Privacy Policy — OpenMaps
Effective date: 21 May 2026 · Last updated: 21 May 2026
This Privacy Policy explains how the iOS application OpenMaps (the “App”) processes information when you install and use it. OpenMaps is a dual-profile navigation and mapping application offering an Outdoor profile (hiking, cycling, sightseeing, points of interest such as fountains, viewpoints, refuges) and a Marine profile (nautical chart overlay, harbours, fuel docks, beacons), plus tools (compass, altimeter, sun events, coordinate conversion) and home-screen widgets.
We have written this policy to be specific. The App contains advertising, analytics and an optional in-app subscription; we describe these here in detail rather than hide them.
1. Data controller
- Andrea Piani, independent developer, Italy.
- Privacy contact: andreapiani.dev@gmail.com.
The App is distributed through the Apple App Store. Apple Inc. and Apple Distribution International Ltd. act as independent controllers for the data they process during download, purchase and subscription management, in accordance with their own privacy policies.
2. Scope
This policy covers the App itself. It does not cover the third-party services listed in Sections 6, 7, 8 and 9, each of which operates under its own privacy notice.
3. Summary at a glance
- The App does not require an account.
- The App displays advertising through Google AdMob (banners and interstitials). See Section 7.
- The App offers an optional “OpenMaps Pro” subscription that removes all advertising. Payment is handled entirely by Apple. See Section 8.
- The App uses Firebase Analytics and Firebase Crashlytics when configured. See Section 9.
- The App presents an App Tracking Transparency (ATT) prompt because the advertising SDK may use the IDFA if you grant permission.
- Your favourites, recent searches and preferences are stored on your device.
- Position and sensor data used by navigation and tools are processed locally on the device.
- The App connects to public mapping, POI and weather services to fetch data; these requests are not enriched with personal identifiers added by the App.
4. Categories of data the App processes
4.1 Precise location (GPS)
The App requests Core Location authorization in two modes:
- While Using the App. Default mode. Used to centre the map on your position, compute distance and bearing to points of interest, request the relevant chart tiles, and feed the compass, altimeter and sun tools.
- Always (background). Optional. Requested only if you enable a feature that requires location updates while the App is not in the foreground (for example, a future live navigation session).
Location data is processed on your device. The App does not transmit your raw location to a server controlled by the developer. When the App requests POIs, weather or chart tiles for an area, the upstream server only receives the geographic bounding box, not your identity.
Legal basis (GDPR Art. 6): performance of the service you have requested (Art. 6(1)(b)) and your explicit consent given through the iOS permission dialog (Art. 6(1)(a)). You may revoke this consent at any time in iOS Settings › Privacy › Location Services.
4.2 Motion sensors
The Altimeter tool reads barometric data via Apple’s Core Motion (CMAltimeter). Readings are processed in memory and rendered as live charts on the device. They are not transmitted off the device.
Legal basis: consent (Art. 6(1)(a)) given via the iOS Motion & Fitness prompt and the contractual purpose of providing the altimeter feature (Art. 6(1)(b)).
4.3 Local content (favourites, searches, settings)
Content you create in the App (favourite POIs, recent searches, profile selection, units, tool preferences) is stored on the device using SwiftData inside the App’s sandboxed file system. Widgets read a small snapshot (current altitude, last address) through the app group group.andreapiani.openmaps. None of this content is uploaded to a server controlled by the developer.
Legal basis: performance of the service (Art. 6(1)(b)).
4.4 Network connections (third-party data sources)
To deliver maps, POIs and weather, the App connects to the third-party services listed in Section 6. The information transmitted is what is technically necessary to fulfil the request: typically your IP address (visible to the server because of the nature of the internet), the geographic bounding box being queried, and timestamps. No personal identifiers are added by the App.
4.5 Local notifications
The App may schedule local notifications (for example, sun-event reminders). These are generated and delivered entirely on the device through Apple’s UserNotifications framework. The App does not use remote push notifications and does not register a push token with any server. You may disable notifications from iOS Settings › Notifications.
5. App Tracking Transparency (ATT)
On first launch the App presents the iOS App Tracking Transparency prompt. Your choice controls whether the advertising SDK (Google Mobile Ads, see Section 7) may access the Identifier for Advertisers (IDFA) for the purposes described in the prompt:
- If you choose Ask App Not to Track, the App and its SDKs cannot read the IDFA. Ads served are limited to non-personalized advertising.
- If you choose Allow, the advertising SDK may read the IDFA and serve personalized advertising in accordance with Google’s policies.
You can change this choice at any time from iOS Settings › Privacy & Security › Tracking. The “OpenMaps Pro” subscription removes all advertising and, as a consequence, disables any IDFA use by the advertising SDK, regardless of your ATT choice.
6. Map, POI and weather providers
- Apple MapKit — base map tiles and search. Governed by the Apple Privacy Policy.
- OpenSeaMap — nautical overlay tiles used in the Marine profile. Site.
- Overpass API (rotated across
overpass-api.de,overpass.kumi.systems,overpass.private.coffee) — points of interest. Site. - Apple WeatherKit — weather data. Governed by the Apple Privacy Policy and the WeatherKit attribution page.
Each provider may, in accordance with its own policy, log the IP address of incoming requests for security and abuse prevention. The developer does not receive these logs.
7. Advertising — Google AdMob
The App displays advertising through the Google Mobile Ads SDK (Google AdMob), publisher ID pub-1193280742171051. Specifically:
- A banner ad slot above the search bar.
- Interstitial ads occasionally displayed on point-of-interest detail open (debounced, not on every open).
- Native ads embedded in lists, app open ads on warm resume, and possibly rewarded ad slots in future versions.
Google, acting as an independent controller, may process the following categories of data for the purposes of ad delivery, frequency capping, attribution, fraud prevention, and (where you have granted ATT permission) personalization: IP address, device identifiers (including IDFA when ATT permission is granted), advertising-related events, coarse location derived from IP, device and OS information.
Google’s processing is governed by the Google Privacy Policy and, where applicable, by Google’s contractual commitments under the Ads Data Processing Terms. Standard Contractual Clauses are used for transfers outside the European Economic Area.
Users subscribed to OpenMaps Pro do not see any ads and, for them, the advertising SDK is not initialized.
Legal basis: for non-personalized advertising, the legitimate interest in funding a free application (Art. 6(1)(f) GDPR); for personalized advertising, your consent given through the ATT prompt and any consent banner (Art. 6(1)(a) GDPR).
8. In-app subscriptions — Apple StoreKit
The App offers two optional auto-renewing subscriptions for the OpenMaps Pro tier, handled entirely through Apple’s in-app purchase system (StoreKit):
- OpenMaps Pro Monthly — product ID
OpenMaps_Pro_Monthly, € 1.99/month. - OpenMaps Pro Yearly — product ID
Open_Maps_Pro_Yearly, € 9.99/year.
Both subscriptions remove all advertising described in Section 7. They are Family Sharing eligible: the organizer of an Apple Family group may share the Pro entitlement with other members according to Apple’s settings.
Payment processing. Pricing, billing, refunds, invoicing, taxes and any change to your payment method are handled by Apple. The developer does not receive or store your credit card number, Apple ID, purchase email, billing address or any other payment data. The payment contractual relationship is governed by the Apple Media Services Terms and Conditions.
Data received by the App. Through StoreKit, the App receives only — on-device — the information necessary to verify your active subscription: transaction ID, product ID, purchase date, expiration date, optional revocation date, trial period (if applicable). This information is signed by Apple and validated by the StoreKit 2 framework on your device. It is not sent to any server controlled by the developer.
Local entitlement caching. To remember the Pro status across launches — and avoid a brief “flash” of advertising before online verification — the App stores a single boolean flag (“Pro yes/no”) in UserDefaults, inside its own sandbox. No payment or personal data is included. The flag is updated upon every transaction observed by StoreKit.
Renewal, cancellation and refunds. Subscriptions auto-renew at the end of each period unless cancelled at least 24 hours before. You can cancel at any time in iOS Settings › Apple ID › Subscriptions. Refunds are subject to Apple’s refund policy.
Promotional codes. The App may let you redeem promotional codes issued through App Store Connect; the flow is entirely handled by Apple.
Legal basis: performance of the subscription contract requested by the user (Art. 6(1)(b) GDPR) for the minimal transaction information received via StoreKit; legitimate interest in avoiding service interruptions caused by intermittent connectivity (Art. 6(1)(f) GDPR) for the local entitlement cache.
9. Analytics and crash reporting — Firebase
When the App is shipped with the Firebase configuration file, it integrates:
- Firebase Analytics — aggregate product analytics (events such as screen views, profile switch, tool open). Used to understand which features are used and to improve the App. By default, Firebase Analytics events do not include personal identifiers added by the developer.
- Firebase Crashlytics — crash reports including stack trace, device model, OS version and a Crashlytics-generated installation identifier. Used to diagnose and fix crashes.
Firebase is operated by Google. Data is processed in accordance with the Firebase Privacy Notice and the Google Privacy Policy.
If the App is launched without a Firebase configuration file, the Firebase SDKs are not initialized and no analytics or crash data is sent.
Legal basis: legitimate interest in product improvement and stability (Art. 6(1)(f) GDPR), balanced against the limited categories of data and the absence of identifiers added by the App. Where required by local law, consent (Art. 6(1)(a)) applies.
10. What the App does NOT do
- No collection of contacts, photos, microphone, health data, calendar, or files outside the App’s own sandbox.
- No background tracking of your location for advertising.
- No mandatory accounts, sign-in, or social-login.
- No direct handling of payment data: subscriptions are fully intermediated by Apple.
- No sale of personal data within the meaning of CCPA/CPRA. Sharing for the limited advertising purposes described in Section 7 may qualify as “sharing” under CPRA; California residents can opt out via the ATT prompt, or subscribe to OpenMaps Pro to remove advertising entirely.
11. Where data is processed and international transfers
Data created by you is processed on your iOS device, located wherever you are. Map, POI and weather requests are routed to providers operating servers in the European Union and in third countries (notably the United States for some Apple, Google and Overpass mirrors). Subscription processing by Apple, and advertising and analytics processing by Google, take place in their respective global infrastructures, including the United States, with the safeguards described in Sections 7, 8 and 9.
12. Data retention
- The developer does not store your personal data on developer-controlled servers.
- Content stored on the device is retained until you delete it inside the App or uninstall the App.
- StoreKit transaction information is kept on the device while the subscription is active; the boolean entitlement flag is held in
UserDefaultsand cleared on expiration or App uninstall. Apple retains transaction records under its own policies. - Analytics events stored by Firebase are retained according to the project’s default retention (currently 14 months for event-level data unless changed).
- Crashlytics reports are retained for up to 90 days.
- Advertising data is retained according to Google’s policies.
13. Security
The App uses HTTPS for all network requests where supported by the upstream provider. StoreKit transactions are signed by Apple and verified on-device by the StoreKit 2 framework. Local content benefits from iOS data protection when your device is passcode-locked. Because the developer does not operate a backend, there is no developer-managed credential store that could be breached.
14. Your rights
If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability and objection regarding personal data:
- Erase local data: uninstall the App.
- Withdraw permissions for location and motion: iOS Settings › Privacy & Security.
- Withdraw ATT consent: iOS Settings › Privacy & Security › Tracking.
- Reset the advertising identifier: iOS Settings › Privacy & Security › Tracking › Allow Apps to Request to Track → toggle.
- Manage or cancel the OpenMaps Pro subscription: iOS Settings › Apple ID › Subscriptions, or directly from the App’s Settings screen.
- Disable notifications: iOS Settings › Notifications.
- Exercise rights against Apple for purchase and subscription handling: through the Apple Privacy Policy.
- Exercise rights against Google for advertising and analytics processing: through the Google Privacy & Terms centre.
You may also contact the developer at andreapiani.dev@gmail.com. You have the right to lodge a complaint with a supervisory authority. In Italy this is the Garante per la protezione dei dati personali.
15. Children
The App is not directed at children under the age of 13 (or under 16 where required by local law) and does not knowingly collect personal data from children. Advertising delivered through the App is configured to comply with Google’s policies regarding ad serving to children where the App audience requires it. In-app purchases may be restricted via iOS Screen Time or Family controls.
16. Automated decision-making
The App does not perform automated decision-making or profiling that produces legal or similarly significant effects.
17. Changes to this policy
This policy may be updated to reflect new features, new third-party providers, or changes in applicable law. The “Last updated” date at the top tracks the latest revision. Material changes will be announced inside the App on first launch after the update.
18. Contact
For any question regarding this policy, please contact the developer at andreapiani.dev@gmail.com. We aim to respond within 30 days, in accordance with Article 12(3) GDPR.