/ PRIVACY

Privacy policy

Effective 25 Jun 2026

Data controller: WildSpotter — [email protected]. This policy covers both the website wildspotter.app and the WildSpotter mobile app for Android and iOS.

1. Summary

We don't sell or share your data and we don't use third-party advertising. You can use the app without an account: in that case we don't collect your name or email, and your location is used only on-device to center the map. Some optional features (saving and syncing spots, shared folders, and the Premium subscription) require signing in; only then do we process the account data described below.

2. Account and sign-in

Signing in is optional and only via Apple or Google (there is no password sign-up). If you sign in, we receive and store your email, your display name (if the provider shares it) and a stable provider identifier, to create and maintain your account and sync your data across devices. With "Sign in with Apple" you can hide your email via Apple's private relay. Legal basis: performance of the service you request (contract).

3. Subscriptions and purchases

If you subscribe to Premium, the purchase is processed through the Apple App Store or Google Play and managed by RevenueCat (subscription-management provider). We receive your subscription status (plan, start and expiry dates, whether it is active) and a RevenueCat customer identifier, to grant access to Premium features. We never receive or store your card details: payment is handled solely by Apple or Google. Legal basis: performance of the contract.

4. Your content in the app

If you have an account, the spots you save, your folders and the shared folders you create with others are stored on our server so they can sync. In a shared folder, the other members see the spots you add and your display name. Without an account, saved spots stay only on your device. Legal basis: performance of the contract.

5. Push notifications

If you enable notifications, we store your device push token (via Expo / Apple Push and Firebase Cloud Messaging) to send legal alerts, saved-spot alerts and reminders. You can turn them off at any time in the app or system settings. Legal basis: your consent.

6. Product analytics

We use PostHog to understand how the app is used and to improve it. We record usage events (screens, actions such as scanning or saving), a session/user identifier, the device type and, where applicable, session replays that do not capture sensitive data. We do not use this for advertising. Legal basis: legitimate interest in improving the product.

7. Location in the app

The app requests location permission ("while using the app") for one purpose only: to center the map on your position and show a blue dot marker. Your location is never transmitted to our servers, stored, or shared. You can revoke the permission any time from your OS settings.

8. Crash reporting

We use Sentry to detect technical failures. When the app crashes, Sentry receives a stack trace, the app version, device model, OS version and IP address. It does not receive your location or the content you are viewing. Legal basis: legitimate interest in keeping the service stable and secure.

9. WildSpotter API

The app queries the API at api.wildspotter.app to fetch spots for an area and, if you have an account, to sync your data. Requests include the map bounding box (coordinates) and your filters. Our server, hosted on Hetzner (Germany), records the request IP in standard access logs for up to 30 days for security purposes.

10. Website and waitlist

On the website we only collect email, language, campaign UTM parameters, country (from the Cloudflare header) and user agent. No third-party cookies, no Google Analytics. The data is used to notify you at launch. Legal basis: your explicit consent (double opt-in) under the GDPR.

11. Advertising and children

The app ships no ad SDKs, no Google Analytics, no Facebook/TikTok Pixel, and no other advertising tracking system. WildSpotter is not directed to children under 13 and we do not knowingly collect data from children under that age.

12. Retention

Account data and your content: while your account is active; deleting it erases them (see section 14). Website: until you unsubscribe; unconfirmed signups older than 30 days are deleted automatically. Crash reports in Sentry: 90 days. API access logs: 30 days.

13. Processors

Cloudflare (website hosting + D1 database), Resend (transactional email), Hetzner Online GmbH in Germany (API hosting), Sentry / Functional Software, Inc. (crash reporting), PostHog (product analytics), RevenueCat (subscription management) and Apple / Google (sign-in and payments). All are GDPR-compliant or equivalent.

14. Your rights and account deletion

You have the right of access, rectification, erasure, portability and objection. You can delete your account and data from within the app (Settings → Delete account) or by following the instructions on the Delete account page. For any other request write to [email protected]; we respond within 30 days.

15. Changes

If we update this policy we'll update the date above. Material changes are announced in the app or emailed to waitlist subscribers.