🔒

🔒 Privacy Policy

What data Plakka collects, how it's used, and your rights.

In plain English

Plakka is a free walking app for UK plaques. We collect the minimum data needed to make it work: your account details, the plaques you've visited, and (only when you choose to share it) your location.

We don't sell your data, we don't show ads, and we don't use third-party analytics or trackers. The rest of this page explains the details.

Jump to Data we collect How we use it Location data Plaque submissions Third parties Browser storage Retention Your rights Contact

📋 Data we collect

When you create an account

Email address — for login, password reset, and important service notices.
Username and display name — used to identify you on leaderboards and within the app.
Password — stored hashed (never in plain text). We can't see your password.
Date of registration.

As you use the app

Plaques you've visited (captures) — which plaque, when you visited, and the photo if you took one.
Walks you've created or saved — the route, stop list, and distance.
League memberships — which private leagues you belong to and your scores within them.
Plaques you've submitted — the photo, timestamp, and location associated with the submission.
App preferences — for example, which plaque datasets you've chosen to display on your map.
Friendship connections — usernames of users you've added as friends.

From server logs

IP address, timestamp, and request path — recorded automatically by our web server (nginx) and application server. This is standard for any website and is used to diagnose problems and prevent abuse. Logs are kept for up to 14 days then deleted.
Technical diagnostics — when something fails (network errors, crashes), the app may send a small report containing the error message, page URL, and your browser type. This contains no personal information beyond what's needed to fix the issue.

We don't collect your phone number, postal address, payment details, or any other identifiers. Plakka is free; we don't process payments.

🔧 How we use your data

To provide the service — show your captures, run challenges and leagues, generate walks, send essential service emails (e.g. password reset).
To keep the app working — diagnose bugs, defend against abuse, and improve performance based on aggregated usage.
To communicate with you — only when you ask us to (replies to your support emails) or for genuine service notices (e.g. terms updates). We don't send marketing emails.

We do not sell your data, share it with advertisers, or use it to build a profile for any commercial purpose.

📍 Location data

Plakka uses your device's GPS to centre the map on you and to confirm you're near a plaque when you capture it. We only request location when you actively need it — for example when you tap the locate button, capture a plaque, or submit a new one. Your browser or phone will ask your permission the first time.

Once you grant permission, your location is read in real time on your device. We don't store a continuous history of where you've been. The only location data that's persisted is:

The location of plaques you submit (so we know where to file the candidate plaque on the map).
The location of any custom locations you've created (because that's what defines them).

You can revoke location permission at any time through your browser or phone settings. The app will still work; you'll just lose the "centre on me" and "near me" features.

📷 Plaque submissions

When you submit a candidate plaque, we collect:

The photo you upload or take.
The location — either from your phone's GPS at the time of submission, or from the photo's embedded GPS data (EXIF) if it has any.
Whether the photo came from your camera or library — so reviewers know how reliable the location is.

Photos and the data extracted from them are stored on our servers and reviewed by an admin before any plaque appears on the public map. Submitted photos may be displayed publicly in association with the plaque if approved — only submit photos you took yourself or have rights to share.

Note on EXIF data: photos taken with a smartphone often include location metadata. We read this metadata to place the candidate plaque accurately. If you'd rather not share that data, strip EXIF from the photo before uploading (most phones have a "remove location" option in the share sheet).

👀 Who can see what

Your captures (visited plaques) are private to you. Other users can't see what you've visited.
Leaderboards are private by default. New and existing accounts are hidden from the public leaderboard. To appear, opt in from My Plakka → Privacy. Friends and league members can always see your activity within those groups regardless of this setting.
Walks you create are private to you, unless you explicitly share them.
Leagues are private to their members.
Submitted plaques become public if approved (the plaque, photo, inscription, and location appear on the map for everyone). Your username is not displayed alongside an approved plaque.

🌐 Third parties

Plakka uses a small number of third-party services. Each handles a specific job and gets only the data it needs.

OpenStreetMap — provides the map tiles. Your browser fetches tiles directly from OpenStreetMap as you pan the map. They see your IP address and which map tiles you're loading (which reveals your map viewport). Plakka does not pass your account information to OpenStreetMap.
Wikimedia Commons — provides the plaque photos shown in popups. Your browser fetches images directly from Commons. They see your IP address and which images you're requesting.
A transactional email service — sends our service emails (password reset, etc). They process your email address only when we send you a message and don't use it for any other purpose. We're happy to tell you which provider we use if you ask — email us.

We do not use Google Analytics, Facebook Pixel, Hotjar, advertising networks, or any other tracking or analytics services.

🍪 Browser storage

Plakka uses your browser's local storage to remember things between visits. We don't use tracking cookies.

localStorage — stores your authentication token, your username, your captured plaque IDs, your dataset preferences, and pending captures (for offline support).
sessionStorage — stores temporary state for the current browser session, like map view memory.

Clearing your browser's site data will sign you out and remove the local cache. Your account on our servers is unaffected.

⏳ How long we keep data

Account data and captures — kept until you delete your account, or until your account becomes inactive for an extended period (we'll always email you first before any inactive-account deletion).
Server logs — IP addresses and request data are kept for up to 14 days then automatically deleted.
Technical diagnostic reports — kept for up to 30 days for debugging, then deleted.
Submitted plaque photos — kept indefinitely if approved (they become part of the map). Rejected submissions are deleted within 30 days of the decision.

⚖️ Your rights (UK GDPR)

Plakka serves users in the UK and is committed to UK GDPR compliance. You have the following rights:

Right of access — request a copy of the data we hold about you.
Right to rectification — ask us to correct inaccurate data.
Right to erasure — ask us to delete your account and associated data (the "right to be forgotten").
Right to data portability — request your data in a machine-readable format.
Right to object — object to specific uses of your data, including any processing based on our legitimate interests.
Right to restriction — ask us to pause processing while a complaint is being investigated.

To exercise any of these rights, email us at the address below. We'll respond within 30 days. Account deletion can be done yourself from My Plakka → Account → Delete account.

When you delete your account:

Your account, password, walks, friendships, and league memberships are permanently deleted.
Your visits to plaques (captures) remain so plaque-popularity stats stay accurate, but they're no longer linked to you — nobody can see who visited what.
Plaques you've submitted that have been approved remain on the public map (they belong to the community now), but your name is removed from them.
Pending or rejected plaque submissions are deleted along with their photos.
If you founded any leagues, they continue under their existing members; your name shows as "[deleted user]" in the founder field.
Your username is permanently retired — nobody else can register it after you've deleted.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we've handled your data improperly.

👶 Children

Plakka is not directed at children under 13. We don't knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data without parental consent, please contact us so we can delete it.

📝 Changes to this policy

We may update this policy as the app evolves. Material changes will be announced in the app and (if you have an account) by email. The "last updated" date below shows when this version was published.

📬 Contact

For privacy questions, data requests, or to exercise any of your rights:

Email: contactus@plakka.co.uk

Last updated: April 2026.