Legal · Privacy

Privacy Policy

Last updated · 5 June 2026 Controller · Matt Bramhall, sole trader

Waystone is a heritage-mapping service operated by Matt Bramhall, a sole trader based in the United Kingdom. This policy explains what personal data Waystone collects when you use the website, web app, and mobile apps, why we collect it, and the choices and rights you have over it. We have kept it short and free of legalese — if anything is unclear, email [email protected].

Data we collect
Data we don't collect
How we use it
Who we share it with
How long we keep it
Your rights
Contact

Data we collect

We collect only what we need to run the service:

Account details. If you create an account, we receive your email address — and, where you choose to share it, your name — from Apple or Google when you sign in. We never see or store your Apple or Google password.
Places you save. Pins, notes, and places you choose to keep are stored against your account so they are there when you return.
Narration requests. When you tap a place to read its story, the location and your request are sent to our servers, and on to our AI provider, to generate the narration.
Usage and diagnostics. We collect anonymous, aggregated information about how the apps are used, and technical crash logs, so we can find and fix problems.

Data we don't collect

We keep this deliberately small:

Your live location stays on your device. The map uses it to centre the view; it is not sent to us or stored unless you save a pin there.
We don't use advertising cookies, trackers, or device fingerprinting, and we don't build advertising profiles.
We never sell, rent, or trade your personal data.
We don't take payment for the beta, so we never hold card numbers.

How we use it

We use your data for three things, and nothing else:

To provide the service — signing you in, generating narrations, and keeping your saved places.
To keep it working and secure — diagnosing crashes, preventing abuse, and protecting the service.
To improve it — understanding, in aggregate, what is useful so we can make Waystone better.

We do not use your data for advertising or for automated decisions that affect you. Under the UK GDPR our lawful bases are the performance of our agreement with you, your consent, and our legitimate interest in running a safe, working service.

Who we share it with

To run Waystone we rely on a small number of trusted providers who process data on our behalf:

Cloudflare — hosting, content delivery, and storage of the data above.
Apple and Google — sign-in. When you choose to log in, they pass us your email; your account with them is governed by their own privacy policies.
Anthropic — the Claude AI model that writes the narrations. The place and your request are sent to Anthropic to generate the text; it is not used to train their models.
MapTiler — serves the map tiles you see.

Some providers are based outside the UK. Where data is transferred internationally, it is protected by appropriate safeguards, such as the UK's International Data Transfer Agreement or equivalent standard contractual clauses.

How long we keep it

We keep personal data only as long as it is useful for the purpose it was collected:

Account details and saved places are kept while your account is active. If you delete your account, they are deleted within 30 days.
Narration requests may be kept briefly to operate and debug the service, then deleted or anonymised.
Usage and crash data is aggregated and not tied to your identity.

You can ask us to delete your account and its data at any time by emailing [email protected].

Your rights

Under the UK GDPR you have the right to:

access the personal data we hold about you;
correct anything that is wrong or incomplete;
have your data erased — the "right to be forgotten";
restrict or object to how we use it;
receive your data in a portable, machine-readable form;
withdraw consent at any time, where we rely on it.

To exercise any of these, email [email protected] and we will respond within one month. You also have the right to complain to the UK's Information Commissioner's Office (ico.org.uk) — though we hope you would contact us first, so we can put it right.

Contact

Waystone is operated by Matt Bramhall, a sole trader in the United Kingdom, who is the data controller for the purposes of the UK GDPR. For any question about this policy or your data, write to [email protected].