Privacy Policy

Last updated: Jun 2026

1. Introduction

WhereToSettle (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what information we collect when you use the WhereToSettle service, how we use it, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the data controller for the purposes of this policy. Our service helps you explore neighbourhood data — crime statistics, schools, transport links — for any UK postcode or area. No account is required to browse the map. Some features, including saving areas and running criteria searches, require an account.

By using WhereToSettle, you acknowledge that you have read and understood this policy. If you have any questions, please see the Contact Us section below.

2. What Data We Collect

We collect limited information that is necessary to provide the service:

  • IP address — automatically collected with each request you make to our servers, as is standard for all web services. This is handled by our hosting provider, Vercel.
  • Search queries — the postcodes and area names you enter into the search bar, used to return relevant neighbourhood data for your chosen location.
  • Email address — collected when you create an account or sign in to WhereToSettle. Used solely for authentication and to associate your saved searches with your account. We do not use your email address for marketing without your explicit consent.
  • Saved areas — if you create an account, we store the areas you save, including postcode district, display name, and any notes you add.
  • Account activity — if you create an account, we record the time of your last activity on the service (such as the last time you used the map or ran a search). This is used solely for service improvement and to identify inactive accounts.
  • Approximate location — if you choose to tap “Use my location”, your device uses its GPS or network geolocation to centre the map. This coordinates data is used momentarily within your browser session only and is never transmitted to or stored on our servers.
  • Browser and device information — Mapbox, our map provider, may collect technical information about your browser and device as part of rendering interactive map tiles. This is governed by Mapbox's Privacy Policy.

We do not collect your name or any other directly identifying information beyond what is listed above. Your email address is only collected if you choose to create an account.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • To provide the WhereToSettle mapping service — fetching crime, school, and local authority data for your searched area;
  • To cache API responses in our Supabase database, which improves performance and reduces unnecessary load on upstream public data sources;
  • To monitor the reliability and performance of the service and diagnose any errors;
  • To comply with applicable legal obligations.
  • To record account activity timestamps to help us understand how the service is being used and identify inactive accounts.

The legal basis for processing your data is our legitimate interests under UK GDPR Article 6(1)(f) — specifically, our interest in providing a functional, reliable, and performant service. We have balanced this against your interests and fundamental rights, and we believe the processing does not override your rights given the limited and non-sensitive nature of the data involved.

4. Third-Party Services We Use

We work with a small number of trusted third-party services to operate WhereToSettle. Where relevant, links to their privacy policies are provided below.

Mapbox powers the interactive map. Mapbox runs client-side in your browser and may process your IP address and viewport information. Mapbox Privacy Policy ↗

Supabase is our database and authentication provider, used to store account data (email address, saved areas). Servers are located in the EU West (Ireland). Supabase Privacy Policy ↗

Stripe processes subscription payments. Stripe handles all payment card data directly; we do not store card details on our servers. Stripe Privacy Policy ↗

5. Cookies

WhereToSettle does not use advertising cookies, tracking pixels, or analytics cookies.

Mapbox may set functional cookies in your browser when rendering map tiles — for example, to authenticate tile requests or store map rendering preferences. These are strictly necessary for the interactive map to function and are not used for any advertising or cross-site tracking purpose.

We also set a short-lived authentication cookie (wts_pending_redirect) when you sign in from certain pages, to ensure you are redirected back to the correct page after verifying your email. This cookie expires within 30 minutes and contains no personal data.

You can manage or delete cookies through your browser settings at any time. Please be aware that disabling Mapbox cookies may prevent the map from displaying correctly.

We use Vercel Analytics to understand how the service is used in aggregate. Vercel Analytics does not use cookies or collect personally identifiable information.

6. Data Retention

  • Cached crime and neighbourhood data — stored in our Supabase database for up to 30 days, after which it is automatically purged.
  • Server access logs (including IP addresses) held by Vercel are retained in accordance with Vercel's own data retention schedule.
  • Geolocation data from “Use my location” is used only within your browser session and is never stored on our servers.
  • Search queries are used transiently to fetch data; we do not maintain a log of searches tied to individual users.
  • Account data, including your email address and saved searches, is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us.
  • Account activity timestamps are updated each time you use the service and retained for as long as your account is active.

If you do not create an account, no persistent record links your activity to your identity.

7. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and are subject to certain exemptions.

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to erasure — you can request that we delete your personal data where it is no longer necessary for us to process it.
  • Right to restriction of processing — you can ask us to restrict how we use your data while a complaint or query is being resolved.
  • Right to data portability — where processing is based on your consent or a contract, you can receive your data in a structured, commonly used, machine-readable format.
  • Right to object — you can object to processing carried out on the basis of legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
  • Right to lodge a complaint — you have the right to complain to the UK's supervisory authority, if you believe we have not handled your data lawfully.

To exercise any of these rights, please contact us using the details in the Contact Us section. We will respond within one calendar month, as required by UK GDPR.

8. No Data Sold to Third Parties

We will never sell, rent, trade, or otherwise transfer your personal data to third parties for commercial purposes.

Data is shared only with the specific third-party service providers listed in Section 4, and only to the extent strictly necessary to deliver the WhereToSettle service to you.

9. Children

WhereToSettle is not directed at children under the age of 13. We do not knowingly collect or solicit personal data from children.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately using the details below and we will take steps to delete that information.

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern, please email us at contactus@wheretosettle.co.uk. We aim to respond within one month, as required by UK GDPR.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will revise the “Last updated” date at the top of this page.

We encourage you to review this policy periodically. Where changes are material, we will take reasonable steps to bring them to your attention. Continued use of WhereToSettle after any changes constitutes your acceptance of the updated policy.

12. WhereToSettle Browser Extension

WhereToSettle offers a browser extension for Google Chrome that adds neighbourhood data alongside property listings on Rightmove and Zoopla. This section explains what data the extension accesses and how it is handled.

What the extension reads from listing pages

When you visit a Rightmove or Zoopla property listing, the extension reads the following information directly from the page: the listing price, property type (e.g. flat, detached), and the property's location (latitude/longitude coordinates or postcode district). This data is read locally in your browser and is used solely to fetch relevant school and house price data from the WhereToSettle API.

What the extension sends to our servers

The extension makes requests to the WhereToSettle API (wheretosettle.co.uk) to retrieve school information and house price data for the area around the listing. These requests include the property's approximate location (coordinates or postcode district). We do not log or store these requests in a way that links them to your identity.

No browsing history is collected

The extension does not track which properties you view, does not record your browsing history, and does not transmit any data to third parties.

Mapbox

The extension uses Mapbox to display an interactive map of nearby schools. Mapbox may process your IP address as part of rendering map tiles. This is governed by the Mapbox Privacy Policy.

postcodes.io

On Zoopla listings where an exact property location cannot be determined, the extension may call the free public API at postcodes.io to geocode a postcode district to approximate coordinates. No personal data is sent to postcodes.io.