Privacy & Trust
How this site handles your data
This page is maintained by the owners of WA Road Trip to answer common questions about privacy, security and the photo-sharing feature. It is editable project content and is not an independent certification.
About this site
WA Road Trip is a personal itinerary site for a 14-day September 2026 trip through Western Australia. It is not a commercial service and does not sell anything. Most of the site is read-only travel content.
What we collect
The only data we collect directly from visitors is what you choose to send through the "Add a memory" photo form:
- A display name you type into the form.
- A short caption you type into the form.
- The image file you upload.
We do not ask for your email address, phone number, or location. We do not run third-party advertising trackers. Basic, aggregated traffic analytics may be collected by the hosting platform to show visit and pageview counts; this does not personally identify visitors.
How shared photos are stored and shown
- Uploaded photos go into a private storage bucket. They are not publicly listed.
- Every submission starts in a pending state and is hidden from the public Gallery until the site owner approves it.
- Approved photos are shown on the Gallery page via short-lived signed URLs generated server-side — not via permanent public links.
- Rejected submissions have their image file removed from storage.
Access control
- Only the site owner can view pending submissions and approve or reject them, gated behind a server-side password check.
- Uploads are restricted to a single
submissions/folder in storage so anonymous users cannot write to or overwrite other paths. - The database table that stores submissions has row-level security enabled: anyone can insert a pending row, only approved rows are publicly readable, and updates and deletes go through the owner-only moderation flow.
Removing a photo or your name
If you've shared a photo and want it taken down — or you'd like the name shown next to it changed — just get in touch and we'll remove or update it.
Third-party services
- Lovable Cloud — provides the database, storage and server runtime that hosts this site.
- Google Maps — embedded maps on the itinerary and day pages are loaded from Google.
- Unsplash — placeholder destination imagery is served from Unsplash's CDN.
What we don't claim
This is a personal project, not an enterprise product. We do not claim independent security audits, SOC 2 / ISO 27001 certification, GDPR/HIPAA/PCI compliance, or end-to-end encryption guarantees. We use the security controls described above and keep the site small on purpose.
Get in touch
Questions, a takedown request, or something on the site looks wrong? Reach out to the owner of this itinerary directly and we'll sort it out.