Privacy notice

Last updated: 20 April 2026

This notice explains what personal data is processed when you visit wherekitty.com, on what legal basis, and what rights you have. It is written in plain language. The applicable law is the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and Polish data protection law.

1. Data controller

We have not appointed a Data Protection Officer — the scale of processing does not require one.

2. What we process, and why

a) Server logs. When you request a page, our server records your IP address, user-agent (browser), referring URL, requested path, response code and timestamp. These are standard web-server logs used to operate the service, investigate technical problems, and detect abuse (scraping, DDoS, fraud attempts).

Legal basis: Article 6(1)(f) GDPR — legitimate interest in keeping the service running and secure. Retention: up to 90 days, then automatically rotated out.

b) Email correspondence. If you write to hello@wherekitty.com (for example to propose a city, correct a mistake, or request a photo takedown), we process the content of your message and your email address in order to reply and keep a record of the conversation.

Legal basis: Article 6(1)(b) GDPR — steps at your request, and Article 6(1)(f) — legitimate interest in keeping a record of correspondence. Retention: as long as needed for the matter, then up to 3 years after the last message for audit and dispute purposes, after which the message is deleted.

3. Who else sees your data (processors)

• Hetzner Online GmbH (Germany) — our hosting provider. Processes server logs on our behalf under a data processing agreement. Data stays within the EU.
• Home.pl S.A. (Szczecin, Poland) — our email provider for the @wherekitty.com mailbox.

We do not sell, rent, or share your data with anyone else. We do not send your data outside the European Economic Area.

4. Cookies and tracking

wherekitty.com does not set any cookies of its own, does not include advertising trackers, and does not track you across other websites. There is no sign-up, no account, no form.

We use GoatCounter, a privacy-friendly analytics service, to count anonymous page views (no cookies, no fingerprinting, no personal data). GoatCounter does not store individual visitor profiles — it only tells us how many people visited which page on which day. Their privacy statement applies to that single request.

Map tiles are served directly by a third party (CartoDB / OpenStreetMap), and photos are loaded from our server. When your browser requests these resources, it exposes your IP address to those services in the normal way the web works. Their own privacy policies apply to those requests; we do not receive any tracking data in return.

5. Your rights under GDPR

You have the right to:

• access the personal data we hold about you (Art. 15 GDPR);
• ask us to correct inaccurate data (Art. 16);
• ask us to delete your data (Art. 17), subject to our legitimate need to keep it;
• ask us to restrict processing (Art. 18);
• object to processing based on legitimate interest (Art. 21);
• lodge a complaint with the Polish supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

Because we collect very little, most requests take little effort. Write to hello@wherekitty.com and we will respond within one month (the statutory deadline under Art. 12(3) GDPR).

6. Automated decisions and profiling

We do not make any automated decisions about you and we do not profile you.

7. Is providing data required?

No. Visiting the site exposes your IP to our server (this is a technical necessity of HTTP) but you are never asked to provide any personal data. Writing to us is entirely voluntary.

8. Changes to this notice

If this notice changes, we update the "last updated" date above. Material changes will also be announced on the homepage for a reasonable period.

9. Polish language

A Polish version of this notice is available on request at hello@wherekitty.com.