Privacy.

1. What we collect

1.1 On the website (saunasto.com)

For every request to the website, the Cloudflare edge that serves your traffic — and a small Cloudflare Pages Function that we operate — record the following:

• IP address of the requesting client.
• User-Agent string.
• Requested URL path (and any query string).
• Cloudflare-derived metadata: country, autonomous-system number, edge data center, TLS version + cipher, and verified-bot category if applicable.
• Referrer header, if your browser provided one.
• Timestamp.

This data is written to a Cloudflare D1 database we operate. We use it for security forensics (catching scrapers and vulnerability scanners), citation verification (proving an AI agent fetched a specific manifest), and aggregate analytics. We retain it for 90 days, then a scheduled job deletes it.

We do not use cookies, browser fingerprints, or third-party trackers. We do not run Google Analytics, Facebook Pixel, or any advertising-network code.

1.2 In the iOS app (Saunasto for iPhone)

The iOS app is offline-first. The full venue catalogue ships on device; basic browsing requires no server round-trip and no data leaves your phone.

Optional features that do connect to a server:

• Voting (when you sign in): Supabase stores your email + your venue picks. RLS policies ensure no one else can read them.
• Closure reports: when you flag a venue as closed, we receive its venue id and a SHA-256 hash of your device's identifierForVendor (stable per device, not personally identifying).
• Anonymous app analytics: aggregate event counts (e.g., "paywall viewed", "filter toggled") with no personal identifiers attached.
• Proximity alerts (Pro): location processing happens entirely on device. Your coordinates never leave your phone.

2. What we don't collect

• No tracking pixels.
• No third-party advertising IDs.
• No selling, renting, or sharing data with marketers.
• No combining your data with profiles obtained from data brokers.

3. Your rights

You can request deletion of any data we hold about you by emailing [email protected]. Visit logs older than 90 days are deleted automatically; we will purge specific recent entries on request.

4. Contact

Questions: [email protected]. Press: [email protected].

5. Changes

We will keep this page in sync with what we actually do. The effective date at the top reflects the last material change.