UK GDPR · PECR
Privacy notice
Plain-English description of every piece of personal data River Truth touches, why, and what your rights are. We aim to collect as little as possible.
Last updated: 2026-05-03
Who we are
River Truth is a transparency project surfacing public water-quality data for England and Wales. It is operated by Nexfort Data Limited, a company registered in England & Wales. The data controller is Nexfort Data Limited, contactable at data@rivertruth.uk. We are registered with the UK Information Commissioner's Office under reference ZB988860.
What we collect, and why
| Data | Why | Lawful basis |
|---|---|---|
| Email address (citizen reports, alert subscriptions) | To verify you submitted a report, and to deliver alerts you asked for. We send a magic-link confirmation before anything is published or activated. | Consent (alerts) · Legitimate interests (report verification) |
| Report content: latitude/longitude, free-text notes, photos, observed time, pollution tags | To map and corroborate citizen sightings against official monitoring data. Photos are stripped of all metadata (including any GPS or device tags) on upload. | Consent · Public-interest journalism |
| Alert preferences (river/canal/postcode scope, severity threshold) | To decide when to email you about a flagged incident in your area. | Consent |
| Stripe customer ID (paid tier only) | To link your subscription. Card details are never seen by us — Stripe handles all payment data. | Contract |
| IP address (transient) | Used only in memory for rate-limiting form submissions. Not written to our database. | Legitimate interests (security) |
What we do not collect
- No analytics (no Google Analytics, Plausible, PostHog, etc.)
- No advertising or tracking pixels
- No session recording or heatmap tools
- No cookies set by River Truth — see our cookie statement
- No fingerprinting, device-ID, or social-login tracking
Third parties
Some pages cause your browser to load resources directly from third-party services. Those services see your IP address as part of any normal HTTP request:
- OpenFreeMap (
tiles.openfreemap.org) — vector basemap tiles for the map view. - postcodes.io — looked up server-side when you search by postcode (your IP is not forwarded; only the postcode).
- UK Parliament Members API — looked up server-side when you view an overflow page; your IP is not forwarded.
- Wikimedia Commons — river and canal hero photographs.
- Cloudflare Turnstile — only on the citizen report form. Used to block automated submissions. No cookies; no cross-site tracking.
- Sentry — server-side exception capture for River Truth. We disable session replay and PII collection; IP addresses, cookies, and authorisation headers are stripped before events leave our server.
We do not embed scripts from third-party advertising or analytics providers.
MP information
On individual storm-overflow pages we display the name and party of the MP for the constituency containing that overflow, with a link to that MP's official Parliament contact page and to WriteToThem (mySociety). This information is public and is fetched live from the UK Parliament Members API under the Open Parliament Licence v3.0; we do not store MP details. We make no editorial claim about any MP's record on water-quality issues — they are shown solely as the elected representative for that location.
Data sources we publish
Most data on River Truth comes from public open-government feeds (Environment Agency, Natural Resources Wales, Canal & River Trust). These are licensed under the Open Government Licence v3.0 or equivalents. The full list and per-dataset attribution is on our credits page.
Where the publisher of a dataset has stated a usage caveat (for example, the EA's “analysis-ready” River Surveillance Network and Small Streams Network are intended for national-scale inference, not site-level compliance decisions), we honour that caveat in how we surface the data.
How long we keep it
- Confirmed citizen reports: retained indefinitely as part of the public record (subject to your right to erasure).
- Unconfirmed reports (no email click within 7 days): purged automatically.
- Verification tokens (magic-link confirmations): purged on use, or by a daily job after expiry (48h).
- Alert subscriptions: until you unsubscribe (unsubscribe link in every email; no login needed).
- Server access logs: retained 30 days for security only.
Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. Email data@rivertruth.uk and we'll respond within 30 days. If you're not happy with our response you can complain to the Information Commissioner's Office.
For erasure requests we offer two options — you tell us which you prefer:
- Full delete: your account, all your alerts, every report you submitted (including any approved ones), all your votes, and every photo you uploaded are removed.
- Anonymise but retain approved reports: your account is deleted along with your alerts, votes, and any unapproved reports. Reports that have already been approved as part of the public record are detached from you (transferred to an anonymous sentinel) with their photos cleared. The report's observation, location, and notes remain — your identity does not.
Every erasure action is logged for compliance evidence (who, when, what counts).
Right of reply (water companies, MPs, public bodies)
If you represent an organisation referenced on River Truth and believe a fact is wrong, contact data@rivertruth.uk with the page URL, the disputed fact, and any supporting evidence. We aim to acknowledge within 5 working days and either correct, annotate, or explain our sourcing.
Changes
If we change this notice we'll update the “Last updated” date above and, for material changes affecting existing alert subscribers, email you.