Privacy Policy

Huts.fi is operated by Jeff Foster, an individual based in Finland.

For data protection enquiries, contact us at: jeff@huts.fi

We collect the following data when you use Huts.fi:

• Account information: email address, and your name and profile photo if you sign in via Google, Apple, or Facebook (provided by those services).
• User content: reviews you write, star ratings, photos you upload, and the captions or credits you provide.
• Saved lists (wishlists): the places and routes you save to your lists.
• Contact events: records of when you tap a website, phone, or email link on a feature page (used to show venue owners aggregate interest — not linked to you personally in any reports).
• Technical data: IP address (used only for security checks, not stored against your account), browser type, and pages visited (no analytics cookies currently in use).

We do not sell your data to third parties. We do not use advertising cookies or tracking pixels.

• Contract performance (Art. 6(1)(b)): processing your email and account data is necessary to provide the account features you signed up for (wishlists, reviews, photos).
• Consent (Art. 6(1)(a)): when you sign in via a magic link or OAuth provider, you consent to us creating an account for you.
• Legitimate interests (Art. 6(1)(f)): we process IP addresses briefly for bot prevention and security (Cloudflare Turnstile). This is proportionate and does not override your rights.

Your data is stored in Supabase (PostgreSQL database and file storage). Our Supabase project is hosted in the EU (Ireland, AWS eu-west-1) region. No personal data is transferred outside the European Economic Area.

Profile photos and uploaded images are stored in Supabase Storage (object storage). Authentication is handled by Supabase Auth.

• Account data: retained for as long as your account exists. Deleted when you delete your account.
• Reviews and photos: retained for as long as your account exists and deleted when you delete your account or remove the content yourself.
• IP addresses for security: not stored after the security check completes (processed in-flight by Cloudflare Turnstile only).

As a data subject in the EU/EEA, you have the following rights:

• Right of access (Art. 15): you can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): you can ask us to correct inaccurate data.
• Right to erasure (Art. 17): you can delete your account at any time from Account Settings. This permanently removes your account, reviews, photos, and saved lists.
• Right to restriction (Art. 18): you can ask us to restrict processing while a dispute is resolved.
• Right to data portability (Art. 20): you can request your data in a structured, machine-readable format.
• Right to object (Art. 21): you can object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7): where processing is based on consent, you can withdraw at any time by deleting your account.

To exercise any right, email jeff@huts.fi. We will respond within 30 days.

We use only strictly necessary cookies — session cookies set by Supabase Auth to keep you logged in. These are required for the service to function and do not require your consent under GDPR.

We use your browser's localStorage to remember your view preferences (map vs. list) and wishlist state. This is not a cookie and does not leave your device.

We do not use analytics cookies, advertising cookies, or any third-party tracking scripts. If we add analytics in the future, we will update this policy and ask for your consent first.

If you believe we are not handling your personal data lawfully, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

tietosuoja.fi — Office of the Data Protection Ombudsman, P.O. Box 800, FI-00531 Helsinki

We may update this policy as the service evolves. Material changes will be notified via the site. The "last updated" date at the top of this page always reflects the current version.