Privacy Policy
1. Data Collected
Gatto does not collect any personally identifiable information (name, email, phone, user account) by default.
However, certain technical data is automatically collected to ensure the website's operation and performance.
1.1 Technical Connection Data
Automatically collected when accessing the site:
- IP address (potentially anonymized by certain service providers),
- device type, browser, operating system,
- pages visited,
- date and time of access,
- HTTP request logs.
This data is necessary for security, abuse prevention, and performance.
1.2 Google Analytics (GA4)
Gatto uses Google Analytics 4 to measure website traffic.
Data collected:
- IP address (anonymized if enabled in configuration),
- GA4-specific cookies,
- pages visited,
- events (clicks, navigation),
- approximate geographic location,
- device type / browser.
Google may transfer certain data to the United States in accordance with its Standard Contractual Clauses (SCC).
1.3 Mapbox
Gatto uses Mapbox for map display.
Mapbox automatically collects:
- IP address,
- approximate location derived from IP,
- browser technical information,
- map display event.
Mapbox processes this data according to its own privacy policy.
1.4 Hosting and Distribution (Vercel & AWS CloudFront)
When accessing the site or images/resources, the following service providers process necessary technical data:
- Vercel (site hosting) → IP, user agent, requested URL, access logs.
- AWS CloudFront (CDN) → IP, user agent, approximate region, data necessary for asset delivery.
None of this data is used for advertising profiling.
1.5 User Account (optional)
Gatto offers an optional login feature via Google OAuth. If you choose to create an account, the following data is collected:
- Google identifier (sub) — unique anonymous identifier provided by Google,
- Email address — for account identification,
- First and last name — to personalize the experience,
- Profile picture — Google avatar URL.
This data is transmitted by Google during authentication and stored securely via Supabase (see section 6).
1.6 Favorites
If you are logged in, you can save places to your favorites. This data is:
- associated with your user identifier,
- stored on our servers,
- used solely to allow you to retrieve your saved places.
1.7 Google API Services Compliance
Gatto's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- Data obtained from Google Sign-In (email, name, profile picture) is used only for user authentication and account management.
- This data is not shared with third parties except as described in this policy (Supabase for secure storage).
- This data is not used for advertising, marketing, or profiling purposes.
- Users can delete all their Google-sourced data at any time by deleting their account.
2. Data Not Collected
Gatto does not collect:
- phone number,
- postal address,
- precise GPS geolocation data (except with explicit consent for city detection),
- sensitive data (religion, health, orientation, etc.),
- payment data (Gatto is completely free).
Creating an account is entirely optional. Non-logged-in users can access all discovery features.
3. Processing Purposes
The data collected is used solely to:
- ensure proper website operation,
- display the map (via Mapbox),
- measure traffic and improve the service (via Google Analytics),
- ensure security and detect potential abuse,
- optimize display performance (via CloudFront and Vercel).
Gatto does not sell or share any user data with third parties for advertising purposes.
4. Legal Basis for Processing
In accordance with GDPR:
4.1 Legitimate Interest
For:
- security,
- technical operation,
- audience measurement,
- map display.
4.2 Consent
Only if marketing cookies are added (which is not currently the case).
5. Data Retention Period
- Technical data / logs: up to 12 months.
- Analytics data (GA4): standard duration ~26 months (configurable).
- Voluntarily sent emails: duration of processing then deletion.
- Account data: retained until account deletion by the user.
- Favorites: retained until deletion by the user or account deletion.
6. Service Providers
To provide the service, Gatto uses:
- Vercel Inc. (hosting)
- Mapbox Inc. (map display)
- Amazon Web Services EMEA (CloudFront CDN)
- Google LLC (Google Analytics, Google OAuth)
- Supabase Inc. (authentication, storage of accounts and favorites)
These service providers may process technical data related to your browsing, as well as your account data if you are logged in.
7. Transfers Outside the European Union
Certain service providers (Google, Mapbox, Vercel) perform processing in the United States or outside the EU.
These transfers are based on:
- Standard Contractual Clauses (SCC),
- additional compliance mechanisms.
8. Security
Gatto implements various measures:
- HTTPS encryption (TLS 1.2+),
- distribution via reliable CDN,
- logs limited to strict necessity,
- no personal data stored locally,
- isolated architecture,
- restricted system access.
9. User Rights (GDPR)
You have the following rights:
- right of access (access data concerning you),
- right of rectification,
- right of erasure,
- right to object,
- right to restriction,
- right to data portability (if applicable).
9.1 Account Deletion
If you have created an account, you can permanently delete your account and all associated data (favorites, history) at any time:
- From the application: User menu → "Delete my account"
- By email: contact@gatto.city
Deletion is immediate and irreversible. All your personal data will be erased from our systems.
9.2 Contact and Complaints
To exercise your rights: contact@gatto.city
You may also file a complaint with the CNIL.
10. Modifications
This policy may be updated at any time to reflect:
- service evolution,
- legal requirements,
- or the addition of new features.
The current version is always available on this page.
11. Legal Notice
For more information about the publisher and hosting, please consult our Legal Notice.