Privacy Policy

Last updated: June 2026

Tombo is a map and forum for regenerative communities. We collect the minimum data needed to run the platform — your email address and whatever you choose to share.

Data We Collect

When you create an account, we ask for your email address. This is used to send you a magic-link sign-in token — we never share or sell it. After sign-in, you may optionally provide a username, display name, bio, location text, and avatar image. Posts and comments you write are stored as written. Photos you upload are stored on Cloudflare R2. If you add a place to the map, its name, description, coordinates, and photos are publicly visible. Claim submissions include your stated relationship to the place and any evidence you provide.

How We Use Your Data

Your email is used only for authentication and essential account communications. Your profile information and posts are displayed publicly on Tombo as you intend. We do not run analytics, track you across the web, or show advertisements. No third-party tracking scripts are loaded.

Data Storage and Security

Data is stored in a PostgreSQL database hosted on our infrastructure. Uploaded media is stored on Cloudflare R2. Authentication sessions use secure, signed tokens. We use parameterized queries throughout — no raw string interpolation in SQL. Access to write endpoints requires an authenticated session.

Cookies

Tombo uses a single session cookie to keep you signed in. No tracking, advertising, or analytics cookies are set.

Your Rights

You can edit your profile at any time from Settings. You can delete your posts and comments. To request deletion of your account and associated data, contact us at hello@tombo.earth.

Contact

Questions about privacy? Write to hello@tombo.earth.