Go Unique

Privacy Policy

Last updated: May 20, 2026

1. Who we are

Go Unique (“we”, “us”, or “our”) is a web application that lets you track and visualise the unique places you have visited on a map. This policy explains what personal data we collect, why we collect it, and your rights over that data.

2. Data we collect

  • Account data — your name and email address, provided when you register or sign in with Google.
  • Travel data — the cities, regions, and countries you choose to mark as visited, together with any optional notes or photos you attach.
  • Usage data — standard server logs (IP address, browser type, pages visited, timestamps) collected automatically when you use the service.
  • Authentication tokens — session cookies and refresh tokens managed by Supabase Auth to keep you signed in securely.

3. How we use your data

  • To create and manage your account.
  • To store and display your travel marks on the map.
  • To send transactional emails (email confirmation, password reset).
  • To detect and prevent abuse, fraud, or security incidents.
  • To improve the service through aggregated, anonymised analytics.

We do not sell your personal data, use it for advertising, or share it with third parties for their own marketing purposes.

4. Legal basis (GDPR)

Where the GDPR applies, we process your data on the following bases:

  • Contract performance — account data and travel data are necessary to provide the service you signed up for.
  • Legitimate interests — server logs and security measures protect the service and its users.
  • Consent — any optional features (e.g. public profile sharing) rely on your explicit opt-in.

5. Data storage and security

Your data is stored on a self-hosted Supabase instance running on servers located in the European Union (Hetzner, Germany). We use TLS in transit and encrypted storage at rest. Access to the database is restricted to authorised personnel and enforced by Row-Level Security policies.

6. Third-party services

  • Google OAuth — if you choose to sign in with Google, Google will share your name and email address with us in accordance with their Privacy Policy.
  • Resend — transactional emails (confirmation, password reset) are delivered via Resend. Only your email address and the content of the email are shared.
  • MapLibre / map tiles — map tiles are loaded from a CDN. Tile requests may include your IP address as part of standard HTTP traffic.

7. Data retention

We keep your data for as long as your account is active. If you delete your account, all personal data (account details and travel marks) is permanently deleted within 30 days. Anonymised, aggregated statistics may be retained indefinitely.

8. Your rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Export your data in a machine-readable format (data portability).
  • Object to or restrict certain processing activities.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Cookies

We use only strictly necessary cookies to maintain your authenticated session. We do not use tracking, analytics, or advertising cookies. No cookie consent banner is shown because no non-essential cookies are set.

10. Children

Go Unique is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email.

12. Contact

Questions about this policy? Reach us at [email protected].