Skip to main content
viewmygpx

Privacy policy

viewmygpx is a free, browser-based tool for opening, viewing, converting, and editing GPX files. The defining property of the tool is that your files are processed entirely in your browser and never reach a server we operate. This policy explains what that means in practice, the small amount of data we do collect, and how we handle it.

We are a small group of off-road hikers and cyclists. Privacy on this site is not a compliance posture — it is the architecture of the product. The viewer, editor, and converters all run client-side in JavaScript; the only data flowing back to anyone is the kind of request data every website sees.

The headline: your GPX files never leave your browser

When you drop a .gpx file on the viewer, the page reads it via the W3C File API — the same browser interface behind every native "Choose file" dialog. The file's bytes go into JavaScript memory in your browser. The XML is parsed locally using the browser's native DOMParser. The route renders, the stats compute, and the conversion or edit runs — all in your browser's tab.

At no point does the file content travel over the network to anyone operating viewmygpx. There is no backend that processes GPX. There is no opaque cloud function. There is no "upload to preview." When you close the tab, the file is gone from memory; the only copy that ever existed was the one already on your device.

Share links use the URL fragment — the part after the # in the URL — to encode the file. Browsers do not transmit URL fragments to the server when fetching the page, so sharing a link does not transmit the route content to us either.

What we don't collect

  • The contents of any GPX file you open. Coordinates, timestamps, elevation, sensor data, waypoints, names — none of it.
  • Account information. There are no accounts. No email, no password, no profile.
  • Persistent identifiers. Google Analytics sets first-party cookies (_ga, _ga_JPMSXJ592Y) that contain a random visitor ID for anonymous traffic counting. No name, no email, no fingerprinting, no localStorage that identifies you. The cookies are documented in the cookie policy.
  • Anything you type into the editor metadata fields. Track names, descriptions, and other metadata stay in your browser along with the rest of the file.

What we do collect

Three things, all minimal and standard for any website:

  • Server access logs. Every request to the site generates an entry in our hosting provider's logs containing the request URL, your IP address, the user agent string, and a timestamp. These are normal HTTP request logs that any website receives. They allow us to see traffic patterns and diagnose errors. We do not enrich them with extra identifiers.
  • Anonymous, aggregate page-view counts via Google Analytics 4. Property ID G-JPMSXJ592Y. Records page-view counts, general browser and OS categories, country-level location, and session paths through the site. The GPX file content is never sent to Google Analytics — analytics only sees the URL of the page you are on, not your file. Data retention is set to GA4 defaults (2 months for user-level data, 14 months for event-level). Opt out via the browser add-on at tools.google.com/dlpage/gaoptout.
  • Email correspondence you send us. If you write to hello@viewmygpx.com, we keep the email so we can read it and reply.

How we use it

Server logs and aggregate analytics are used to keep the site running and to make it better — fixing broken pages, finding pages that need clearer writing, noticing when a sample file gets a lot of downloads, watching for traffic anomalies that might indicate abuse. We do not build profiles of individual visitors. We do not sell or rent any of this data.

Email correspondence is used to read your message, reply if a reply is appropriate, and act on corrections you flag. Editorial corrections may be reflected in the changed pages.

Map tile providers

When the viewer renders your route on a map, your browser requests map tile images from the configured provider — Stadia Maps, OpenStreetMap, or Esri World Imagery, depending on which base layer is active. Tile requests reveal the geographic area you are viewing to that provider. That data is governed by the provider's privacy policy, not ours; we link to the relevant policies in the cookie policy below.

The tile provider does not see your full GPX file — only the bounding boxes of the tiles your browser requests as you pan and zoom.

To show human-readable place names instead of internal route slugs (e.g. "Slovenj Gradec → Maribor"), the viewer sends the start and end coordinates of your route to OpenStreetMap's Nominatim reverse-geocoding service. Only those two coordinates are sent — not the full route, not the trackpoints in between, not the file metadata. Resolved place names are cached in your browser's sessionStorage so the lookup runs at most once per route per session.

Cookies

viewmygpx sets two first-party cookies, both from Google Analytics 4: _ga (random visitor ID for counting returning visitors) and _ga_JPMSXJ592Y (session state). Both expire after 2 years. Beyond those, the page sets no first-party cookies — no preference cookie, no login cookie, no tracking pixel under our domain. Third-party services (map tile providers, CDN, future advertising) may set cookies under their own domains. The full list and how to control them is in the cookie policy.

Future advertising

The site is funded out of pocket today. The long-term plan is to support it through display advertising on guide pages — never on the viewer, editor, or converters. If and when an ad network is enabled, cookies, identifiers, and data flows used by the network will be added to the cookie policy and disclosed in this privacy policy before the network goes live.

We will never run advertising that interrupts the tool itself — no modal interstitials, no popup blockers, nothing that prevents you from getting to the route view.

Sharing

We do not sell, rent, or trade visitor data. We share data only in these limited cases:

  • Service providers we depend on (the hosting provider running the site, the email provider receiving messages, the map tile provider serving the tiles) receive the data they need to do their job and nothing more. They are bound by their own privacy policies and contracts.
  • Legal requirements. If we receive a valid legal request for the limited data we hold, we may comply. We are unable to produce GPX file content under any legal request because we do not have it — the file never reached us.

Children

viewmygpx is a general-audience tool. We do not target the site at children, do not collect age information, and do not intentionally collect data from children. Children using the tool are processing files in their own browser exactly the same way an adult is — locally and without transmission to us.

Links to other sites

Pages on viewmygpx link to many third-party sites — TopoGrafix and OGC for format references, Strava and Komoot and Garmin Connect for platform guides, OpenStreetMap and others. When you follow a link, the destination site has its own privacy policy that governs what happens there. We have no control over those policies.

Updates to this policy

When we change something material — a new analytics provider, an ad-network rollout, a new third-party service — we update this page. The change takes effect when the page is published. There is no special notification mechanism beyond the page itself.

Trivial wording changes (typos, minor clarifications) are made in place. The git history of the site is public for anyone wanting the full audit trail.

How to reach us

Privacy questions, data-access requests, or anything about how the site handles data: email hello@viewmygpx.com with the word "privacy" in the subject. We read every message and reply when a reply is helpful. We are a small group, not a corporate privacy department; we don't promise specific response times, but we do read everything.