Privacy.

What the Atlas collects, what it does not, and how to opt out.

The Cultural Memory Atlas is an editor-led documentary archive. We collect a small amount of engagement data so we can understand which pins, tours, and stories actually find readers. We do not sell or share any of it. The collection is first-party only, no cookies, no persistent identifiers across visits, and you can opt out with the standard privacy signals your browser already supports.

What we collect

When you visit a page or interact with a pin, tour, or story, we record an event with the following fields:

• The event name (for example, page_view, pin_open, tour_stop_arrive).
• The slug or identifier of what you interacted with (for example, the pin slug edgar-payne or the tour id coast-highway-mystics). These are the same public identifiers that appear in the Atlas's URLs.
• The country and region (state or province) your request was routed through, as reported by Cloudflare's edge network.
• A random session identifier generated when the page loaded. The identifier is stored in sessionStorage only, which your browser automatically discards when you close the tab. It is not a cookie. It cannot be used to identify you, and it is not the same identifier the next time you visit.
• A timestamp.

We use these events to answer questions like which pins are people actually opening, how often do walkers complete a tour, and which stories find an audience. Knowing this helps us decide what to deepen, what to add audio to, and what to leave alone.

What we do not collect

• Your IP address. We never write it to storage. Cloudflare's edge sees it transiently to route the request, as it does for every site you visit.
• Your precise location. The walking experience uses GPS in your browser to know when you have arrived at a tour stop, but that GPS reading stays on your device. It is never sent to the server.
• Your name, email address, phone number, or any other contact information, unless you choose to provide one of those on the contribute form, which is a separate flow.
• Your user-agent string, your browser fingerprint, or any signal we could use to recognize you across visits.
• Anything that could be used to identify you to a third party. We do not embed any third-party trackers, advertising pixels, social media buttons that load remote scripts, or analytics services that share data with anyone else. The engagement data lives entirely inside our existing Cloudflare infrastructure and is queryable only by the Atlas editor.

How we honor opt-out

If your browser sends a Do Not Track signal (the DNT: 1 header), the tracker does nothing. If your browser sends Global Privacy Control (the Sec-GPC: 1 header), the tracker does nothing. The check happens on your device before any event is created and again on our server as a backstop. You do not need to do anything else.

If you would like a particular event or session removed from the engagement record, write to davidstuartleonard@gmail.com with the approximate date and the page you visited. Because the session identifier is ephemeral and we do not store IP addresses, we cannot search by user, but we can purge a time range or an event type on request.

Retention

Engagement events are retained for ninety days in Cloudflare Workers Analytics Engine. After ninety days they are automatically expired by the service. Aggregated counts derived from the events (for example, the total number of opens for a particular pin in a given month) may be retained longer in our internal notes.

Contributions you submit

If you use the contribute form to share a memory, that submission is a separate flow with its own retention. Your contribution is held privately until an editor reviews it. The intake form lets you choose your credit and licensing, and a private link in your receipt lets you withdraw the story at any time, for any reason. Submissions are stored in our Supabase database and any media you upload is stored in our Supabase storage bucket. Neither is shared with third parties.

California residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to know what personal information is collected, the right to delete personal information we hold about them, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for any purpose. The categories we collect are described above. To exercise any right, write to davidstuartleonard@gmail.com and we will respond within forty-five days.

Changes

If this policy changes, the change will be reflected in the Last updated line below. The policy is versioned with the Atlas source code, and every change is preserved in the project's public Git history.