Privacy Policy — Peak GPS Altimeter

Effective date: 30 May 2026 · Last updated: 30 May 2026

This Privacy Policy explains how the iOS application Peak GPS Altimeter (also shown as “Altimeter”; the “App”) processes information when you install and use it. Peak is an outdoor altimeter, GPS, compass and weather companion with a barometric altimeter, maps, points of interest (including drinking-water fountains), AI plant identification and AI weather analysis, a peer-to-peer walkie-talkie, an Apple Watch app and home-screen widgets.

We have written this policy to be specific. The App contains advertising, analytics, optional cloud features and an optional in-app subscription; we describe these here in detail rather than hide them.

1. Data controller

The App is distributed through the Apple App Store. Apple Inc. and Apple Distribution International Ltd. act as independent controllers for the data they process during download, purchase and subscription management, in accordance with their own privacy policies.

2. Scope

This policy covers the App itself, its Apple Watch companion and its home-screen widgets. It does not cover the third-party services listed in Sections 6 to 12, each of which operates under its own privacy notice.

3. Summary at a glance

4. Categories of data the App processes

4.1 Precise location (GPS)

The App requests Core Location authorization, primarily in While Using the App mode, to centre the map on your position, compute altitude and GPS coordinates, calculate distance and bearing to points of interest, drive the compass, and feed widgets. Background location updates are used only if you enable a feature that requires them.

Location data is processed on your device. When the App requests POIs, weather or map tiles for an area, the upstream server receives the geographic area being queried, not your identity.

Legal basis (GDPR Art. 6): performance of the service you requested (Art. 6(1)(b)) and your consent given through the iOS permission dialog (Art. 6(1)(a)). You may revoke it in iOS Settings › Privacy & Security › Location Services.

4.2 Motion and barometric sensors

The altimeter reads barometric pressure via Apple’s Core Motion (CMAltimeter), and the step counter reads motion activity. These readings are processed on the device and rendered as live values and charts. They are not transmitted to a developer server.

Legal basis: consent (Art. 6(1)(a)) via the iOS Motion & Fitness prompt and the contractual purpose of providing the altimeter and pedometer features (Art. 6(1)(b)).

4.3 Camera and photo library

With your permission, the App uses the camera to take photos with altitude and GPS data overlaid, and the photo library to save those photos or to pick an existing photo for AI plant identification (Section 8). Photos are handled on the device except when you explicitly use an AI feature that sends a photo to an AI provider.

Legal basis: consent (Art. 6(1)(a)) and performance of the requested feature (Art. 6(1)(b)).

4.4 Microphone and local network (walkie-talkie)

The optional walkie-talkie uses the microphone and Apple’s MultipeerConnectivity over the local network (Bonjour service _peak-walkie) to discover and talk to nearby devices running the App. Audio is streamed peer-to-peer between devices on the same local network; it is not recorded, stored, or routed through a server controlled by the developer.

Legal basis: consent (Art. 6(1)(a)) via the iOS Microphone and Local Network prompts and performance of the requested feature (Art. 6(1)(b)).

4.5 Calendar

If you use the sunrise/sunset feature with calendar integration, the App accesses your calendar only to create the event you request. It does not read or upload your calendar contents.

Legal basis: consent (Art. 6(1)(a)).

4.6 Local content, settings and widgets

Content and preferences you create (favourites, recent positions, settings, Pro status, ad counters) are stored on the device. Widgets read a small snapshot (such as current altitude, location and weather) through the App Group group.com.alpytechnologies.privatevault. This content is not, by itself, uploaded to a developer server.

Legal basis: performance of the service (Art. 6(1)(b)).

4.7 Push notifications

If you allow notifications, the App registers for remote push notifications through Apple Push Notification service and Firebase Cloud Messaging, which generates a device push token. The token is used to deliver service and feature notifications. You may disable notifications at any time in iOS Settings › Notifications.

Legal basis: consent (Art. 6(1)(a)).

4.8 Network connections (third-party data sources)

To deliver maps, points of interest, weather and AI results, the App connects to the third-party services listed in Sections 6, 7, 8, 9 and 12. The information transmitted is what is technically necessary to fulfil the request — typically your IP address (visible to any server you connect to), the geographic area queried, timestamps, and, for AI features, the content you submit.

5. Consent: GDPR (UMP) and App Tracking Transparency (ATT)

For users in the EEA/UK, on first launch the App shows a Google User Messaging Platform (UMP) consent form. The Google Mobile Ads SDK is initialized and ads are requested only after consent allows it; if consent is denied, ads are served in non-personalized mode.

The App also presents the iOS App Tracking Transparency prompt. Your choice controls whether the advertising SDK may access the Identifier for Advertisers (IDFA):

You can change this at any time in iOS Settings › Privacy & Security › Tracking. The Peak Pro subscription removes advertising and, as a consequence, the related IDFA use.

6. Map, POI and weather providers

Each provider may log the IP address of incoming requests for security and abuse prevention. The developer does not receive these logs.

7. Advertising — Google AdMob

The App displays advertising through the Google Mobile Ads SDK (Google AdMob), publisher ID pub-1193280742171051, in the following formats: banner, interstitial, rewarded (you opt in to watch an ad in exchange for a feature, such as an AI analysis), native and app-open ads.

Google, acting as an independent controller, may process the following for ad delivery, frequency capping, attribution, fraud prevention and (where you granted ATT permission) personalization: IP address, device identifiers (including the IDFA when permitted), advertising-related events, coarse location derived from IP, and device/OS information.

Google’s processing is governed by the Google Privacy Policy and the Ads Data Processing Terms; Standard Contractual Clauses are used for transfers outside the EEA. Users subscribed to Peak Pro do not see ads.

Legal basis: for non-personalized ads, the legitimate interest in funding a free app (Art. 6(1)(f)); for personalized ads, your consent via UMP and the ATT prompt (Art. 6(1)(a)).

8. AI features — plant identification and weather analysis

The App offers optional AI features. When you use them, the App sends only the data needed to produce the result:

These requests may be routed through a developer-operated relay endpoint before reaching the AI provider, in order to protect API keys and apply rate limits. The AI providers process the submitted content under their own privacy policies (for example, the OpenAI Privacy Policy). Do not submit content you consider sensitive.

Legal basis: performance of the feature you requested (Art. 6(1)(b)) and your consent in initiating the AI action (Art. 6(1)(a)).

9. Cloud backend — Supabase

Some optional features use a developer-operated backend hosted on Supabase (peakgps.supabase.co). Depending on the features you use, this may include: optional account/authentication, backup or synchronization of certain app data across your devices, and verification for the review-based discount described in Section 10 (which may involve a non-reversible device fingerprint used solely to prevent abuse of the offer).

If you do not use account, sync or review-discount features, the App’s core functionality operates without sending your data to this backend. Supabase acts as the developer’s hosting processor under the Supabase Privacy Policy.

Legal basis: performance of the requested feature (Art. 6(1)(b)); legitimate interest in preventing fraud/abuse of promotional offers (Art. 6(1)(f)).

10. In-app subscriptions — Apple StoreKit

The App offers an optional auto-renewing Peak Pro subscription that removes advertising, handled entirely through Apple’s in-app purchase system (StoreKit). The App may also offer a discounted subscription in exchange for a verified App Store review (“review-for-free / discount” offer).

Payment processing. Pricing, billing, refunds, taxes and payment methods are handled by Apple. The developer does not receive or store your card number, Apple ID, billing address or other payment data, under the Apple Media Services Terms.

Data received by the App. Through StoreKit the App receives only the on-device information needed to verify an active subscription (transaction ID, product ID, purchase and expiration dates). A small entitlement flag (“Pro yes/no”) is cached on the device to remember your status.

Renewal and cancellation. Subscriptions auto-renew unless cancelled at least 24 hours before the period end. Manage or cancel in iOS Settings › Apple ID › Subscriptions; refunds follow Apple’s policy.

Legal basis: performance of the subscription contract (Art. 6(1)(b)); legitimate interest in offering the discount and preventing its abuse (Art. 6(1)(f)).

11. Apple Watch and synchronization

The App includes an Apple Watch companion. The iPhone and Watch exchange sensor and UI state (such as altitude, location and walkie-talkie audio) through Apple’s WatchConnectivity framework, directly between your paired devices. This synchronization does not route your data through a developer server.

12. Analytics and crash reporting — Firebase

The App integrates Firebase (operated by Google):

Data is processed under the Firebase Privacy Notice and the Google Privacy Policy.

Legal basis: legitimate interest in product improvement and stability (Art. 6(1)(f)); where required, consent (Art. 6(1)(a)).

13. What the App does NOT do

14. Where data is processed and international transfers

Data you create is processed on your iOS device. Map, POI, weather and AI requests are routed to providers operating in the European Union and in third countries (notably the United States for some Apple, Google, Mapbox, OpenAI and Supabase infrastructure). Advertising, analytics, messaging and AI processing take place in the respective providers’ global infrastructures, including the United States, with the safeguards described above (including Standard Contractual Clauses where applicable).

15. Data retention

16. Security

The App uses HTTPS for requests where supported by the upstream provider. StoreKit transactions are signed by Apple and verified on-device. Local content benefits from iOS data protection when your device is passcode-locked. Access to the Supabase backend is restricted by scoped keys and server-side rules.

17. Your rights

If you are in the EEA, the UK, or a jurisdiction with similar laws, you have the rights of access, rectification, erasure, restriction, portability and objection:

Contact the developer at andreapiani.dev@gmail.com. You may lodge a complaint with a supervisory authority; in Italy this is the Garante per la protezione dei dati personali.

18. Children

The App is not directed at children under 13 (or under 16 where required by local law) and does not knowingly collect their personal data. Advertising is configured to comply with Google’s policies. In-app purchases can be restricted via iOS Screen Time or Family controls.

19. Automated decision-making

The App does not perform automated decision-making or profiling that produces legal or similarly significant effects. AI features generate informational results (such as a plant name or a weather summary) and do not make decisions about you.

20. Changes to this policy

This policy may be updated to reflect new features, new third-party providers, or changes in applicable law. The “Last updated” date tracks the latest revision. Material changes will be announced in the App on first launch after the update.

21. Contact

For any question regarding this policy, contact the developer at andreapiani.dev@gmail.com. We aim to respond within 30 days, in accordance with Article 12(3) GDPR.