Privacy Policy

What data are collected by Escalibur?

In order to register with, users are only required to provide the following details:

  • Valid email address
  • Nationality

Users are required to explicitly consent to:

  • Terms of Service (required)
  • This Privacy Policy (required)
  • Subscription to the Newsletter (optional)
  • Sending of marketing communications by email (optional)

Users are also required to choose:

  • A username
  • A password

The following is set automatically by the system:

  • Default language (based on the language selected from the list and used for registering with the website)
  • System notification values

After registering, users may add/edit/remove the following from their personal profile:

  • Profile image
  • Name
  • Surname
  • Town/city
  • Date of birth
  • Years of climbing experience
  • Short presentation
NB: These (optional) details are not required

Users may change notification settings for (messages, congratulations, comments).

Details of ascents to routes/boulders/multipitches can be entered optionally and can be:

  • Public (publicly available on the Internet)
  • Private (only visible by the user)
  • Protected (remain private for 30 days, then become public)

This setting applies to each ascent, though it can be set as a default value in the User Area settings.

For each ascent users can also provide further optional details, such as:

  • Comments
  • Photos

Which data are published on the website?

The following user data, if provided, are published on the website: first name, surname, country, town/city, presentation and profile picture.

All uploaded pictures, even if in low resolution, are public.

Certain data are masked. Only the year is shown for: date of birth, date of registration and year when user began climbing.

Messages between users are private.

The email address is private.

Followed users are only visible to the user.

The "preferred crag" preference is public.

Comments and ratings of crags are public.

Details of route ascents can be: public, private or protected, based on the general settings or specific settings chosen by the User from time to time. See Section What data are collected by Escalibur?

Where are data collected by stored?

Data contained in the application are stored in a data center located in Italy.

Database backups are carried out regularly so that data can be restored if the website is compromised. Data are kept for a maximum of 12 months.

Data are stored on a MariaDB open-source application, which is updated on a dedicated server located in Italy.

The website cache is distributed on a Cloudflare WorldWide Content Delivery Network (CDN) to speed up access to the website.

How can users obtain copy of their personal data from

Users are entitled to export their ascent details from their User Area in a CSV, Excel or HTML file using the dedicated function.

User's personal data are displayed in the User Area.

Copies of uploaded photos can be requested via the contact form.

How to edit one's personal data on

Users can edit their profile from the User Area.

How to delete one's personal data from

Details of each ascent can be deleted individually.

Select Remove account from the Profile section in the User Area to::

  • delete your profile details, photos, comments and activities
  • render details of ascents to routes, blouders and multipitches anonymous *
  • disable your account

* after removing comments, photos and user’s personal data, details of ascents are no longer personal data referable to a specific person, and will therefore be held anonymously in the website after account removal. Users may nonetheless delete details of each ascent before removing their account. Alternatively, they can use the contact form to request complete removal of all ascent details before removing their account.

Which data does transfer to third parties? uses the Google Analytics web analytics system and cookies.

The tracking code has been appropriately configured for IP anonymization in Analytics with links to AdWords, AdSense, AdExchange disabled. uses Mailchimp to send regular newsletters.

For this purpose it transmits certain user data to Mailchimp via API: username, user id, email, first name, surname, country, language, last visit to the website, number of routes.

Mailchimp declares its compliance with the GDPR About the General Data Protection Regulation

Escalibur uses the Cloudflare system to improve website speed, distribute contents and increase website security.

Cloudflare GDPR declaration Cloudflare & the GDPR

How long does keep your personal data for?

User data required for the provision of services are kept until the user account is removed. After removal of the user account, ascent details can be rendered anonymous (removing references to the user, photos or comments) and kept in the website.

Session data are stored (in cookies) so the user doesn't have to re-enter the same login information to access the website. Session data are automatically deleted if the user doesn't log into the website for 30 days.

What security measures have been put in place to prevent data breaches (unauthorized access to personal data)?

The website is hosted in a high-security data center in the Milano Caldera complex next to the Milan Internet eXchange (MiX), with controlled, supervised access.

The website is hosted on a dedicated Virtual Private Server (VPS) so as to avoid vulnerabilities coming from other websites hosted on the same server. The VPS uses the Debian Linux operating system, which is kept updated and monitored by specialized technicians.

The application uses an opensource PHP framework and a MariaDB database. Every time our programmers add new features to the website, each website release is first tested on a staging site and then migrated to a production site.