Privacy Policy
AppyPilgrim ("we", "us", "our") operates the AppyPilgrim mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the App.
1. Information we collect
Information you provide
- Account information: Name and email address when you sign in with Apple, Google, or email.
- Profile photo: If you choose to upload a profile picture.
- Preferences: Your walking persona, language, and notification preferences.
Information collected automatically
- Device identifier: An anonymous device ID generated on first launch, used to associate your data across sessions.
- Location data: Your precise GPS location when you use navigation features or enable the SOS safety feature. Location data is only collected when you actively use these features or explicitly grant permission.
- Usage data: Routes viewed, routes saved, and general product interaction data to improve the App experience.
Information we do NOT collect
- We do not collect advertising identifiers (IDFA).
- We do not track you across other apps or websites.
- We do not sell your personal data to third parties.
- We do not use your data for advertising purposes.
2. How we use your information
- App functionality: To provide route discovery, GPS navigation, AI chat assistance, and your walking profile.
- Personalisation: To tailor route recommendations and AI responses to your walking persona.
- Safety: To enable the SOS emergency feature, which sends your location to your designated emergency contact.
- Analytics: To understand how the App is used and improve the experience. Analytics data is not linked to your identity.
3. AI assistant ("Appy")
AppyPilgrim offers two ways to chat with the in-app AI assistant. Both are described below.
Cloud tier (default)
The default chat tier sends your message to Google for response generation. Specifically, the following is sent to Google's generative-language API (model: gemini-2.5-flash):
- The text you typed (or transcribed audio, if voice input is used)
- The last few conversation turns for context
- The slug of the cammino you are viewing, if any (e.g.
via-francigena) - Your optional persona tag chosen during onboarding (a non-identifying label)
- Your GPS coordinates — only when you ask a location-specific question (e.g. "what's near me?")
Google is contractually prohibited from using this content to train models, per Google Cloud terms. To minimise exposure, cloud chat is capped at 5 messages per device per day, enforced by a local counter on your device. We do not attach your account email, user ID, device identifier, payment data, or any other personal identifier to the request. We do not store cloud chat content in our database; transient platform logs are retained for up to 30 days for abuse-prevention and quality-monitoring purposes, then deleted.
For semantic search over our own route catalogue we use Google Vertex AI (text-embedding-005, region europe-west1) to embed your search query at request time; queries are not stored. For optional spoken replies we use Google Gemini TTS (gemini-2.5-flash-preview-tts).
On-device tier (opt-in, unlimited)
You may choose to download our on-device assistant — a fine-tuned Qwen 2.5 1.5B-Instruct model, quantised to approximately 940 MB — from the in-app settings. When this tier is active, your messages are processed entirely on your device using llama.cpp with Metal GPU acceleration. No conversation content leaves your device. The download is explicit and opt-in; the model is never downloaded automatically.
4. Data storage and security
- Local storage: Preferences, cached routes, and AI conversations are stored on your device.
- Cloud storage: Account information, saved routes, and interaction data are stored in our Supabase database, protected by row-level security policies scoped to your user account.
- Authentication: Tokens are stored securely in the iOS Keychain. All network communication uses HTTPS/TLS encryption.
5. Third-party services
We use the following services to operate the App:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Backend database and authentication (EU region) | Account info, saved routes |
| Apple Sign In | Authentication | Name, email (as provided by Apple) |
| Google OAuth | Authentication | Name, email |
| Google Gemini (gemini-2.5-flash) | Cloud AI assistant replies (Tier 1, capped at 5 messages/day) | Your message text, recent conversation turns, optional cammino slug, optional persona tag, optional GPS for location queries. No account email, user ID, or device identifier. |
| Google Vertex AI (text-embedding-005) | Semantic search over our own route catalogue | Search query text only, not stored |
| Google Gemini TTS (gemini-2.5-flash-preview-tts) | Optional spoken replies | Response text only |
| Apple WeatherKit | Weather forecasts for routes | Route coordinates (no user data) |
| Stripe | Payment processing for bookings | Payment token only (no card details) |
| Resend | Transactional emails | Email address |
Google is contractually prohibited from using your data to train its models. Where data leaves the EU/EEA, we rely on Standard Contractual Clauses or equivalent transfer mechanisms approved by the European Commission. We do not share your data with data brokers, advertising networks, or social media platforms.
6. Data retention and deletion
- Your data is retained as long as your account is active.
- You can delete your account and all associated data at any time from Profile → Settings → Privacy & Data → Delete Everything.
- Account deletion permanently removes all your data from our servers, including saved routes, preferences, chat history, and identity verification records.
- If you signed in with Apple, we also revoke your Apple credentials upon account deletion.
7. Children's privacy
The App is not directed at children under 13. We do not knowingly collect personal information from children under 13.
8. Your rights
You have the right to:
- Access your personal data (Profile → Settings → Privacy & Data → Export Data)
- Delete your personal data (Profile → Settings → Privacy & Data → Delete Everything)
- Withdraw consent for optional data processing at any time
- Contact us with questions about your data
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. The "Last updated" date at the top indicates when the policy was last revised.
10. Contact us
If you have questions about this Privacy Policy or your personal data:
Email: support@appypilgrim.it
Website: https://appypilgrim.it