Privacy policy

The controller of data processed on GRIDMS is the person running this project. For any matters regarding personal data and privacy (including exercising your rights), you can write to: kontakt@gridms.pl.

You can browse the informational pages (calendar, events, map) without logging in or providing any data. We process personal data only when you choose to use the community features:

• Account data: email address, a hashed password (bcrypt — we never store the password in plain text), your public nickname, and the dates your account was created and your email confirmed.
• Content you publish: car photos with their description, city and hashtags, ratings (1–5), and comments and replies. We automatically strip EXIF metadata (including GPS location) from uploaded photos before storing them.
• Technical data: a minimal session token that keeps you signed in, plus anonymised, aggregated visit statistics (Vercel Analytics — cookieless and not allowing identification of an individual).

We process data only to the extent necessary and for clearly defined purposes:

• Running your account and enabling the community features — based on providing the service to you and our legitimate interest (Art. 6(1)(b) and (f) GDPR).
• Verifying your email at registration (a one-time link) — to confirm the account and limit abuse/multiple accounts (Art. 6(1)(f) GDPR).
• Publicly displaying the photos, ratings and comments you add — based on your voluntary consent given at publication, which you can withdraw at any time by deleting the content (Art. 6(1)(a) GDPR).
• Security and moderation — profanity filtering, anti-spam limits and photo approval before publication (Art. 6(1)(f) GDPR).

We do not sell your data or share it for marketing. We only use trusted providers (processors) that process data on our behalf, as needed to run the site:

• Neon — hosted PostgreSQL database storing account data and content.
• Vercel — site hosting and Vercel Blob, where uploaded photos are stored.
• Resend — sending the verification email.
• Vercel Analytics — anonymised, aggregated traffic statistics (no cookies).

Some of these providers may process data on servers outside the European Economic Area (including in the USA). This takes place on the basis of Standard Contractual Clauses and other mechanisms provided for by the GDPR.

We keep account data and the content you publish until you delete your account or the given content. You can delete your comments at any time, and you can have your account and its associated content removed by contacting us. One-time email verification tokens expire after 24 hours. Aggregated visit statistics do not allow identification of an individual.

In connection with the processing of your data, you have the following GDPR rights:

• the right to access your data and obtain a copy,
• the right to rectify inaccurate data (you can change your nickname yourself in the account panel),
• the right to erasure (the "right to be forgotten"),
• the right to restrict processing,
• the right to object to processing based on legitimate interest,
• the right to data portability,
• the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

To exercise these rights, write to us at: kontakt@gridms.pl.

You also have the right to lodge a complaint with a supervisory authority — in Poland this is the President of the Personal Data Protection Office (UODO).

By uploading a photo you declare that it is yours and that you have the right to publish it, and that it does not infringe the rights or personal interests of others. Photos go through moderation and appear publicly after approval. In comments we automatically mask profanity, and anti-spam limits restrict overly frequent posting.

You can edit or delete your own comments at any time. If you want to delete your account or report content that breaches the law or your personal interests, write to us and we'll handle it.

We do not use cookies for tracking or advertising profiling. Once you sign in we store a necessary session token that keeps you logged in — without it login does not work. The visit statistics (Vercel Analytics) are cookieless and anonymised.

The site contains links to the official websites of event organisers (including ticket purchases). Once you follow those links, their own privacy policies apply, over which we have no control.

Some imagery on the site was generated using AI tools and is clearly labelled as a visualisation — it does not represent real photographs of the people described or specific editions of the events. Photos in the car-spotting gallery come from users, who are responsible for them.

Event, organiser and brand names belong to their owners and are used for informational purposes only. The project claims no rights to them.

Event data is based on public, official sources. Where a 2026 date has not yet been confirmed, we label it as "Date soon". Always confirm current information on the official website of the given event.