the short version

We log what people search for on this site — never who searched it. No cookies, no accounts, no IP addresses, no ads, no cross-site tracking. If you sign up for the list, your email goes to Buttondown, our email service, and nowhere else — unsubscribe link in every email.

what we log

When you run a search on the parks page, we record the search itself: the query text (capped at 80 characters), the place you anchored on (like "Canmore"), coordinates rounded to roughly 10 km, the filters you picked (radius, stay type, amenities, activities, whether dates were set), how many results came back, and a timestamp.

When you click through to an operator’s booking page, we record which park it was and the operator’s domain.

These logs are first-party — they go to our own database, not to an analytics company — and identifier-free: nothing in a logged row ties it to a person, a device, or to any other row.

what we never collect

No IP addresses. No cookies. No accounts. No user-agent strings — we check whether a request looks like a bot, then keep only the verdict ("browser" or "unknown"), never the string itself. No fingerprinting. No cross-site anything. And we don’t sell personal data — there is none to sell.

location

When you click "use my location" the browser asks for your permission. If you grant it, your coordinates are sent to our server to run that search — that’s how the nearby results get computed. We store them only rounded to roughly 10 km, never with any identifier. Before they’re sent, the page already trims them to about 1 km precision.

Typing a city or park name instead never involves your position at all.

why we log searches

Two reasons. First, to make the directory better — zero-result searches tell us which parks, places, and filters are missing.

Second, a commercial one, stated plainly: we log what is searched — never who searched it — to find gaps in the directory and to produce aggregate market research, including reports and statistics we may sell or publish. These analyses only ever use the logs in aggregate.

how long we keep it

Indefinitely, in non-identifying form — the history is the point. If a logged row turns out to contain personal details (say, someone typed their home address into the search box), we delete it on discovery.

Want something checked or deleted? Email chris@calgaryanalytica.ca with "data request" or "delete me" and we’ll handle it within 7 days.

who processes the data

Cloudflare (US infrastructure) runs the site and stores the search and click logs.

Buttondown (US) stores email addresses for the list. If you sign up from a park page, the signup records which park page it was — that’s how future cancellation alerts will know what you care about. We don’t store your email anywhere else and we don’t share it. Buttondown’s privacy policy is at buttondown.email/privacy.

who answers for this

Chris Formoso is the privacy officer: chris@calgaryanalytica.ca. One person, one inbox — questions, corrections, and deletion requests all go there.

when this changes

When data collection changes, we update this page and date the change here.

2026-06-11 — we started logging searches and outbound clicks (described above). An earlier version of this page promised we’d note new data collection when it shipped; we noted it a day late, and we’re saying so.

2026-06-12 — we corrected this page. The earlier version said we ran no analytics, that your location never reached a server, and that we stored your filters in localStorage. The first two became false when search logging and server-side search shipped; the third was never true. This version reflects what the site actually does.