement of the welcome screen (stored permanently when "Enable Storage & Continue" is clicked)
Bookmarks: Incident IDs that have been bookmarked
Theme Preference: Dark/light mode selection
Language Preference: Interface language choice
Read/Unread Status: Identifiers for read/unread visual indicators (stored locally, never transmitted)
Custom Theme Colors: If using the random theme generator

Note: All localStorage data remains client-side only. Nothing is transmitted to the server.

Session-Only Option (sessionStorage)

If "Continue (Session Only)" is chosen on the welcome screen, the acknowledgement is stored in sessionStorage instead of localStorage. This means:

The welcome screen will not appear again during the current browser session
When the browser is closed, the session data is automatically cleared
The welcome screen will appear again on the next visit
No persistent storage is used

User Control

Can be disabled at any time via settings
All data is immediately purged when disabled
Can be cleared via browser settings

No Cookies

No cookies are set.

Third-Party Services

Note: Third-party services are loaded only if consent is given via the welcome screen or in the settings menu. The site can be used without maps functionality to avoid third-party data sharing.

unpkg.com CDN (Marker Clustering Library)

Purpose: Provides the marker clustering library for the map view

Data Transmitted:

IP address (automatic with all web requests)
User agent (automatic HTTP header)
Request timestamp

When Loaded: Only when consent is given to use the map feature (via welcome screen or settings)

Privacy Policy: unpkg.com (operated by Cloudflare)

Google Maps JavaScript API

Purpose: Interactive map view with incident markers

Data Transmitted:

IP address (automatic with all web requests)
User agent (automatic HTTP header)
Map interactions (zoom, pan, clicks)
Incident coordinates (for markers)

When Loaded: Only when consent is given to use the map feature (via welcome screen or settings)

Privacy Policy: Google Privacy Policy

User Consent Choices

On the welcome screen and in the settings menu, two toggles control data handling:

Enable Local Storage: When enabled, preferences (bookmarks, theme, language, viewed incidents) are saved in localStorage and persist across sessions. When disabled, preferences are stored in sessionStorage and cleared when the browser closes.
Enable Maps: When enabled, the map view loads Google Maps and the marker clustering library from unpkg.com. This shares the IP address with these third-party services. When disabled, no third-party services are loaded.

These settings can be changed at any time via the settings menu (gear icon).

Last Updated: January 30, 2026