Privacy Policy — OpenMaps

Effective date: 21 May 2026 · Last updated: 21 May 2026

This Privacy Policy explains how the iOS application OpenMaps (the “App”) processes information when you install and use it. OpenMaps is a dual-profile navigation and mapping application offering an Outdoor profile (hiking, cycling, sightseeing, points of interest such as fountains, viewpoints, refuges) and a Marine profile (nautical chart overlay, harbours, fuel docks, beacons), plus tools (compass, altimeter, sun events, coordinate conversion) and home-screen widgets.

We have written this policy to be specific. The App contains advertising, analytics and an optional in-app subscription; we describe these here in detail rather than hide them.

1. Data controller

The App is distributed through the Apple App Store. Apple Inc. and Apple Distribution International Ltd. act as independent controllers for the data they process during download, purchase and subscription management, in accordance with their own privacy policies.

2. Scope

This policy covers the App itself. It does not cover the third-party services listed in Sections 6, 7, 8 and 9, each of which operates under its own privacy notice.

3. Summary at a glance

4. Categories of data the App processes

4.1 Precise location (GPS)

The App requests Core Location authorization in two modes:

Location data is processed on your device. The App does not transmit your raw location to a server controlled by the developer. When the App requests POIs, weather or chart tiles for an area, the upstream server only receives the geographic bounding box, not your identity.

Legal basis (GDPR Art. 6): performance of the service you have requested (Art. 6(1)(b)) and your explicit consent given through the iOS permission dialog (Art. 6(1)(a)). You may revoke this consent at any time in iOS Settings › Privacy › Location Services.

4.2 Motion sensors

The Altimeter tool reads barometric data via Apple’s Core Motion (CMAltimeter). Readings are processed in memory and rendered as live charts on the device. They are not transmitted off the device.

Legal basis: consent (Art. 6(1)(a)) given via the iOS Motion & Fitness prompt and the contractual purpose of providing the altimeter feature (Art. 6(1)(b)).

4.3 Local content (favourites, searches, settings)

Content you create in the App (favourite POIs, recent searches, profile selection, units, tool preferences) is stored on the device using SwiftData inside the App’s sandboxed file system. Widgets read a small snapshot (current altitude, last address) through the app group group.andreapiani.openmaps. None of this content is uploaded to a server controlled by the developer.

Legal basis: performance of the service (Art. 6(1)(b)).

4.4 Network connections (third-party data sources)

To deliver maps, POIs and weather, the App connects to the third-party services listed in Section 6. The information transmitted is what is technically necessary to fulfil the request: typically your IP address (visible to the server because of the nature of the internet), the geographic bounding box being queried, and timestamps. No personal identifiers are added by the App.

4.5 Local notifications

The App may schedule local notifications (for example, sun-event reminders). These are generated and delivered entirely on the device through Apple’s UserNotifications framework. The App does not use remote push notifications and does not register a push token with any server. You may disable notifications from iOS Settings › Notifications.

5. App Tracking Transparency (ATT)

On first launch the App presents the iOS App Tracking Transparency prompt. Your choice controls whether the advertising SDK (Google Mobile Ads, see Section 7) may access the Identifier for Advertisers (IDFA) for the purposes described in the prompt:

You can change this choice at any time from iOS Settings › Privacy & Security › Tracking. The “OpenMaps Pro” subscription removes all advertising and, as a consequence, disables any IDFA use by the advertising SDK, regardless of your ATT choice.

6. Map, POI and weather providers

Each provider may, in accordance with its own policy, log the IP address of incoming requests for security and abuse prevention. The developer does not receive these logs.

7. Advertising — Google AdMob

The App displays advertising through the Google Mobile Ads SDK (Google AdMob), publisher ID pub-1193280742171051. Specifically:

Google, acting as an independent controller, may process the following categories of data for the purposes of ad delivery, frequency capping, attribution, fraud prevention, and (where you have granted ATT permission) personalization: IP address, device identifiers (including IDFA when ATT permission is granted), advertising-related events, coarse location derived from IP, device and OS information.

Google’s processing is governed by the Google Privacy Policy and, where applicable, by Google’s contractual commitments under the Ads Data Processing Terms. Standard Contractual Clauses are used for transfers outside the European Economic Area.

Users subscribed to OpenMaps Pro do not see any ads and, for them, the advertising SDK is not initialized.

Legal basis: for non-personalized advertising, the legitimate interest in funding a free application (Art. 6(1)(f) GDPR); for personalized advertising, your consent given through the ATT prompt and any consent banner (Art. 6(1)(a) GDPR).

8. In-app subscriptions — Apple StoreKit

The App offers two optional auto-renewing subscriptions for the OpenMaps Pro tier, handled entirely through Apple’s in-app purchase system (StoreKit):

Both subscriptions remove all advertising described in Section 7. They are Family Sharing eligible: the organizer of an Apple Family group may share the Pro entitlement with other members according to Apple’s settings.

Payment processing. Pricing, billing, refunds, invoicing, taxes and any change to your payment method are handled by Apple. The developer does not receive or store your credit card number, Apple ID, purchase email, billing address or any other payment data. The payment contractual relationship is governed by the Apple Media Services Terms and Conditions.

Data received by the App. Through StoreKit, the App receives only — on-device — the information necessary to verify your active subscription: transaction ID, product ID, purchase date, expiration date, optional revocation date, trial period (if applicable). This information is signed by Apple and validated by the StoreKit 2 framework on your device. It is not sent to any server controlled by the developer.

Local entitlement caching. To remember the Pro status across launches — and avoid a brief “flash” of advertising before online verification — the App stores a single boolean flag (“Pro yes/no”) in UserDefaults, inside its own sandbox. No payment or personal data is included. The flag is updated upon every transaction observed by StoreKit.

Renewal, cancellation and refunds. Subscriptions auto-renew at the end of each period unless cancelled at least 24 hours before. You can cancel at any time in iOS Settings › Apple ID › Subscriptions. Refunds are subject to Apple’s refund policy.

Promotional codes. The App may let you redeem promotional codes issued through App Store Connect; the flow is entirely handled by Apple.

Legal basis: performance of the subscription contract requested by the user (Art. 6(1)(b) GDPR) for the minimal transaction information received via StoreKit; legitimate interest in avoiding service interruptions caused by intermittent connectivity (Art. 6(1)(f) GDPR) for the local entitlement cache.

9. Analytics and crash reporting — Firebase

When the App is shipped with the Firebase configuration file, it integrates:

Firebase is operated by Google. Data is processed in accordance with the Firebase Privacy Notice and the Google Privacy Policy.

If the App is launched without a Firebase configuration file, the Firebase SDKs are not initialized and no analytics or crash data is sent.

Legal basis: legitimate interest in product improvement and stability (Art. 6(1)(f) GDPR), balanced against the limited categories of data and the absence of identifiers added by the App. Where required by local law, consent (Art. 6(1)(a)) applies.

10. What the App does NOT do

11. Where data is processed and international transfers

Data created by you is processed on your iOS device, located wherever you are. Map, POI and weather requests are routed to providers operating servers in the European Union and in third countries (notably the United States for some Apple, Google and Overpass mirrors). Subscription processing by Apple, and advertising and analytics processing by Google, take place in their respective global infrastructures, including the United States, with the safeguards described in Sections 7, 8 and 9.

12. Data retention

13. Security

The App uses HTTPS for all network requests where supported by the upstream provider. StoreKit transactions are signed by Apple and verified on-device by the StoreKit 2 framework. Local content benefits from iOS data protection when your device is passcode-locked. Because the developer does not operate a backend, there is no developer-managed credential store that could be breached.

14. Your rights

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability and objection regarding personal data:

You may also contact the developer at andreapiani.dev@gmail.com. You have the right to lodge a complaint with a supervisory authority. In Italy this is the Garante per la protezione dei dati personali.

15. Children

The App is not directed at children under the age of 13 (or under 16 where required by local law) and does not knowingly collect personal data from children. Advertising delivered through the App is configured to comply with Google’s policies regarding ad serving to children where the App audience requires it. In-app purchases may be restricted via iOS Screen Time or Family controls.

16. Automated decision-making

The App does not perform automated decision-making or profiling that produces legal or similarly significant effects.

17. Changes to this policy

This policy may be updated to reflect new features, new third-party providers, or changes in applicable law. The “Last updated” date at the top tracks the latest revision. Material changes will be announced inside the App on first launch after the update.

18. Contact

For any question regarding this policy, please contact the developer at andreapiani.dev@gmail.com. We aim to respond within 30 days, in accordance with Article 12(3) GDPR.