Privacy

This app is a handful of static files served from a CDN, plus a single stateless function (used only on the Suffragette viewpoint) that proxies freight-data requests to Realtime Trains so that their API credentials stay server-side. The function logs requests as part of normal Netlify operation; it does not see your location, identity, or any in-app actions. Plus a privacy-friendly pageview count via Cloudflare Web Analytics (details below). Nothing you do inside the app — tapping the fact line, enabling walking time, watching the countdown — is tracked or reported back to me.

What's stored on your device

• A single localStorage flag (wtt_walking_enabled) that remembers whether you've turned the walking-time feature on. That's it. No other storage.
• A wtt_favourite_viewpoint flag remembering which viewpoint you've starred as your default.
• The PWA's service worker caches the app shell (HTML, CSS, JS, icons) so the app works offline. None of this is shared with me.

Geolocation

If you opt into the walking-time feature, your browser hands your latitude/longitude to this app's JavaScript code. Those coordinates are used client-side only — to compute distance to whichever viewpoint you've selected — and are never transmitted anywhere. They are not stored, logged, or sent.

You can turn the feature off at any time using the small off link next to the walking label, which stops the location watch and removes the localStorage flag.

Third parties your browser talks to

Because the app runs entirely in your browser, a few network requests go to third parties. I don't see any of these, but they may log your IP and user agent on their own servers:

• TfL Unified API (api.tfl.gov.uk) — for live train arrivals. TfL's own privacy policy covers what they do with their logs.
• Realtime Trains (via /.netlify/functions/freight) — only when viewing the Queens Road viewpoint. Their privacy policy covers what they log. My proxy forwards your browser's freight request to their API and returns their response unchanged; no user-identifying data is added.
• Google Fonts (fonts.googleapis.com and fonts.gstatic.com) — to load the Big Shoulders typeface.
• Netlify — the CDN that serves this site. Netlify logs requests as part of hosting the site.
• Cloudflare — provides DNS for this domain and also runs the pageview analytics (see next section).

Analytics

This site uses Cloudflare Web Analytics to count how many people visit. It's designed around not identifying individual visitors:

• No cookies. Nothing is stored in your browser by the analytics beacon.
• No fingerprinting. No device, canvas, or font fingerprinting.
• No cross-site tracking. Cloudflare doesn't build a profile of you across the web.
• What it does see: the page URL, referrer (if any), user agent, and a coarse country estimate from your IP.
• What it doesn't see: anything you do inside the app — the walking time, the facts you tap, the trains you watch.

Cloudflare publish their own privacy policy covering what they keep and for how long.

What I don't do

• No advertising or ad-network code.
• No account, login, or sign-up.
• No cookies set by this site itself.
• No third-party scripts beyond the Cloudflare pageview beacon and the Google Fonts loader.

Contact

Questions or corrections? Open an issue at github.com/bselby/Walthamstow-Train-Tracker/issues.

Last updated 25 April 2026