Privacy notice
Last updated: June 2026.
This notice explains what data Mind the Kerb collects, why, how it's stored, and your rights.
What we collect
If you contribute anonymously:
- A random identifier for your device, stored only in your browser.
- The location and details of any kerbs you report.
If you create an account:
- Your username — you choose it.
- Your email address — used only for sign-in links and to send you a copy of your data if you ask.
- The kerbs you've reported, the places you've contributed to (as a set, with no times), your points and streak.
We do not collect:
- Your continuous location or movement.
- Photographs.
- Profile information beyond your username.
- Anything you don't explicitly enter.
Why we collect it
The kerb data is the project's purpose: contributing to OpenStreetMap to improve accessibility maps. Your email is for sign-in only. The device identifier helps us spot duplicate reports.
How long we keep it
Verified kerb data is permanent — it is prepared for OpenStreetMap. Rejected reports are kept for moderation history. Your account data is kept as long as your account exists; if you ask us to delete your account, we delete it after a 24-hour cancellation window.
Your rights
Under UK GDPR you can:
- See what we hold about you — the Download your data button on your dashboard.
- Correct anything wrong — contact us.
- Delete your account — the Delete my account button on your dashboard.
- Object to processing — contact us.
Who we share data with
The kerb data, once verified and uploaded to OpenStreetMap, is publicly available under the OpenStreetMap licence (ODbL). Your username, email, and other account data are never shared.
Our hosting (DigitalOcean, London region) and email delivery (Mailjet, France) are the only third parties that handle data on our behalf, under data-processor agreements.
If something goes wrong
If we detect a data exposure affecting your personal data, we'll email you within 72 hours of confirming the incident — in line with the UK GDPR notification window — explaining what happened, what we've done about it, and what (if anything) you should do. We'll also notify the Information Commissioner's Office where required and publish a brief public statement on this site. Our internal incident-response process is documented and reviewed annually.
Cookies and similar
We use a session cookie for signed-in users (HttpOnly, Secure, SameSite=Strict). We don't use tracking cookies, advertising cookies, or third-party analytics.
Contact
Email alasdair@socialudo.org. We aim to respond within 14 days.