It describes what personal information we may be gathering from you, who can see this information, and what options you have for controlling this. OpenStreetMap developers, contributors and related companies will often use the OpenStreetMap name and logo to set up groups or services on third-party web sites. For example, there might be a Facebook page, a Google Plus page, a Slack channel, a page on Xing or LinkedIn, a Meetup group, and so on. Such services are outside of OSMF's control and might be located in countries with different data protection rules. Data you share on these platforms cannot, therefore, be covered by this policy.
You should always view OpenStreetMap systems and software with a questioning mind, and feel free to raise any concerns you have about matters of privacy via our Contact channels
As well as privacy issues, users and contributors must also be aware of the OpenStreetMap License. This includes disclaimers. We also have an Acceptable Use Policy covering various types of server usage.
GPS Trace Data
The uploading of GPS data is entirely optional and not a prerequisite for contributions to OpenStreetMap. If you do submit GPS data it is uploaded in the form of individual GPX files. These are kept as raw files, as well as imported into the database. GPX files can be marked "public" by the uploader; this is completely unrelated to the option of making one's edits "public".
When GPS data for an area is downloaded via the API no indication is provided of which user uploaded a point, or of the timestamp that was associated with the point. Points are however returned in timestamp order. GPS data downloaded in this way will include points from traces which were not marked as public.
If a GPS trace is marked as public when it is uploaded then the raw trace may be downloaded from the web site or using an API call. In this case the user's display name is shown (regardless of whether the user has made their edits public) and the timestamps in the GPX file will be included. Also, any additional information placed in the GPX file will still be present, e.g. waypoints with their names and/or notes entered, associated symbols, elevation data, etc.
All edits made to the map are recorded in the database with the user ID of the user making the change, and a timestamp at the time of change upload. In general all of this information is also made available to everyone via the website, including links to allow everyone to easily cross-reference which user has made which edit.
Editing programs (such as JOSM and iD) can store further data in the database that may be relevant to your privacy. Please refer to the respective authors and distributors of the programs for more information. For example, iD and JOSM may add your selected locale to the metadata of each changeset.
User 'home' location
If a user sets a home location then they will appear on the "nearby mappers" list for other people with a home location near theirs. This is an option on your account settings page.
The registered email address for an OSM user account, will never intentionally be published on the internet anywhere, shared with third party organisations, or revealed directly to other logged in users. Email addresses will be used by the server to notify the user if another user has sent a message through the website. Only System Administrators will have direct access to email address data. It may be used by these people to contact users directly about their edits or other OpenStreetMap related issues.
Note that some other types of Accounts used by developers/community do expose email address information more publicly (due to technical limitations of the software used, rather than policy decisions) The Trac system exposes your email address in plaintext on the page if the email address (rather than the display name) is used to login. The mailing list system exposes email addresses of people posting messages, in the archive web pages, but with obfuscation. If you want to post to the list, the system also requires you to register with your proper 'from' address, not a forwarding address.
The openstreetmap.org website supports the display of Gravatars, these are retrieved from gravatar.com by generating a globally unique key from your e-mail address. Our website software will check on the initial signup and on every email address change if you have a Gravatar for the new address and start displaying it if one exists. You can stop this behaviour by explicitly turning Gravatar support off in your account settings. You should be aware that, if a Gravatar is displayed, the key can be used to track your account over any website that has Gravatar support.
Note: the above behaviour is current as of August 19th 2016, previously the Gravatar key was exposed regardless of if you actually had a Gravatar or not.
Log files and Information submitted to OSMF Services
The OSMF operates a number of services for the OpenStreetMap community, examples are the openstreetmap.org website, the "Standard" style online map, the OSM API and the nominatim search facility.
Accessing any of the services via a browser or via applications that utilize the provided APIs produces records of that use, for example in webserver log files. Further we may operate user interaction tracking software that will generate additional records of user activity, for example Piwik. Services that use Geo-DNS or similar mechanisms to distribute load to geographically distributed servers will potentially generate a record of your location at a large scale (for example the OSMF tile cache network determines the country you are likely to be located in and directs your requests to an appropriate server).
These records are used or can be used in the following ways:
- in support of the operation of the services from a technical, security and planning point of view.
- as anonymised, summarised data for research and other purposes. Such data may be offered publicly via http://planet.openstreetmap.org or other channels and used by 3rd parties.
- to improve the OpenStreetMap dataset. For example by analysing nominatim queries for missing addresses and postcodes and providing such data to the OSM community.
The data collected on the systems will be accessible by the system administrators and the appropriate OSMF working groups, for example the Data Working Group. No personal information or information that could be linked to an individual will be released to third parties, except as required by law.
Communication via OSMF provided Systems
The OSM community uses a number of channels for public and inter-personal communication. Examples are the messaging system on openstreetmap.org, the OpenStreetMap forums, IRC channels and the mailboxes in the osmfoundation.org domain.
Some of the systems are operated and controlled by third parties and can be located in countries other than the UK. You will need to refer to the respective service providers for more information. By using those that are provided by the OSMF, for example the messaging system on openstreetmap.org, you agree to your communications being intercepted by OSMF system managers when necessary to address operational issues, to enforce our acceptable use policies, most notably to prevent SPAM, and to fulfil any legal obligations.
You should be aware of the above when communicating sensitive information and you should employ encryption to protect your communications content.
You can request your account to be removed and we will honor such requests as far as possible. If you have not actively contributed to the project we will not retain any records, user page, diary posts and similar will be removed. If you have contributed your account will be renamed to user_USERID and contributions and changeset comments will be retained with this name, diary entries and your user page will be removed. Since we do not allow anonymous edits we will non-publicly retain your e-mail address in case you need to be contacted with respect to your contributions.