Privacy Policy

Introduction

Streetwise ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS mobile application Streetwise (the "App").

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

• When you sign in with Apple, we receive a unique user identifier
• Display name and email address (if you choose to share them)
• Profile information you add (username, bio, profile photo, current location)

User-Generated Content:

• Photo spots, photo routes, and travel plans you create
• Workshops you organize or participate in
• Photos you upload to the app
• Messages you send in workshop chats
• Comments and interactions with other users' content

Workshop Collaboration:

• Meeting points you create or view
• Real-time location during active workshops (see Section 1.3)
• Workshop participation and membership status

Instagram Import:

• If you choose to import photos from Instagram, we connect to Instagram's API using OAuth authentication
• We access your Instagram username and your public media feed (photos and carousel albums)
• We only access and import the specific photos you select
• Your Instagram access token is stored locally on your device and is not sent to our servers
• We do not post to your Instagram account or modify your Instagram content in any way
• You can disconnect Instagram at any time, which revokes access and removes the stored token from your device

1.2 Information Collected Automatically

Device Information:

• Device type and model
• iOS version
• App version
• Unique device identifiers

Usage Information:

• Features you use within the app
• Content you view or interact with
• Time and duration of app usage

1.3 Location Information

Workshop Location Tracking:

When you participate in workshops, the app may collect and share your real-time location with other workshop participants for coordination purposes. This feature:

• Is workshop-specific: Only active when you're viewing an active workshop
• Requires your permission: iOS will first ask for "While Using App" location access, then may ask for "Always" access to enable background location updates
• Is shared with participants: Other accepted workshop members can see your location on the map
• Updates every 30 seconds: To balance real-time coordination with battery efficiency
• Background updates: If you grant "Always" location permission, your location continues to update when the app is in the background or the phone is locked. This only happens during active workshop events (between the event start and end dates) and only while you have location sharing enabled
• Automatically deleted after 24 hours: Your location data is permanently deleted via automated processes for privacy compliance (GDPR Article 5)
• Can be stopped at any time: You can stop sharing by toggling the location switch on the map, leaving the workshop, or revoking location permission in iOS Settings

Foreground Map Location (Optional):

Some screens include a "My Location" button (e.g., city maps, meeting point picker). When you tap it:

• The iOS location permission dialog only appears after you explicitly tap the locate button. Maps never request location permission on their own during normal browsing
• Location is used only while the app is open and active
• No background tracking is performed
• The location is not stored or shared unless you enable workshop sharing

Photo Library Access:

• We request access to your photo library only when you choose to upload a profile picture or share photos
• We only access photos you specifically select

1.4 Information We Do NOT Collect

• We do not use analytics or tracking services
• We do not collect browsing history outside the app
• We do not access your contacts
• We do not track your location outside of active workshop participation
• We do not collect device advertising identifiers

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide Core Features:

• Authenticate your account via Sign in with Apple
• Display your profile and content to other users
• Enable you to create and share photo spots, routes, plans, and workshops
• Facilitate workshop collaboration (chat, meeting points, location sharing)
• Allow you to follow other users and interact with their content

2.2 Maintain and Improve the App:

• Ensure the app functions properly
• Fix bugs and improve performance
• Develop new features
• Understand how users interact with the app

2.3 Communication:

• Send you in-app notifications about workshop activities
• Respond to your support requests
• Notify you of important updates or changes to the app

2.4 Security and Safety:

• Detect and prevent fraud or abuse
• Enforce our Terms of Service
• Protect the rights and safety of our users

3. Data Retention and Deletion

3.1 How Long We Keep Your Data

Account Data:

• We retain your account information as long as your account is active
• When you delete your account, we permanently delete all your personal information

User-Generated Content:

• Content you create (spots, routes, plans, workshops) is stored as long as you choose to keep it
• You can delete any content you've created at any time

Workshop Location Data:

• Automatically deleted after 24 hours via scheduled database cleanup (runs hourly)
• This ensures minimal data retention and compliance with privacy regulations (GDPR Article 5)
• Even if you delete the app or go offline, location data is automatically removed

Chat Messages:

• Workshop chat messages are retained as long as the workshop exists
• Deleted when the workshop is deleted by the organizer

Photos:

• Photos you upload are stored until you delete them
• When deleted, they are removed from our servers

3.2 Account Deletion

You can delete your account at any time through the app's settings. When you delete your account:

• All your personal information is permanently deleted
• Your user-generated content is removed
• Your photos are deleted from our servers
• Your profile is no longer visible to other users
• This action cannot be undone

4. How We Share Your Information

4.1 With Other Users

Public Information:

• Your profile (name, username, bio, profile photo) is visible to other app users
• Content you mark as "public" (photo spots, routes, plans) can be discovered by other users
• Your photos and posts are visible according to the privacy settings you choose

Workshop Participants:

When you join a workshop, other accepted participants can see:

• Your profile information
• Your real-time location (if you're sharing during an active workshop)
• Messages you send in workshop chat
• Meeting points you create

Private Content:

• Content marked as "private" is only visible to you
• We use row-level security to ensure your private content remains private

4.2 With Service Providers

We use third-party service providers to operate the app:

Supabase (Backend Infrastructure):

• Hosts our database and authentication services
• Processes data on our behalf
• Subject to their privacy policy: supabase.com/privacy

Apple (Authentication):

• Provides Sign in with Apple authentication
• Subject to Apple's privacy policy: apple.com/legal/privacy

Mapbox (Maps):

• Provides map visualization for photo spots and workshops
• Subject to Mapbox's privacy policy: mapbox.com/legal/privacy

Instagram / Meta (Photo Import):

• Used only when you choose to import photos from Instagram
• Provides OAuth authentication and media access via the Instagram Graph API
• Subject to Meta's privacy policy: facebook.com/privacy/policy

4.3 For Legal Reasons

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different Privacy Policy.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

Technical Measures:

• All data transmitted between the app and our servers is encrypted using HTTPS
• Passwords are not stored (we use Sign in with Apple)
• Database access is protected by row-level security policies
• API keys are securely stored and never exposed in the app
• EXIF metadata (including GPS data) is stripped from uploaded photos

Organizational Measures:

• Access to user data is restricted to authorized personnel only
• Regular security audits and updates
• Automatic deletion of sensitive data (e.g., location data after 24 hours)

Your Responsibility:

• Keep your device secure with a passcode or biometric lock
• Do not share your account credentials
• Report any suspected security issues to info@mattiacompagnucci.com

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

6.2 California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your rights

6.3 How to Exercise Your Rights

To exercise any of these rights:

1. In-App: Go to Settings → Account → Privacy Settings
2. Email: Contact us at info@mattiacompagnucci.com
3. Account Deletion: Settings → Account → Delete Account

We will respond to your request within 30 days.

6.4 Request Deletion of Specific Data (Without Deleting Your Account)

You can delete specific data without deleting your entire account:

• In-App: Delete individual photos, photo spots, routes, and plans directly from within the app at any time
• Profile data: Update or remove your bio, profile photo, and location via Settings → Edit Profile
• By email: To request deletion of specific data that you cannot remove yourself in the app (e.g. chat messages, workshop participation records), contact us at info@mattiacompagnucci.com with the subject line "Data Deletion Request" and specify what data you would like deleted

We will process your request within 30 days. Note that some data may be retained for legal or security reasons as outlined in Section 3.

7. Children's Privacy

Streetwise is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@mattiacompagnucci.com. We will delete such information from our systems.

8. International Data Transfers

Our servers are hosted by Supabase. If you access the app from outside the hosting region, your information may be transferred to, stored, and processed there.

We ensure that data transfers comply with applicable data protection laws through:

• Standard contractual clauses approved by the European Commission (for EU users)
• Other legally approved transfer mechanisms

9. Third-Party Links

The app may contain links to third-party websites or services (e.g., photographer websites, city tourism sites). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

• Posting the new Privacy Policy in the app
• Updating the "Last Updated" date at the top of this policy
• Sending you an in-app notification (for material changes)

Your continued use of the app after changes are posted constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

12. Specific Privacy Disclosures

12.1 Apple Privacy Nutrition Labels

For transparency and compliance with Apple's App Store requirements, here's a summary of data collection:

Data Used to Track You: None

Data Linked to You:

• Contact Info (email, if provided via Sign in with Apple)
• User Content (photos, spots, routes, plans, workshops, messages)
• Identifiers (user ID, device ID)
• Location (only during active workshop participation, with explicit permission)
• Third-Party Data (Instagram username and photos, only if you choose to use the Instagram import feature)

Data Not Linked to You:

• Crash logs and diagnostics (if enabled)

12.2 Data Processing Legal Basis (GDPR)

We process your personal data under the following legal bases:

• Contract: To provide the services you request (GDPR Art. 6(1)(b))
• Consent: For optional features like location sharing (GDPR Art. 6(1)(a))
• Legitimate Interests: To improve and secure the app (GDPR Art. 6(1)(f))
• Legal Obligation: To comply with applicable laws (GDPR Art. 6(1)(c))

12.3 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.