Wanderwalk Privacy Policy

Wanderwalk is an iOS walking audio-tour app for London, and a marketing website at https://wanderwalk.app. The app is not yet on the App Store, it is launching soon, so parts of this policy describe how the released app will handle your data.

We are the data controller for the personal data described here. That means we decide what is collected and why, and we are responsible for looking after it.

This policy applies to:

• the Wanderwalk iOS app, and
• the wanderwalk.app marketing website.

If you only visit the website and never install the app, only the section on the marketing website and analytics applies to you.

Questions, or want to exercise a right? Email [email protected] for anything privacy-related, or [email protected] for general queries.

We try to collect as little as possible, and to keep as much as we can on your own device. Here is the full picture.

Precise location (When-In-Use only). Wanderwalk uses your device's precise location to work out where you are as you walk, so it can trigger the right story at the right spot, roughly within forty metres of a place with a story to tell. A few things matter here:

• We request location access When-In-Use only. We never ask for "Always" or background-always location, and the app does not track you when you're not using it.
• This location work happens primarily on your device. Your phone holds the map of stories and decides, locally, which one to play next. Deciding what plays in your ear does not require sending a stream of your movements to a server.
• We do not sell your location and we do not share it for advertising. Ever.

Account information. You can create an account using Sign in with Apple or Google Sign-In. When you do, we receive a basic identifier and, depending on what the provider and you choose to share, an email address used to recognise your account across devices. With Sign in with Apple you may use Apple's private email relay, in which case we never see your real email address.

Subscription and purchase data. Wanderwalk+ subscriptions (£4.99/month or £29.99/year) are sold through Apple's In-App Purchase and managed for us by RevenueCat. We receive subscription status, for example whether your subscription is active and when it renews, so the app can unlock everything for you. We never see or store your card details; Apple handles payment.

Crash and diagnostic data (anonymised, consent-gated). To find and fix bugs, the app can send crash reports and basic diagnostic data to Sentry. This is:

• consent-gated, there is a toggle in the app, and you decide whether it's on,
• anonymised, it carries no advertising identifiers and is not used to profile you, and
• aimed only at keeping the app stable.

On-device data. Your chosen interest categories, your listening history (which stories you've heard), playback preferences such as speed, and cached audio for offline play are stored on your device. If you have an account, your interests and listening history may also be saved to your account so the experience follows you to a new device. Cached audio simply lets a story keep playing once it's downloaded, even when your signal is patchy.

We do not collect: contacts, photos, microphone audio, health data, advertising identifiers, or any third-party tracking data.

We use the data above only to run the app and make it good. Specifically:

• Play the right story in the right place, your precise location, used on-device, decides which nearby story to trigger as you walk, and ranks free-roam stories to the interests you've picked.
• Recognise your account, so your interests, listening history and Wanderwalk+ access follow you across devices.
• Unlock Wanderwalk+, subscription status from Apple and RevenueCat tells the app to unlock every story, all curated walks, and full free roam.
• Remember your preferences, the categories you lean into, playback speed, and which stories you've already heard.
• Keep the app stable, anonymised crash and diagnostic data (only if you've consented) helps us fix problems.

We do not use any of this to build advertising profiles, to sell to data brokers, or to track you across other apps and websites.

Under UK GDPR and EU GDPR we must have a lawful basis for each use of your personal data. Ours are:

• Performance of a contract, providing the core app: triggering stories from your location, running your account, and unlocking Wanderwalk+ when you subscribe. Without this processing, the app simply can't do what you installed it to do.
• Consent, for sending anonymised crash and diagnostic data to Sentry. This is behind a toggle, and you can withdraw consent at any time by switching it off; that has no effect on the rest of the app.
• Legitimate interests, keeping the app secure, preventing abuse, and understanding aggregate, non-personal usage of our marketing website so we can improve it. We balance these interests against your rights and keep the processing minimal.

Where we rely on consent, you can withdraw it at any time. Where we rely on legitimate interests, you have the right to object, see Your rights below.

We keep the list of companies that touch your data short, and we only use reputable providers who act on our instructions. Here is everyone, and why:

• Apple, Sign in with Apple, and In-App Purchase for Wanderwalk+ subscriptions. Apple handles payment; we never see your card details.
• Google (Google Sign-In), an optional way to sign in. We receive a basic identifier and, if shared, your email; this is standalone Google Sign-In for authentication, not advertising.
• RevenueCat, manages subscription state on our behalf so the app knows what to unlock. It processes subscription status, not payment card data.
• Sentry, receives anonymised crash and diagnostic data, only when you've consented, so we can fix bugs. No advertising identifiers.
• Cloudflare, our backend runs on Cloudflare Workers, KV and R2. Cloudflare stores the story catalogue and serves the audio your app downloads, and (separately) provides the website's cookieless analytics.
• Neon, a managed Postgres database that holds the story catalogue and, for signed-in users, account data such as interests and listening history.

We do not sell your personal data, and we do not use it for advertising. None of these providers is given your data to advertise to you or to anyone else. There is no third-party ad tracking in Wanderwalk, and we don't use PostHog or similar product-analytics tools inside the app.

Our website at https://wanderwalk.app tells you about the app and, soon, where to download it.

For a basic, privacy-respecting sense of how many people visit and which pages they read, the site uses Cloudflare Web Analytics. This is cookieless and collects no personal data, it doesn't fingerprint you, doesn't track you across other sites, and doesn't build a profile of you.

Because the site sets no tracking cookies and collects no personal data through analytics, it doesn't need a cookie banner, and you won't see one. That's deliberate.

We keep data only as long as we need it:

• Location for triggering stories, used in the moment on your device and not retained as a history of your movements by us.
• Account data (identifier, email if shared, interests, listening history), kept while your account exists. Delete your account and we delete this data, except anything we're legally required to keep for a limited period.
• Subscription records, retained as needed to manage your subscription and meet Apple's and our legal and accounting obligations.
• Crash and diagnostic data, retained by Sentry only for as long as it's useful for debugging, then aged out, in line with Sentry's retention.
• On-device data (preferences, cached audio, local history), stays on your device until you clear it, delete the app, or it's evicted from the cache. Deleting the app removes this local data from your device.

Some of our providers (for example Apple, Google, RevenueCat, Sentry, Cloudflare and Neon) operate globally, so your data may be processed outside the UK or the European Economic Area.

Where that happens, we rely on appropriate safeguards recognised under UK and EU GDPR, such as the UK International Data Transfer Agreement or Addendum, the European Commission's Standard Contractual Clauses, or transfers to countries with an adequacy decision, so your data gets a comparable level of protection wherever it's handled.

Under UK and EU GDPR you have rights over your personal data, including the right to:

• access a copy of the personal data we hold about you;
• rectify data that's inaccurate or incomplete;
• erase your data ("the right to be forgotten");
• restrict or object to certain processing, including processing based on legitimate interests;
• data portability, receive your data in a portable format;
• withdraw consent at any time where we rely on it (for example, by turning off the diagnostic-data toggle).

To exercise any of these, email [email protected]. We'll respond within the timeframes the law requires (normally one month). Using these rights is free, and we won't penalise you for it.

If you think we've mishandled your data, you can complain to a supervisory authority. In the UK that's the Information Commissioner's Office (ico.org.uk); in the EU it's your local data protection authority. We'd appreciate the chance to put things right first, so do get in touch.

Wanderwalk is not directed at children under 13, and we don't knowingly collect personal data from them.

If you believe a child under 13 has provided us with personal data, please contact [email protected] and we'll delete it.

We take sensible steps to protect your data. Payments and subscriptions run through Apple's secure In-App Purchase system, so we never handle your card details. Connections between the app, our backend and our providers are encrypted in transit. We keep as much as we can on your device, and we limit access to account data to what's needed to run the service.

No system is perfectly secure, but we design Wanderwalk to collect little, share less, and guard what it does hold.

As the app grows, more stories, more cities, new features, we may update this policy. When we make a material change, we'll update the effective date below and, where appropriate, let you know in the app or on the website.

The current effective date is 1 June 2026. We'd encourage you to check back from time to time.

For privacy questions or to exercise any of your rights:

• Privacy and data requests: [email protected]
• General enquiries: [email protected]

We read these, and we'd rather hear from you than have you wondering.