Atlasnap Privacy Policy

This Privacy Policy explains how Atlasnap (“we”, “us”, “Atlasnap”, “the app”) collects, uses, stores, and shares your personal data when you use the Atlasnap mobile application. We’ve written it in plain English so you can understand exactly what happens to your information.

Atlasnap is available worldwide. Different countries grant different rights — this policy describes the global baseline in Sections 1–10 and then sets out region-specific rights in Sections 11–13.

1. Who is the data controller

The data controller responsible for your personal data is:

Adrian Szabłowski
Ludwika Zamenhofa 2
33-300 Nowy Sącz, Poland

Contact email: adrian.szablowski.kontakt@gmail.com

For any privacy-related questions, requests, or to exercise the rights described in this policy, write to that email and we will respond within 30 days.

2. Who Atlasnap is for

is intended for users aged 16 and older. We do not knowingly collect personal data from anyone under 16. If you are based in a country with a lower age threshold for digital consent (for example 13 in the United States under COPPA), the 16+ rule still applies — Atlasnap is simply not directed to anyone under 16. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

3. What data we collect, why, and our lawful basis

We process the minimum data needed to make Atlasnap work. The lawful bases we rely on under the General Data Protection Regulation (GDPR)are: (a) performance of a contract — Article 6(1)(b), and (b) our legitimate interests in operating, securing, and improving the app — Article 6(1)(f). Where we rely on consent (Article 6(1)(a)), we say so explicitly. Where similar concepts apply outside the EU (e.g. CCPA “business purpose”, LGPD “execução de contrato”), we rely on the equivalent local basis.

3.1 Account data

3.2 Trip content you create

When you use Atlasnap, you can create trips. These are stored in our database while your account exists:

• Trip title, dates, optional note
• City, country, country code, latitude/longitude of trip locations (selected by you via place search)
• Photos you choose to attach to a trip
• Optional timeline entries (transport, stay, activity, food, notes) including titles, descriptions, dates, optional location and optional cost amount/currency
• Trip member relationships (which of your friends you invited and their response)

We do not read photo EXIF metadata or your photo library beyond the photos you explicitly select.

3.3 Social graph

If you add another Atlasnap user as a friend, we store the friendship record (requester ID, receiver ID, status, timestamps). Only you and the other party to the friendship can see it.

3.4 Subscription data

When you purchase Atlasnap Plus or Atlasnap Pro, Apple processes the payment. We never see your payment card or Apple ID password. We receive a receipt and entitlement status from RevenueCat (our subscription processor) which we use to unlock features in the app. The information we hold is limited to: which tier you are on, when the subscription renews, and your RevenueCat customer identifier (which equals your Atlasnap user ID).

3.5 Usage analytics

We use Amplitude to understand which parts of the app are useful and which are not. The events we record are limited to a fixed list of product events, such as: onboarding step viewed, onboarding completed, first trip created, paywall shown, purchase completed. These events are tied to your Atlasnap user ID but neverto: your advertising identifier (IDFA), your carrier, or your IP address. We have disabled all three of those in our Amplitude configuration. Amplitude data is stored on Amplitude’s EU servers.

3.6 Place search

When you type into the location field, we send the text you typed to Geoapify (a German company) to return candidate places. Geoapify is the geocoding provider and processes the search text under their own privacy terms. We do not send Geoapify your account email or user ID.

3.7 Technical data

When you use the app, we and our processors automatically collect:

• Your device type and operating system version (used for crash diagnostics and compatibility)
• The app version you are running
• Locale and time zone (used to format dates correctly)
• Anonymous usage statistics in Amplitude as described above

We do not track your device location in the background. The only location data we hold is the locations you explicitly attach to a trip by searching for a place.

3.8 What we do not collect

We do not collect:

• Phone numbers
• Date of birth
• Home address
• Real-time device location
• Photo library content beyond the photos you select for a trip
• Cross-app advertising identifiers
• Contact list / address book
• Biometric data
• Precise geolocation as defined by CCPA (we only store coordinates of places you explicitly attach to a trip, not your device’s real-time position)

4. Where your data is stored and processed

Transfers outside the European Economic Area, the United Kingdom and Switzerland are protected by the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and where applicable the EU-US Data Privacy Framework and the UK Extension to it. We have signed Data Processing Agreemen with each of these processors.

If you are located outside the European Economic Area, your personal data may still pass through our EU infrastructure on its way to and from your device. By using Atlasnap you accept this transfer to and from the EU and, where applicable, onward transfer to the limited US-based processors listed above under appropriate safeguards.

5. How long we keep your data

When you delete your account (see Section 7), we delete your profile, trips, photos and friendships from our active database and storage immediately. Backups containing your data are rotated out within 7 days. Subscription transaction records may be retained in anonymised form for tax purposes.

6. How we secure your data

• All traffic between the app and our backend uses HTTPS / TLS.
• The database has Row-Level Security policies that allow each user to access only their own data and the data they have been explicitly granted access to (such as trips with friends).
• Photos in storage are accessed only via short-lived signed URLs.
• Passwords are never stored by us because authentication is delegated to Apple or Google.
• Account deletion is enforced server-side: a database function verifies your identity and cascades the deletion through every related table and storage bucket.

No system is perfectly secure. If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where required, and you directly where required by law.

7. Your rights (global baseline)

Wherever you are, you have at least the following rights:

• Right of access — to know what data we hold about you and obtain a copy.
• Right of rectification / correction — to correct inaccurate data. You can edit your profile in the app at any time.
• Right to erasure / deletion — to delete your account and your data. You can do this yourself in the app via More → Profile → Delete account. If you cannot use the app, email us and we will delete your data within 30 days.
• Right to restrict processing — in certain circumstances.
• Right to data portability — to receive your data in a machine-readable format. Email us and we will provide your data within 30 days.
• Right to object — to processing based on our legitimate interests.
• Right to withdraw consent — where we rely on consent (such as gender data), at any time.

To exercise any right, email aontakt@gmail.com. We will verify your identity by reference to the email on your Atlasnap account before acting on a request.

8. What we do not do

• We do not sell your personal data within the meaning of California, Colorado, Connecticut, Utah, Virginia or any other US state privacy law.
• We do not share your personal data with advertisers, brokers, or any third party for cross-context behavioural advertising.
• We do not track you across other apps or websites.
• We do not use your data to train any AI or machine-learning model.
• We do not profile users for automated decisions that produce legal effects.

9. Cookies and similar technologies

Atlasnap is a native mobile app and does not use browser cookies. We use device-local storage (for example, AsyncStorage on iOS) to remember things like your onboarding progress and a flag that your staged trip has been synced. This data does not leave your device.

10. Children

Atlasnap is not directed to children under 16 and we do not knowingly process the personal data of anyone under 16. This includes children under 13 in the United States, who are also protected by the Children’s Online Privacy Protection Act (COPPA). If you become aware that a child has provided us with personal data, contact us at adrian.szablowski.kontakt@gmail.com and we will delete it.

11. Notice to residents of the European Economic Area, the United Kingdom and Switzerland

If you are in the EEA, UK or Switzerland, the GDPR (or the equivalent UK GDPR / Swiss nFADP) gives you the rights listed in Section 7 plus the following:

• Right to lodge a complaint with a supervisory authority:
  • In Poland: Urząd Ochrony Danych Osobowych (UODO) — ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl
  • In another EU country: your national data protection authority (full list at https://edpb.europa.eu/about-edpb/about-edmembers_en)
  • In the United Kingdom: Information Commissioner’s Office (ICO) — https://ico.org.uk
  • In Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — https://www.edoeb.admin.ch

The lawful bases described in Section 3 apply directly to GDPR and have analogous meaning under the UK GDPR and the Swiss nFADP. International transfers to and from the EEA/UK/Switzerland are protected as described in Section 4.

12. Notice to California residents (CCPA / CPRA)

If you reside in California, the California Consumer Privacy Act as amended by the California Privacy Rights Act(“CCPA/CPRA”) gives you the rights below. We treat the personal information of California residents the same as we treat everyone else’s — the section is here so you can find your rights in California-specific terminology.

12.1 Categories of personal information we collect

In the 12 months before this Privacy Policy’s effective we have collected the categories of personal information listed in California Civil Code §1798.140(v):

• Identifiers — email address, Atlasnap user ID, RevenueCat customer ID, Apple/Google account identifier.
• Customer records — name, profile information.
• Commercial information — subscription tier, purchase history.
• Internet or other electronic network activity — limited product-event analytics as described in Section 3.5.
• Geolocation data — only the city/country/coordinates of places you explicitly attach to a trip; not real-time device location.
• Inferences — none.

We do notcollect any “sensitive personal information” as defined by §1798.140(ae): no government IDs, no financial-account or payment-card numbers, no precise geolocation, no race/ethnicity/religion, no genetic or biometric data, no health data, no contents of mail/email/text messages, no sex-life information, no immigration status.

12.2 Sources

We collect personal information dire(sign-in, onboarding, in-app actions), automatically from your use of the app (analytics events, device type), and from our service providers (Apple/Google sign-in payload, RevenueCat receipt data).

12.3 Business and commercial purposes

We use personal information to provide the Atlasnap service, secure it against abuse, comply with our legal obligations, and improve the app. We do not use personal information for cross-context behavioural advertising or for any purpose materially different from those disclosed to you.

12.4 Sale and sharing of personal information

We do not sell personal information and we do notshare personal information for cross-context behavioural advertising as defined by the CCPA. We have not done so in the past 12 months and do not intend to do so. We have therefore not implemented a “Do Not Sell or Share My Personal Information” link because nothing is being sold or shared.

12.5 Your California rights

Subject to verification of your identity, you have the right to:

• Know what personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
• Delete the personal information we have collected about you (subject to legal retention exceptions for tax records).
• Correct inaccurate personal information.
• Limit the use and disclosure of sensitive personal information — we do not process sensitive PI as defined above, so this right does not produce a different result in practice.
• Opt out of sale/sharing — not applicable, see Section 12.4.
• Not be discriminated against for exercising any of these rights. We will not deny service, charge different prices, or reduce quality because you exercised a privacy right.

To exercise any of these rights, email adrian.szablowski.kontakt@gmail.comwith “California Privacy Request” in the subject. We will verify your identity using the email address registered on your Atlasnap unt and respond within 45 days as required by §1798.130.

12.6 Authorised agent

You may designate an authorised agent to make a CCPA request on your behalf. The agent must provide written, signed authorisation from you and we will independently verify your identity. Contact us at the email above for the process.

12.7 Retention

Retention periods are described in Section 5. We retain personal information only as long as necessary for the purpose disclosed or as required by law (mainly tax-record retention).

13. Notice to residents of other jurisdictions

The same baseline rights in Section 7 apply globally. Local laws give you specific points of contact and supervisory authorities:

• Brazil — under the Lei Geral de Proteção de Dados (LGPD) you have rights of confirmation, access, correction, anonymisation, blocking, deletion, portability and information about sharing. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at https://www.gov.bThe legal bases (“hipóteses legais”) we rely on are equivalent to those described in Section 3.
• Canada — under the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial equivalents (Quebec’s Law 25, Alberta’s PIPA, BC’s PIPA), you have the same access and correction rights, and you may complain to the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.
• Australia — under the Privacy Act 1988 and the Australian Privacy Principles, you have access and correction rights, and you may complain to the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.
• Japan — under the Act on the Protection of Personal Information (APPI), you have rights to disclosure, correction and suspension of use, and may contact the Personal Information Protection Commission (PPC) at https://www.ppc.go.jp/en.
• Other US states — residents of Coloradticut, Utah, Virginia, Texas, Oregon and other states with comprehensive privacy laws have rights similar to those in Section 12 and Section 7. Contact us using the addresses above.
• All other countries — the baseline rights in Section 7 apply. Where your local law provides additional rights, exercising them is a matter of contacting us at the email below; we will treat your request the same way we treat a GDPR or CCPA request.

If you are unsure which set of rights applies to you, write to adrian.szablowski.kontakt@gmail.com and we will help.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app and update the “Effective date” at the top. Your continued use of Atlasnap after the changes take effect means you accept the updated policy.

15. Contact

For any question about this Privacy Policy, your data, or your rights:

Adrian Szabłowski
Ludwika Zamenh 2, 33-300 Nowy Sącz, Poland
Email: adrian.szablowski.kontakt@gmail.com