Privacy Policy

1. Data Collected

Gatto does not collect any personally identifiable information (name, email, phone, user account) by default.

However, certain technical data is automatically collected to ensure the website's operation and performance.

1.1 Technical Connection Data

Automatically collected when accessing the site:

IP address (potentially anonymized by certain service providers),
device type, browser, operating system,
pages visited,
date and time of access,
HTTP request logs.

This data is necessary for security, abuse prevention, and performance.

1.2 Google Analytics (GA4)

Gatto uses Google Analytics 4 to measure website traffic.

Data collected:

IP address (anonymized if enabled in configuration),
GA4-specific cookies,
pages visited,
events (clicks, navigation),
approximate geographic location,
device type / browser.

Google may transfer certain data to the United States in accordance with its Standard Contractual Clauses (SCC).

1.3 Mapbox

Gatto uses Mapbox for map display.

Mapbox automatically collects:

IP address,
approximate location derived from IP,
browser technical information,
map display event.

Mapbox processes this data according to its own privacy policy.

1.4 Hosting and Distribution (Vercel & AWS CloudFront)

When accessing the site or images/resources, the following service providers process necessary technical data:

Vercel (site hosting) → IP, user agent, requested URL, access logs.
AWS CloudFront (CDN) → IP, user agent, approximate region, data necessary for asset delivery.

None of this data is used for advertising profiling.

2. Data Not Collected

Gatto does not collect:

first name, last name, username,
email address (except voluntary contact),
phone number,
GPS geolocation data,
social identifiers (Google, Facebook, etc.),
sensitive data (religion, health, orientation, etc.).

There is no registration and no user account.

3. Processing Purposes

The data collected is used solely to:

ensure proper website operation,
display the map (via Mapbox),
measure traffic and improve the service (via Google Analytics),
ensure security and detect potential abuse,
optimize display performance (via CloudFront and Vercel).

Gatto does not sell or share any user data with third parties for advertising purposes.

4. Legal Basis for Processing

In accordance with GDPR:

4.1 Legitimate Interest

For:

security,
technical operation,
audience measurement,
map display.

4.2 Consent

Only if marketing cookies are added (which is not currently the case).

5. Data Retention Period

Technical data / logs: up to 12 months.
Analytics data (GA4): standard duration ~26 months (configurable).
Voluntarily sent emails: duration of processing then deletion.

6. Service Providers

To provide the service, Gatto uses:

Vercel Inc. (hosting)
Mapbox Inc. (map display)
Amazon Web Services EMEA (CloudFront CDN)
Google LLC (Google Analytics)

These service providers may process technical data related to your browsing.

7. Transfers Outside the European Union

Certain service providers (Google, Mapbox, Vercel) perform processing in the United States or outside the EU.

These transfers are based on:

Standard Contractual Clauses (SCC),
additional compliance mechanisms.

8. Security

Gatto implements various measures:

HTTPS encryption (TLS 1.2+),
distribution via reliable CDN,
logs limited to strict necessity,
no personal data stored locally,
isolated architecture,
restricted system access.

9. User Rights (GDPR)

You have the following rights:

right of access (access data concerning you),
right of rectification,
right of erasure,
right to object,
right to restriction,
right to data portability (if applicable).

To exercise these rights: contact@gatto.city

You may also file a complaint with the CNIL.

10. Modifications

This policy may be updated at any time to reflect:

service evolution,
legal requirements,
or the addition of new features.

The current version is always available on this page.

11. Legal Notice

For more information about the publisher and hosting, please consult our Legal Notice.