Privacy Policy — Peak GPS Altimeter
Effective date: 30 May 2026 · Last updated: 30 May 2026
This Privacy Policy explains how the iOS application Peak GPS Altimeter (also shown as “Altimeter”; the “App”) processes information when you install and use it. Peak is an outdoor altimeter, GPS, compass and weather companion with a barometric altimeter, maps, points of interest (including drinking-water fountains), AI plant identification and AI weather analysis, a peer-to-peer walkie-talkie, an Apple Watch app and home-screen widgets.
We have written this policy to be specific. The App contains advertising, analytics, optional cloud features and an optional in-app subscription; we describe these here in detail rather than hide them.
1. Data controller
- Andrea Piani (Alpy Technologies), independent developer, Italy.
- Privacy contact: andreapiani.dev@gmail.com.
The App is distributed through the Apple App Store. Apple Inc. and Apple Distribution International Ltd. act as independent controllers for the data they process during download, purchase and subscription management, in accordance with their own privacy policies.
2. Scope
This policy covers the App itself, its Apple Watch companion and its home-screen widgets. It does not cover the third-party services listed in Sections 6 to 12, each of which operates under its own privacy notice.
3. Summary at a glance
- The core features of the App work without an account.
- The App displays advertising through Google AdMob (banner, interstitial, rewarded, native and app-open). See Section 7.
- The App offers an optional “Peak Pro” subscription that removes advertising. Payment is handled entirely by Apple. See Section 10.
- The App presents a GDPR consent form (Google UMP) and an App Tracking Transparency (ATT) prompt before serving personalized ads. See Section 5.
- Optional AI features (plant identification, weather analysis) send the relevant photo or context to AI providers. See Section 8.
- The App may use a cloud backend (Supabase) for optional account, sync and review-verification features. See Section 9.
- The App uses Firebase (Analytics and Cloud Messaging for notifications). See Section 12.
- The walkie-talkie works peer-to-peer over the local network; audio is not stored or sent to a developer server. See Section 4.4.
- Your favourites, settings and widget data are stored on your device (and shared with widgets through an App Group).
- Position and sensor data used by the altimeter, compass and tools are processed locally on the device.
4. Categories of data the App processes
4.1 Precise location (GPS)
The App requests Core Location authorization, primarily in While Using the App mode, to centre the map on your position, compute altitude and GPS coordinates, calculate distance and bearing to points of interest, drive the compass, and feed widgets. Background location updates are used only if you enable a feature that requires them.
Location data is processed on your device. When the App requests POIs, weather or map tiles for an area, the upstream server receives the geographic area being queried, not your identity.
Legal basis (GDPR Art. 6): performance of the service you requested (Art. 6(1)(b)) and your consent given through the iOS permission dialog (Art. 6(1)(a)). You may revoke it in iOS Settings › Privacy & Security › Location Services.
4.2 Motion and barometric sensors
The altimeter reads barometric pressure via Apple’s Core Motion (CMAltimeter), and the step counter reads motion activity. These readings are processed on the device and rendered as live values and charts. They are not transmitted to a developer server.
Legal basis: consent (Art. 6(1)(a)) via the iOS Motion & Fitness prompt and the contractual purpose of providing the altimeter and pedometer features (Art. 6(1)(b)).
4.3 Camera and photo library
With your permission, the App uses the camera to take photos with altitude and GPS data overlaid, and the photo library to save those photos or to pick an existing photo for AI plant identification (Section 8). Photos are handled on the device except when you explicitly use an AI feature that sends a photo to an AI provider.
Legal basis: consent (Art. 6(1)(a)) and performance of the requested feature (Art. 6(1)(b)).
4.4 Microphone and local network (walkie-talkie)
The optional walkie-talkie uses the microphone and Apple’s MultipeerConnectivity over the local network (Bonjour service _peak-walkie) to discover and talk to nearby devices running the App. Audio is streamed peer-to-peer between devices on the same local network; it is not recorded, stored, or routed through a server controlled by the developer.
Legal basis: consent (Art. 6(1)(a)) via the iOS Microphone and Local Network prompts and performance of the requested feature (Art. 6(1)(b)).
4.5 Calendar
If you use the sunrise/sunset feature with calendar integration, the App accesses your calendar only to create the event you request. It does not read or upload your calendar contents.
Legal basis: consent (Art. 6(1)(a)).
4.6 Local content, settings and widgets
Content and preferences you create (favourites, recent positions, settings, Pro status, ad counters) are stored on the device. Widgets read a small snapshot (such as current altitude, location and weather) through the App Group group.com.alpytechnologies.privatevault. This content is not, by itself, uploaded to a developer server.
Legal basis: performance of the service (Art. 6(1)(b)).
4.7 Push notifications
If you allow notifications, the App registers for remote push notifications through Apple Push Notification service and Firebase Cloud Messaging, which generates a device push token. The token is used to deliver service and feature notifications. You may disable notifications at any time in iOS Settings › Notifications.
Legal basis: consent (Art. 6(1)(a)).
4.8 Network connections (third-party data sources)
To deliver maps, points of interest, weather and AI results, the App connects to the third-party services listed in Sections 6, 7, 8, 9 and 12. The information transmitted is what is technically necessary to fulfil the request — typically your IP address (visible to any server you connect to), the geographic area queried, timestamps, and, for AI features, the content you submit.
5. Consent: GDPR (UMP) and App Tracking Transparency (ATT)
For users in the EEA/UK, on first launch the App shows a Google User Messaging Platform (UMP) consent form. The Google Mobile Ads SDK is initialized and ads are requested only after consent allows it; if consent is denied, ads are served in non-personalized mode.
The App also presents the iOS App Tracking Transparency prompt. Your choice controls whether the advertising SDK may access the Identifier for Advertisers (IDFA):
- Ask App Not to Track — the App and its SDKs cannot read the IDFA; advertising is non-personalized.
- Allow — the advertising SDK may read the IDFA and serve personalized advertising under Google’s policies.
You can change this at any time in iOS Settings › Privacy & Security › Tracking. The Peak Pro subscription removes advertising and, as a consequence, the related IDFA use.
6. Map, POI and weather providers
- Apple MapKit and Mapbox — base maps and tiles. Governed by the Apple Privacy Policy and the Mapbox Privacy Policy.
- OpenStreetMap and related tile servers — map overlays. OSMF policy.
- Weather providers (such as Open-Meteo / OpenWeather) — weather and forecast data.
- Drinking-water fountain and POI data sources — to display nearby points of interest.
Each provider may log the IP address of incoming requests for security and abuse prevention. The developer does not receive these logs.
7. Advertising — Google AdMob
The App displays advertising through the Google Mobile Ads SDK (Google AdMob), publisher ID pub-1193280742171051, in the following formats: banner, interstitial, rewarded (you opt in to watch an ad in exchange for a feature, such as an AI analysis), native and app-open ads.
Google, acting as an independent controller, may process the following for ad delivery, frequency capping, attribution, fraud prevention and (where you granted ATT permission) personalization: IP address, device identifiers (including the IDFA when permitted), advertising-related events, coarse location derived from IP, and device/OS information.
Google’s processing is governed by the Google Privacy Policy and the Ads Data Processing Terms; Standard Contractual Clauses are used for transfers outside the EEA. Users subscribed to Peak Pro do not see ads.
Legal basis: for non-personalized ads, the legitimate interest in funding a free app (Art. 6(1)(f)); for personalized ads, your consent via UMP and the ATT prompt (Art. 6(1)(a)).
8. AI features — plant identification and weather analysis
The App offers optional AI features. When you use them, the App sends only the data needed to produce the result:
- Plant identification (PlantAI). The photo you choose or capture, plus minimal context, is sent to an AI vision provider (such as OpenAI) to identify the plant. The photo is used to generate the result and is not used by the App to identify you.
- Weather and outdoor AI analysis (WeatherAI / DeepSeek). Weather, altitude and location context for your current area is sent to an AI text provider to generate a summary or recommendation.
These requests may be routed through a developer-operated relay endpoint before reaching the AI provider, in order to protect API keys and apply rate limits. The AI providers process the submitted content under their own privacy policies (for example, the OpenAI Privacy Policy). Do not submit content you consider sensitive.
Legal basis: performance of the feature you requested (Art. 6(1)(b)) and your consent in initiating the AI action (Art. 6(1)(a)).
9. Cloud backend — Supabase
Some optional features use a developer-operated backend hosted on Supabase (peakgps.supabase.co). Depending on the features you use, this may include: optional account/authentication, backup or synchronization of certain app data across your devices, and verification for the review-based discount described in Section 10 (which may involve a non-reversible device fingerprint used solely to prevent abuse of the offer).
If you do not use account, sync or review-discount features, the App’s core functionality operates without sending your data to this backend. Supabase acts as the developer’s hosting processor under the Supabase Privacy Policy.
Legal basis: performance of the requested feature (Art. 6(1)(b)); legitimate interest in preventing fraud/abuse of promotional offers (Art. 6(1)(f)).
10. In-app subscriptions — Apple StoreKit
The App offers an optional auto-renewing Peak Pro subscription that removes advertising, handled entirely through Apple’s in-app purchase system (StoreKit). The App may also offer a discounted subscription in exchange for a verified App Store review (“review-for-free / discount” offer).
Payment processing. Pricing, billing, refunds, taxes and payment methods are handled by Apple. The developer does not receive or store your card number, Apple ID, billing address or other payment data, under the Apple Media Services Terms.
Data received by the App. Through StoreKit the App receives only the on-device information needed to verify an active subscription (transaction ID, product ID, purchase and expiration dates). A small entitlement flag (“Pro yes/no”) is cached on the device to remember your status.
Renewal and cancellation. Subscriptions auto-renew unless cancelled at least 24 hours before the period end. Manage or cancel in iOS Settings › Apple ID › Subscriptions; refunds follow Apple’s policy.
Legal basis: performance of the subscription contract (Art. 6(1)(b)); legitimate interest in offering the discount and preventing its abuse (Art. 6(1)(f)).
11. Apple Watch and synchronization
The App includes an Apple Watch companion. The iPhone and Watch exchange sensor and UI state (such as altitude, location and walkie-talkie audio) through Apple’s WatchConnectivity framework, directly between your paired devices. This synchronization does not route your data through a developer server.
12. Analytics and crash reporting — Firebase
The App integrates Firebase (operated by Google):
- Firebase Analytics — aggregate product analytics (events such as feature usage and, in anonymized form, ad performance and ad revenue via impression-level reporting). By default these events do not include personal identifiers added by the developer.
- Firebase Cloud Messaging — push notification delivery (see Section 4.7).
- Crash reporting, when configured — crash diagnostics including device model, OS version and a generated installation identifier.
Data is processed under the Firebase Privacy Notice and the Google Privacy Policy.
Legal basis: legitimate interest in product improvement and stability (Art. 6(1)(f)); where required, consent (Art. 6(1)(a)).
13. What the App does NOT do
- No sale of personal data within the meaning of CCPA/CPRA. Sharing for the limited advertising purposes in Section 7 may qualify as “sharing” under CPRA; California residents can opt out via the ATT prompt or subscribe to Peak Pro.
- No recording or server-side storage of walkie-talkie audio.
- No background tracking of your location for advertising.
- No direct handling of payment data — subscriptions are fully intermediated by Apple.
- No mandatory account for the core altimeter, GPS, compass and weather features.
14. Where data is processed and international transfers
Data you create is processed on your iOS device. Map, POI, weather and AI requests are routed to providers operating in the European Union and in third countries (notably the United States for some Apple, Google, Mapbox, OpenAI and Supabase infrastructure). Advertising, analytics, messaging and AI processing take place in the respective providers’ global infrastructures, including the United States, with the safeguards described above (including Standard Contractual Clauses where applicable).
15. Data retention
- Content stored on the device is retained until you delete it in the App or uninstall the App.
- The on-device Pro entitlement flag is cleared on expiration or uninstall; Apple retains transaction records under its own policies.
- Any data synced to the Supabase backend for account/sync/review features is retained while the feature is active and deleted on request or when no longer needed for the stated purpose.
- Firebase Analytics events are retained per the project’s default retention; crash reports for a limited period; advertising data per Google’s policies.
- AI providers retain submitted content per their own policies.
16. Security
The App uses HTTPS for requests where supported by the upstream provider. StoreKit transactions are signed by Apple and verified on-device. Local content benefits from iOS data protection when your device is passcode-locked. Access to the Supabase backend is restricted by scoped keys and server-side rules.
17. Your rights
If you are in the EEA, the UK, or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability and objection:
- Erase local data: uninstall the App.
- Withdraw permissions (location, motion, camera, photos, microphone, local network, calendar, notifications): iOS Settings › Privacy & Security and Settings › Notifications.
- Withdraw ATT consent / reset the advertising identifier: iOS Settings › Privacy & Security › Tracking.
- Review your GDPR ad-consent choice: from the App’s privacy options, where available.
- Manage or cancel Peak Pro: iOS Settings › Apple ID › Subscriptions.
- Account, sync or backend data: contact the developer to access or delete data held in the Supabase backend.
- Exercise rights against Apple, Google, Mapbox, OpenAI or Supabase for the processing they control: through their respective privacy centres.
Contact the developer at andreapiani.dev@gmail.com. You may lodge a complaint with a supervisory authority; in Italy this is the Garante per la protezione dei dati personali.
18. Children
The App is not directed at children under 13 (or under 16 where required by local law) and does not knowingly collect their personal data. Advertising is configured to comply with Google’s policies. In-app purchases can be restricted via iOS Screen Time or Family controls.
19. Automated decision-making
The App does not perform automated decision-making or profiling that produces legal or similarly significant effects. AI features generate informational results (such as a plant name or a weather summary) and do not make decisions about you.
20. Changes to this policy
This policy may be updated to reflect new features, new third-party providers, or changes in applicable law. The “Last updated” date tracks the latest revision. Material changes will be announced in the App on first launch after the update.
21. Contact
For any question regarding this policy, contact the developer at andreapiani.dev@gmail.com. We aim to respond within 30 days, in accordance with Article 12(3) GDPR.