Privacy and GDPR

When you sign up for Cartographer, we collect certain pieces of personal data from you. This page provides an informal explanation of the main arrangements we have in place concerning this data.


This page is not a substitute for the Cartographer privacy policy or the other documents in the legal section of our web site.

Our privacy policy sets out exactly what personal data we collect, what we do with it, and who we share it with. It is the definitive document to consult if you have questions about how we handle your personal data.

This page is a supplementary guide that explains why we’ve set things up the way we have. It is not a formal legal document and does not use formal legal terms. If there are discrepancies between this document and any of our other legal documents, the relevant legal document should be considered the accurate source of information.

Account Data

When you sign up to Cartographer we ask you to enter three pieces of personally identifiable information: your name, your email address, and a screen name. We also generate a large randomized hexadecimal user ID. Together these four pieces of information make up your account data. Here’s an example:

  • Name: Jane Doe
  • Email:
  • Screen Name: Jane the Map Maker
  • User ID: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee

Of these four pieces of data we consider two to be “sensitive” and two to be “non-sensitive”:

  • Sensitive: name and email;
  • Non-sensitive: screen name and user ID.

Sensitive Data

We restrict access to sensitive data to key people: our team, the service providers who run parts of our platform, and key administrators at the company or organisation running your Cartographer workspace (called a workspace operator – we’ll discuss this in more detail below).

For example, if Jane is a volunteer collecting data for Acme Wildlife Trust, people working on behalf of Cartographer Studios and Acme Wildlife Trust will have access to her sensitive personal data.

Note that this doesn’t mean all people at Acme Wildlife Trust. Names and email addresses only appear in specific admin areas within the Cartographer web site and workspace operators can restrict access to these areas to key personel only.

Non-Sensitive Data

The non-sensitive parts of your account data can be accessed more widely by other Cartographer users. For example, they appear on every survey form you submit and in reports, downloads, and exports.

Your user ID provides a pseudonymised way of referring to your user account. For example, we include the user ID of the surveyor in downloaded and exported survey data. People can’t determine who you are by looking at your user ID, but they can find out which surveys were recorded by the same account.

You screen name provides a way for you to opt in to sharing minimal personally identifiable information. It defaults to your real name allowing you to be acknowledged for the surveys you submit. However, you can optionally change your screen name to something non-personally-identifiable to preserve your anonymity.

We consider your name and email address to be sensitive data. They only appear on restricted admin pages within Cartographer and only the key people described above have access to them.

Workspaces and Workspace Operators

Cartographer isn’t a single web site – it is a family of different sites run by different organisations. We call these sites workspaces. Some workspaces are used to record data for a single project or monitoring initiative, others hold data for many.

Each workspace is run by a particular company or organisation that we refer to as a workspace operator. You can see the name of the workspace at the top left of Cartographer when you log in and the name of the operator in the footer of the page:

The workspace operator is partially responsible for processing your personal data. Certain people at the operator organisation are responsible for managing user accounts within the workspace, and those people have access to your complete account data including your name and email address.

The Cartographer privacy policy governs our use of your personal data but it doesn’t set out exactly how the workspace operator handles it. We delegate that information to the operator’s own privacy policy.

We include a link to the workspace operator’s privacy policy in the footer of every Cartographer web page. Section 3 of our privacy policy ties the two together.


Part of the GDPR states that we have to tell you exactly how we process your personal data. This includes what personal data we collect from you, what we do with it, and who we share it with. Another part states that we have to obtain your explicit permission to process your data in this way.

Our processing of personal data is set out formally in our privacy policy, and is complimented by the terms and conditions in the legal section of our web site. We ask you to thoroughly read and explicitly agree to these documents when you first log in to Cartographer. Please ask if you have any questions and only click “accept” if you fully understand and agree.

If we change any of our legal documents, we will ask you to re-read and re-agree to them the next time you log in. This way you are always aware of our most up-to-date policies.

If you have any questions about any of our legal documents or any changes, you can reach our team by emailing or by using the contact form on this web site.