Privacy Policy: data we collect and GDPR rights

We collect the minimum data needed to run the directory and show an accurate crowding heatmap. We do not sell data and we do not run third-party advertising trackers.

What we collect

Crowding reports

When you submit a crowding or water-temperature report we record: the pool ID, the session day and time, your occupancy estimate, temperature estimate, a truncated IP hash (for duplicate prevention) and a timestamp. We do not record your name, email or precise location.

Contact form

Messages sent through the contact form include the email address you provide. Messages are retained for up to 24 months and then deleted.

Server logs

The web server records standard request logs (URL, user-agent, truncated IP) for up to 30 days for security and debugging purposes.

Cookies and analytics

The site uses one session cookie for anti-spam on the crowding report form. No third-party advertising cookies are set. If analytics are enabled in future they will be aggregate-only and documented here.

Your rights

Under UK GDPR you can request access to, correction of, or deletion of data associated with a contact-form submission. Because crowding reports are collected without personal identifiers, we cannot link them to an individual after submission; they cannot be deleted individually but age out of the aggregate heatmap after 60 days.

Send requests through the contact page. We respond within 30 days as required by UK GDPR.