Privacy Policy
Last updated: May 29, 2026 · Applies to wheretobike.ch
1. Who We Are
wheretobike.ch is a free service that shows real-time ski and mountain bike trail conditions for alpine locations in Italy and Switzerland. The service is operated independently and hosted on servers within the European Union (OVH, France).
Contact: info@wheretobike.ch
2. Data We Collect
2a. If you don't have an account
We collect no personal data. Map tiles are fetched from CARTO servers, which may log your IP address per their own policy. Weather data comes from Open-Meteo and involves no personal information.
2b. If you register an account
| Data | Why we collect it | Retention |
|---|---|---|
| Email address | Account identification, login, and email verification | Until account deleted |
| Display name (optional) | Shown in admin panel; not shared publicly | Until account deleted |
| Password hash | Authentication (Argon2id; we never store your actual password) | Until account deleted |
| Google account ID (if OAuth used) | Link your Google account to your profile | Until account deleted |
| Last login timestamp | Security monitoring | Until account deleted |
| IP hash (HMAC — not reversible) | Rate-limiting login attempts to prevent brute force | Purged periodically (rolling window) |
2c. Feedback reports
When you submit a "Report wrong data" form, we store the text you provide along with the location and timestamp. Reports are not linked to your user account and are visible only to site administrators.
3. Cookies
We use a single session cookie (WTBUSR) to keep you logged in. This cookie:
- Is only set after you sign in.
- Contains no personal data — only a session identifier.
- Expires when you sign out or after an idle period.
We set no advertising, analytics, or tracking cookies.
4. Third-Party Services
| Service | Purpose | Personal data shared |
|---|---|---|
| Open-Meteo | Weather data API | None |
| CARTO | Map tiles | Your IP address (per CARTO's policy) |
| OAuth login (optional) | Your Google profile if you choose "Sign in with Google" | |
| OVH | Hosting | Data stored on EU servers |
5. How We Use Your Data
- Authentication — to verify your identity at login.
- Email delivery — to send account verification and password reset emails.
- Rate limiting — to prevent automated abuse of the API and login system.
- Administration — to manage accounts and review feedback reports.
We do not use your data for advertising, profiling, or any automated decision-making.
6. Your Rights (GDPR / Swiss DSG)
If you are in the European Union or Switzerland, you have the right to:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your account and associated data.
- Restriction — ask us to pause processing your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing where we rely on legitimate interests.
To exercise any of these rights, email us at info@wheretobike.ch. We will respond within 30 days.
7. Data Security
We take reasonable technical measures to protect your data:
- Passwords are hashed using Argon2id (or bcrypt as fallback) — we cannot recover your plain-text password.
- Email verification tokens are stored as SHA-256 hashes; only you receive the raw token by email.
- IP addresses used for rate-limiting are stored as HMAC digests and cannot be reversed.
- The service is served over HTTPS.
No system is 100% secure. In the event of a breach affecting your personal data, we will notify you as required by applicable law.
8. Data Retention
Account data is retained as long as your account is active. If you request deletion, we will erase your account and associated personal data within 30 days, except where we are required to retain it by law. Rate-limit logs (hashed IPs) are purged automatically on a rolling basis.
9. Children
The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has registered, please contact us and we will delete the account.
10. Changes to This Policy
We may update this Privacy Policy occasionally. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or requests: info@wheretobike.ch