Privacy notice

Last updated: 15 July 2026

Launch blocker: replace every [bracketed field] with the operator’s verified details and obtain final review under the law of the operator’s country of establishment before launch.

1. Controller and contact

The controller is [FULL LEGAL NAME / LEGAL FORM], [REGISTERED STREET ADDRESS], [POSTCODE, CITY, COUNTRY] (“Drosia”). Privacy and data-rights requests: drosiateam@gmail.com. Data protection officer: [DPO CONTACT, IF APPOINTED].

2. Account-free does not mean data-free

You do not need an account and citizen reports do not require a name or email. We do not sell personal data or use it for behavioural advertising. Drosia nevertheless processes personal data where necessary to operate the service. A random browser-generated device token is a pseudonymous online identifier: it is not designed to reveal your civil identity, but it may still be personal data under the GDPR.

3. Data we process and where it comes from

Report data: up to three photos, submitted coordinates (from device location or a map pin), category, optional description, locale, timestamps, status, authority assignment, votes and confirmations. Device and push data: device token, push endpoint and encryption keys, followed report or area, and browser permission state. Notices and contact data: a reason and optional contact detail when content is disputed; and name, organisation, email, role, place and message when the support form is used. Technical and analytics data: request IP used transiently for security and rate limiting, a keyed pseudonymous rate-limit value, user-agent-derived device/OS class, coarse country, page path, referral source, report token viewed, language, interaction events, session duration and a random tab-session ID. Data comes from you, your browser/device and trusted hosting headers.

4. Purposes and legal bases

We process report and device data to provide the service you request, route and deliver a report, show its progress and provide optional push updates (GDPR Art. 6(1)(b), and Art. 6(1)(a) for optional notifications where consent is the appropriate basis). We process and publish moderated civic reports, anonymise images, prevent abuse, secure the service, measure aggregate use and protect affected people under our legitimate interests in operating a safe, useful environmental-reporting service (Art. 6(1)(f)). We process notices, preserve evidence and respond to authorities where necessary to comply with legal obligations (Art. 6(1)(c)). Our legitimate-interest assessment weighs these purposes against reporter, bystander and property-owner rights; data minimisation, private originals, anonymisation, human moderation, rate limits and takedown controls reduce the impact.

5. Photos, metadata and human moderation

Uploaded images are re-encoded and metadata is removed. Originals are stored in a private bucket accessible only to authorised operators and service processes. Before any image can become public, an automated process obscures identifying detail, including faces and vehicle plates, and the report must pass moderation. Automated anonymisation does not make a legal or similarly significant decision about you; publication, rejection and takedown decisions are subject to human review. Do not upload identifiable people, private homes or other unnecessary personal data.

6. What is public and who receives data

Immediately after submission, the category, submitted map location (which may be precise), date, pending status, report link and aggregate votes may be visible worldwide. The photo appears only after automatic anonymisation; optional description and assigned authority appear after review. The responsible public authority receives the report and a link only after approval. Processors and service recipients include Supabase (database and storage), Vercel (hosting, delivery, Web Analytics and Speed Insights), Resend (authority and team email), the configured image-anonymisation provider, and Web Push delivery infrastructure. OpenStreetMap tile services receive technical request data such as IP address and requested map area when tiles load; Nominatim may receive a location query if place lookup is enabled. Authorities receiving a report act as independent controllers for their own subsequent handling.

7. International transfers

Some providers or subprocessors may process data outside the EEA. Where required, transfers rely on an adequacy decision or the European Commission’s Standard Contractual Clauses together with supplementary safeguards. Information about the applicable safeguard or a copy can be requested at drosiateam@gmail.com. The operator must ensure that current data-processing agreements are in place with each processor before launch.

8. Browser storage and analytics

Drosia uses no advertising cookies and no device fingerprinting. Local storage holds the selected language, theme and random device token; these support features you request and remain until you clear browser data. Session storage holds a tab-scoped analytics session ID and report-navigation trail until the tab is closed. Vercel Analytics/Speed Insights and Drosia’s first-party analytics measure page use and performance. They are not used to follow you across unrelated websites. Greek electronic-communications rules also apply to local/session storage; non-essential analytics storage must not run before any consent required by those rules has been obtained.

9. Retention schedule

Raw first-party analytics events are deleted after 180 days; identifier-free daily aggregates are kept for up to 3 years. Pseudonymous rate-limit records are deleted within 8 days. Invalid push endpoints are removed when detected; other push and device records are removed after withdrawal or 12 months of inactivity. Support enquiries are kept for up to 24 months after the last contact. Content notices, moderation and delivery records are kept for up to 3 years after closure. Private original photos are deleted within 90 days after the moderation/delivery decision; if a dispute or legal hold is active, they may be retained until 6 months after final closure or as required by law. Public reports and anonymised images are kept for up to 3 years after the last status update and then deleted, anonymised further or retained only where a documented public-interest or legal need outweighs the impact. The operator must implement and audit this schedule before launch.

10. Your rights

Depending on the legal basis and circumstances, you may request access, correction, deletion, restriction or portability, object to processing based on legitimate interests, and withdraw consent at any time without affecting earlier processing. Use “Report / dispute” on public content or email drosiateam@gmail.com. Because Drosia deliberately does not maintain citizen accounts, include the public report token or device token when possible; we may request proportionate evidence and may be unable to link data to you without it. We normally respond within one month. You may complain to the supervisory authority where you live, work or believe an infringement occurred; in Greece this is the Hellenic Data Protection Authority (dpa.gr).

11. Required data, security and incidents

Photos, location, category and upload confirmation are required to submit a report; without them the service cannot accept it. Other fields and push notifications are optional. We use access controls, row-level database security, private original storage, encryption in transit, pseudonymous rate limiting and public-view allowlists. No internet service is risk-free. If a personal-data breach is likely to create a high risk, affected people will be informed where we have a way to reach them and where the law requires it.

12. Changes

We will update this notice when processing changes and show the new date here. Material changes will be highlighted in the service where reasonably possible. Earlier versions are available on request.

Made with❤️in Greece.