This Privacy Policy explains how Gyde (the "App"), produced by the developer of Gyde (the "developer", "we", "us"), collects, uses, and protects information when you use the App. Gyde is a location-aware guide that surfaces stories and points of interest near you, using data from open sources such as Wikidata, OpenStreetMap, and Wikimedia Commons.
1. Information we collect
1.1 Information you provide
- Account information. If you sign in with Apple, Apple shares an opaque user identifier with us. If you choose to share your name and email with the App, we receive and store those values to identify your account and send service-related messages.
- Password account (if used). If you create an account with an email address and password, we store your email and a salted hash of your password. We never store your password in plain text.
- Account deletion requests. If you ask us to delete your account, we record the request, including any reason you optionally provide, so that we can process it.
1.2 Information collected automatically
- Precise location (while in use). When you use features that require location, the App requests "While Using the App" location access. Your device's location is sent to our backend so it can return points of interest near you. We process the coordinates to fulfill the request; we do not build a long-term profile of where you have been.
- Device session metadata. When you sign in or refresh your session, the App sends a short device label (for example, "iOS device") and platform name to associate with your session so you can see and revoke sessions in the future.
- Authentication tokens. Access and refresh tokens are stored on your device in the iOS Keychain (via Expo SecureStore) and sent in API requests so you stay signed in.
- Audio recordings (microphone). When you use a feature that records audio, the App requests microphone access and records audio from your device. These recordings are sent to our backend to provide the feature you requested (for example, voice input or audio you choose to capture while exploring). We use audio recordings only to operate and improve the App's features. We do not use your audio recordings to train large language models (LLMs) or other artificial-intelligence models, and we do not sell them or use them for advertising. Microphone access is only requested when you actively use a recording feature, and you can revoke it at any time in your device settings.
- Server logs. Like most internet services, our backend may log basic request information (timestamps, request paths, response codes, error messages, and IP address as seen by the server) for reliability and abuse prevention. We do not use these logs for advertising.
1.3 Information we do not collect
- We do not use your audio recordings to train large language models (LLMs) or other AI models. Audio is used only to provide the App features you request (see Section 1.2).
- We do not use third-party advertising, marketing analytics, or cross-app tracking SDKs.
- We do not collect contacts, photos, calendar entries, health data, or HomeKit data.
2. How we use information
- To provide the core App experience: showing nearby stories and points of interest, playing narration audio, and remembering your account.
- To provide audio-recording features when you use them, and to operate and improve those features. We do not use your audio recordings to train LLMs or other AI models.
- To operate, secure, and improve the service (debugging, abuse prevention, capacity planning).
- To communicate with you about your account, including responding to support requests and confirming account deletion.
- To comply with legal obligations and respond to lawful requests.
3. Legal bases (EEA, UK, and similar regimes)
If the GDPR or UK GDPR applies to you, we process your personal data on the following legal bases:
- Performance of a contract - to provide the App's core features when you ask for them (for example, returning nearby points of interest after you grant location access).
- Legitimate interests - to keep the service secure, prevent abuse, debug errors, and maintain account integrity, balanced against your rights.
- Consent - for optional permissions you explicitly grant, such as precise location access. You can withdraw consent at any time in your device settings.
- Legal obligation - to comply with applicable laws.
4. Sharing and third parties
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with the limited service providers we need to operate the App:
- Apple. If you sign in with Apple, Apple processes your authentication and may share your name and email with us according to the choices you make in the Sign in with Apple dialog.
- Hosting provider. Our backend runs on a third-party server hosting provider. Server operators may have technical access to data at rest as needed to operate the infrastructure.
- Open data sources used to build content (not shared with). The points-of-interest, photos, and facts shown in the App are derived from public sources such as Wikidata, OpenStreetMap, Wikimedia Commons, and others. Google Places is used only for discovery and validation of public places, and Google data is not stored as canonical content (see our attributions). We do not send your personal information to these data sources.
- Law enforcement and legal process. We may disclose information if we believe in good faith that disclosure is required by law or is necessary to protect rights, safety, or property.
5. Data retention
- Account records and authentication identifiers are kept while your account is active.
- Refresh tokens expire and are rotated periodically.
- Operational logs are retained for a limited period for debugging and abuse prevention, then deleted or aggregated.
- Audio recordings are retained only as long as needed to provide the requested feature, and are deleted or anonymized when no longer needed or when you delete your account.
- When you request account deletion, we remove or anonymize personal data associated with your account within 30 days, except where we are required to retain certain records to comply with law, resolve disputes, or enforce agreements.
6. Your rights
Depending on where you live, you may have rights to access, correct, delete, export, or restrict our processing of your personal data, and to object to certain processing. You may also have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, email drewb97@gmail.com. We may need to verify your identity before acting on a request. To delete your account specifically, see our Account Deletion page.
7. Children
Gyde is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal data to us, contact drewb97@gmail.com and we will take appropriate steps to remove it.
8. Security
We use industry-standard practices to protect your information, including HTTPS in transit, salted password hashing, and short-lived access tokens combined with rotating refresh tokens. No system is perfectly secure; we do not represent that the App is immune from every attack. We do not claim any specific security certification (such as SOC 2 or ISO 27001).
9. International data transfers
Gyde is operated from the United States. If you use the App from outside the United States, your information will be transferred to and processed in the United States or other jurisdictions where our service providers operate. These jurisdictions may have data protection laws different from those in your country.
10. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Effective date" above. Material changes will also be announced in the App or by email where reasonable.
11. Contact
Questions about privacy or this policy? Email drewb97@gmail.com.
Appendix A - Apple App Privacy disclosures
This appendix maps the practices above to Apple's App Privacy questionnaire categories.
Data linked to you
- Contact info: email address and (optionally) name, used for account management and customer support.
- Identifiers: user account ID and the opaque Apple Sign-In subject identifier, used for app functionality and account management.
- User content: account deletion reason if you provide one, used for customer support; and audio recordings you capture when using a recording feature, used for app functionality. Audio recordings are not used to train LLMs or other AI models.
Data not linked to you
- Location (precise): coordinates sent to find nearby points of interest, used only for app functionality. Not used to build a persistent profile.
- Diagnostics: server-side request logs (timestamps, paths, status codes, IP as seen by server) used for app functionality and analytics-style operational metrics. We do not associate these with marketing identifiers.
Data not collected
- Health and fitness data, financial info, browsing history outside the App, search history, contacts, photos, advertising data, or third-party tracking identifiers.
Tracking
Gyde does not "track" you across apps and websites owned by other companies, as that term is defined by Apple's App Tracking Transparency framework. Gyde does not present the App Tracking Transparency prompt because it does not track.