Walk Routes
Log inSign up

Privacy Policy

Last updated: 5 May 2026

Walk Routes (“we”, “us”, “our”) is committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, why, and your rights.

1. Who We Are

Walk Routes is the data controller for personal data collected through this website. For any data-related queries, contact us at hello@walkroutes.co.uk.

2. Data We Collect

  • Account data: email address and hashed password when you register.
  • Purchase data: payment confirmation and entitlement records. We do not store card details, payments are processed by Stripe, which is PCI-DSS compliant.
  • Usage data: pages visited, walk detail views, card clicks, checkout events, completed purchase events, and time spent, collected only if you accept analytics cookies and similar technologies.
  • Device data: walk data you save for offline use is stored locally on your device in IndexedDB and never sent to our servers.

We do not collect sensitive personal data (special category data under UK GDPR Article 9).

3. Lawful Basis for Processing

  • Contract (Article 6(1)(b)): processing your account and purchase data to provide the service you signed up for.
  • Consent (Article 6(1)(a)): optional analytics and advertising cookies or similar technologies where you choose to enable them.
  • Legitimate interests (Article 6(1)(f)): server logs for security, fraud prevention, and service improvement.
  • Legal obligation (Article 6(1)(c)): retaining purchase records for tax and accounting purposes.

We do not use your data for marketing without explicit opt-in.

4. Cookies and Similar Technologies

We use essential cookies and similar technologies to keep you logged in, protect the service, support checkout, and remember your cookie preferences. These are strictly necessary for the service to function and do not require consent under PECR.

With your permission, we use PostHog analytics to understand how visitors use the website, including visitor counts, page views, walk card clicks, pricing and checkout events, completed purchase events, and time spent. We use Supabase user IDs for logged-in analytics and do not send names, email addresses, card details, or raw personal data to PostHog.

With your permission, we may load Google AdSense for non-paying visitors. Google may use cookies or similar technologies to provide and measure advertising. You can accept, reject, or change optional analytics and advertising preferences using the cookie preferences control in the footer.

5. How Long We Keep Your Data

  • Account data: retained for as long as your account is active. Deleted within 30 days of account deletion.
  • Purchase records: retained for 7 years to comply with HMRC requirements.
  • Server logs: retained for up to 90 days for security purposes.

6. Who We Share Your Data With

  • Supabase: database and authentication provider, hosted in the EU.
  • PostHog: analytics provider. We use PostHog Cloud for optional analytics.
  • Stripe: payment processor. Stripe's privacy policy governs data they collect during checkout.
  • Google AdSense: advertising provider, loaded only if advertising cookies are accepted and the visitor is not a paid user.
  • Vercel: hosting provider. Server logs are processed by Vercel.

We do not sell your data or share it with third parties for marketing.

7. International Transfers

Our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place (UK adequacy decisions or Standard Contractual Clauses).

8. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you (Subject Access Request).
  • Rectification of inaccurate data.
  • Erasure (“right to be forgotten”), we will delete your account and associated data on request, subject to legal retention obligations.
  • Restriction of processing in certain circumstances.
  • Data portability, receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.

To exercise any of these rights, email support@walkroutes.co.uk. We will respond within 30 days as required by UK GDPR.

9. Right to Complain

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by email or a notice on this page. Continued use of the service after changes constitutes acceptance.