WA Road Trip

Privacy & Trust

How this site handles your data

This page is maintained by the owners of WA Road Trip to answer common questions about privacy, security and the photo-sharing feature. It is editable project content and is not an independent certification.

About this site

WA Road Trip is a personal itinerary site for a 14-day September 2026 trip through Western Australia. It is not a commercial service and does not sell anything. Most of the site is read-only travel content.

What we collect

The only data we collect directly from visitors is what you choose to send through the "Add a memory" photo form:

  • A display name you type into the form.
  • A short caption you type into the form.
  • The image file you upload.

We do not ask for your email address, phone number, or location. We do not run third-party advertising trackers. Basic, aggregated traffic analytics may be collected by the hosting platform to show visit and pageview counts; this does not personally identify visitors.

How shared photos are stored and shown

  • Uploaded photos go into a private storage bucket. They are not publicly listed.
  • Every submission starts in a pending state and is hidden from the public Gallery until the site owner approves it.
  • Approved photos are shown on the Gallery page via short-lived signed URLs generated server-side — not via permanent public links.
  • Rejected submissions have their image file removed from storage.

Access control

  • Only the site owner can view pending submissions and approve or reject them, gated behind a server-side password check.
  • Uploads are restricted to a single submissions/ folder in storage so anonymous users cannot write to or overwrite other paths.
  • The database table that stores submissions has row-level security enabled: anyone can insert a pending row, only approved rows are publicly readable, and updates and deletes go through the owner-only moderation flow.

Removing a photo or your name

If you've shared a photo and want it taken down — or you'd like the name shown next to it changed — just get in touch and we'll remove or update it.

Third-party services

  • Lovable Cloud — provides the database, storage and server runtime that hosts this site.
  • Google Maps — embedded maps on the itinerary and day pages are loaded from Google.
  • Unsplash — placeholder destination imagery is served from Unsplash's CDN.

What we don't claim

This is a personal project, not an enterprise product. We do not claim independent security audits, SOC 2 / ISO 27001 certification, GDPR/HIPAA/PCI compliance, or end-to-end encryption guarantees. We use the security controls described above and keep the site small on purpose.

Get in touch

Questions, a takedown request, or something on the site looks wrong? Reach out to the owner of this itinerary directly and we'll sort it out.