Privacy Policy — Ancora Sicura (Anchor Alarm)

Effective date: 23 May 2026 · Last updated: 26 May 2026

This Privacy Policy explains how the iOS application Ancora Sicura (marketed as “Anchor Alarm”, hereafter the “App”) and its Apple Watch companion (AncorWatch) process information when you install and use them. The App turns an iPhone into an always-on anchor sentinel: it monitors the boat’s GPS position relative to a chosen anchor point, raises an alarm if the boat drifts outside a safety radius, displays nautical charts, fetches weather data and records session history.

We have written this policy to be specific. The App contains advertising, in-app subscriptions and a position-sharing feature; we describe these here in detail rather than hide them.

1. Data controller

The App is distributed through the Apple App Store. Apple Inc. and Apple Distribution International Ltd. act as independent controllers for the data they process during download, purchase and subscription management, in accordance with their own privacy policies.

2. Scope

This policy covers the iPhone App and the AncorWatch watchOS companion. It does not cover the third-party services listed in Sections 6, 7 and 8, each of which operates under its own privacy notice.

3. Summary at a glance

4. Categories of data the App processes

4.1 Precise location (GPS) — including background

Anchor monitoring is the core function of the App. To compare your boat’s position to the anchor point even while your phone is locked or the App is in the background, Core Location authorization is requested in two steps:

Location data is processed on your device through Core Location (with a Kalman filter to reduce GPS jitter) and Core Motion (used by the optional drift predictor and barometric refinement). The App does not transmit your raw location to a server controlled by the developer. When the App requests weather or chart tiles for an area, the upstream server only receives the geographic bounding box.

Legal basis (GDPR Art. 6): performance of the safety service you have requested (Art. 6(1)(b)) and your explicit consent given through the iOS permission dialog (Art. 6(1)(a)). You may revoke this consent at any time in iOS Settings › Privacy › Location Services. Revoking Always permission will disable background monitoring.

4.2 Motion sensors

The drift predictor and altimeter use Apple’s Core Motion (accelerometer, gyroscope, CMAltimeter). Readings are processed in memory and used to refine the heading and drift estimates. They are not transmitted off the device.

Legal basis: consent (Art. 6(1)(a)) given via the iOS Motion & Fitness prompt and the contractual purpose of providing the monitoring feature (Art. 6(1)(b)).

4.3 Anchor sessions and local content

The App stores the following on the device, inside its own sandbox, using Core Data and the local file system:

None of this content is uploaded to a developer-controlled server. CSV export is initiated only by you, through the standard iOS share sheet.

Legal basis: performance of the service (Art. 6(1)(b)).

4.4 Network connections (third-party data sources)

To display maps and weather, the App connects to the third-party services listed in Section 6. The information transmitted is what is technically necessary to fulfil the request: typically your IP address (visible to the server because of the nature of the internet), the geographic bounding box being queried and timestamps. No personal identifiers are added by the App.

4.5 Local notifications and critical alarms

The anchor alarm is delivered through Apple’s UserNotifications framework as a local notification with the “Critical” or “Time-Sensitive” interruption level, so it can sound even with the phone in silent mode (subject to your iOS settings). The App does not use remote push notifications and does not register a push token with any server. You may disable or limit notifications from iOS Settings › Notifications › Ancora Sicura.

4.6 Optional position sharing

The App can generate a sharable link that lets a trusted person (typically a co-owner, partner or family member ashore) see your anchor point and last known boat position on a static web page. The implementation is privacy-preserving by design:

Anyone who receives the link can view its content. Treat shareable links as you would treat a one-time message.

Legal basis: performance of the sharing service you have explicitly initiated (Art. 6(1)(b) GDPR).

4.7 Apple Watch companion

The optional AncorWatch companion on Apple Watch mirrors the live monitoring state and lets you stop a session from the wrist. Communication between iPhone and Apple Watch uses Apple’s WatchConnectivity framework and remains entirely on your paired devices.

5. App Tracking Transparency (ATT)

On first launch (after onboarding) the App presents the iOS App Tracking Transparency prompt. Your choice controls whether the advertising SDK (Google Mobile Ads, see Section 7) may access the Identifier for Advertisers (IDFA) for the purposes described in the prompt:

You can change this choice at any time from iOS Settings › Privacy & Security › Tracking. The premium tiers described in Section 8 remove all advertising and, as a consequence, prevent any IDFA use by the advertising SDK, regardless of your ATT choice. The Google Mobile Ads SDK is also deferred until onboarding is complete: it is not initialized before the ATT prompt is shown.

6. Map and weather providers

Each provider may, in accordance with its own policy, log the IP address of incoming requests for security and abuse prevention. The developer does not receive these logs.

7. Advertising — Google AdMob

The App displays advertising through the Google Mobile Ads SDK (Google AdMob), publisher ID pub-1193280742171051. Free users may see:

Google, acting as an independent controller, may process the following categories of data for the purposes of ad delivery, frequency capping, attribution, fraud prevention and (where you have granted ATT permission) personalization: IP address, device identifiers (including IDFA when ATT permission is granted), advertising-related events, coarse location derived from IP, device and OS information.

Google’s processing is governed by the Google Privacy Policy and, where applicable, by Google’s contractual commitments under the Ads Data Processing Terms. Standard Contractual Clauses are used for transfers outside the European Economic Area. An app-ads.txt file authorizing Google as a direct seller for this publisher ID is published at privacypolicyhub.vercel.app/app-ads.txt.

Users subscribed to a premium tier (Section 8) do not see any ads and, for them, the advertising SDK is not loaded.

Legal basis: for non-personalized advertising, the legitimate interest in funding a free safety application (Art. 6(1)(f) GDPR); for personalized advertising, your consent given through the ATT prompt and any consent banner (Art. 6(1)(a) GDPR).

8. In-app purchases — Apple StoreKit

The App offers two optional in-app purchases for the premium tier, handled entirely through Apple’s in-app purchase system (StoreKit 2):

Both options remove every form of advertising described in Section 7 and unlock premium features.

Payment processing. Pricing, billing, refunds, invoicing, taxes and any change to your payment method are handled by Apple. The developer does not receive or store your credit card number, Apple ID, purchase email, billing address or any other payment data. The payment contractual relationship is governed by the Apple Media Services Terms and Conditions.

Data received by the App. Through StoreKit, the App receives only — on-device — the information necessary to verify your active entitlement: transaction ID, product ID, purchase date, expiration date (subscriptions only) and optional revocation date. This information is signed by Apple and validated by the StoreKit 2 framework on your device. It is not sent to any server controlled by the developer.

Local entitlement caching. To remember the premium status across launches — and avoid a brief “flash” of advertising before online verification — the App stores a single flag and a subscription expiration date in UserDefaults, inside its own sandbox. No payment or personal data is included.

Renewal, cancellation and refunds. Subscriptions auto-renew at the end of each period unless cancelled at least 24 hours before. You can cancel at any time in iOS Settings › Apple ID › Subscriptions. Refunds are subject to Apple’s refund policy.

Legal basis: performance of the purchase contract requested by the user (Art. 6(1)(b) GDPR).

9. Analytics and crash reporting

The App does not embed third-party analytics or crash-reporting SDKs (no Firebase Analytics, no Crashlytics, no third-party telemetry). Apple may make aggregated, anonymized crash and usage information available to the developer through App Store Connect only if you have separately opted into “Share with App Developers” in iOS Settings › Privacy & Security › Analytics & Improvements; this is handled entirely by Apple under its own privacy policy.

10. What the App does NOT do

11. Where data is processed and international transfers

Data created by you is processed on your iOS device, located wherever you are. Map and weather requests are routed to providers operating servers in the European Union and in third countries (notably the United States for some Apple, Google and Overpass mirrors). Purchase processing by Apple, and advertising processing by Google, take place in their respective global infrastructures, including the United States, with the safeguards described in Sections 7 and 8.

12. Data retention

13. Security

The App uses HTTPS for all network requests where supported by the upstream provider. The HMAC signing key used for shareable links is generated locally and stored in the iOS Keychain. StoreKit transactions are signed by Apple and verified on-device by the StoreKit 2 framework. Local content benefits from iOS data protection when your device is passcode-locked. Because the developer does not operate a backend, there is no developer-managed credential store that could be breached.

14. Your rights

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability and objection regarding personal data:

You may also contact the developer at andreapiani.dev@gmail.com. You have the right to lodge a complaint with a supervisory authority. In Italy this is the Garante per la protezione dei dati personali.

15. Children

The App is not directed at children under the age of 13 (or under 16 where required by local law) and does not knowingly collect personal data from children. Advertising delivered through the App is configured to comply with Google’s policies regarding ad serving to children where the App audience requires it. In-app purchases may be restricted via iOS Screen Time or Family controls.

16. Automated decision-making

The App does not perform automated decision-making or profiling that produces legal or similarly significant effects. The drift prediction algorithm is a navigational aid; it does not make decisions about you.

17. Safety disclaimer

Ancora Sicura is a navigation aid, not a substitute for proper seamanship, an anchor watch by the crew, or compliance with the rules of the road. Always keep a manual lookout and verify your anchor holding. The developer assumes no liability for damages arising from reliance on the App.

18. Changes to this policy

This policy may be updated to reflect new features, new third-party providers, or changes in applicable law. The “Last updated” date at the top tracks the latest revision. Material changes will be announced inside the App on first launch after the update.

19. Contact

For any question regarding this policy, please contact the developer at andreapiani.dev@gmail.com. We aim to respond within 30 days, in accordance with Article 12(3) GDPR.