Privacy, handled properly.
Last updated: 15 July 2026
WildButler is a personal outdoor-sports planner. This page explains, in plain language, what data it holds about you, why, where it lives, and how to see it or erase it. No tricks — the app is deliberately built to know as little about you as possible.
Who is responsible
The data controller is Aidan Oost (the owner and operator of WildButler), reachable at butler@wildbutler.com.
What we store, and why
Your email address and a display name (taken from the email) — to create your account and send you sign-in links. Legal basis: performance of a contract (providing the service you signed up for).
Your spot catalogue and availability windows — the sports, spots and free-time windows the planner works from. Same legal basis.
Invite codes you create or redeem — to control who can join.
A session cookie (wb_session, up to 90 days) — to keep you
signed in. It contains only a signed user id. Strictly necessary, so no consent
banner is required — and there is nothing else to consent to: no analytics,
no advertising, no trackers.
On your device only: sessions you "watch" (👁) are stored in your browser's local storage and never sent to the server.
We do not store passwords (sign-in is by emailed magic link), payment details, precise location, or anything from your contacts or calendar. Calendar invites are generated in your browser and downloaded directly to you.
Where it lives
Data is stored in a PostgreSQL database hosted by Render in the EU (Frankfurt, Germany), alongside the app itself. The database is not reachable from the public internet.
Who else touches your data (sub-processors)
- Render — hosting and database, EU (Frankfurt) region. Render is a US company; its data-processing agreement (with EU Standard Contractual Clauses) covers any incidental access from outside the EU.
- Resend — delivers sign-in emails from our EU (Ireland) sending region; they process your email address to deliver the message, under the same DPA/SCC arrangement as a US company.
- Porkbun — forwards replies sent to butler@wildbutler.com (US, DPA/SCCs).
Weather, swell and tide lookups (Open-Meteo, Stormglass) are made for the spots, not for you — no personal data is sent to them.
How long we keep it
Until you delete your account. Sign-in link records expire within 30 minutes. Weather and tide caches contain no personal data.
Your rights
Under the GDPR you can access, correct, export, or erase your data, and you can complain to a supervisory authority (in Portugal, the CNPD; or the authority in your own country). Two of those rights are self-service, right in the app:
- Export my data — in the sign-in menu once logged in; downloads everything we hold about you as a JSON file.
- Delete my account — same menu; erases your account, spots, availability and invite records immediately and permanently.
For anything else (e.g. correcting your display name), email butler@wildbutler.com — we respond within 30 days, usually much faster.
Changes
If this policy changes materially, the date above changes and signed-in users will be told on the dashboard.