Privacy Policy

1. Introduction

Welcome to StepQuests ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

2. Information We Collect

2.1 Personal Information

When you create an account, we may collect:

• Email address
• Name (if provided)
• Profile information
• Authentication credentials (encrypted)

2.2 Location Data

Our app requires location access to provide tour guidance. We collect:

• GPS coordinates during active tours
• Location data to unlock content at points of interest
• Movement patterns during tour activities

Note: Location data is only collected when you are actively using the app for tours. We do not track your location in the background or when the app is closed.

2.3 Purchase Information

When you purchase tours, we collect:

• Purchase history and transaction IDs
• Receipt validation data (via Apple App Store or Google Play)
• Payment information is handled securely by Apple/Google - we never see your credit card details

2.4 Usage Analytics

We use Amplitude Analytics to improve our service:

• App usage patterns and feature interactions
• Tour completion rates and engagement metrics
• Device type and operating system
• Crash reports and error logs

3. How We Use Your Information

We use your information to:

• Provide and maintain our tour services
• Process your purchases and manage your account
• Deliver location-based content during tours
• Send important service updates and notifications
• Improve our app and develop new features
• Ensure security and prevent fraud
• Comply with legal obligations

4. How We Share Your Information

We may share your information with:

4.1 Service Providers

• Supabase: Database and authentication services
• RevenueCat: In-app purchase management
• Amplitude: Analytics and user behavior tracking
• Mapbox: Map rendering and navigation services

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• End-to-end encryption for authentication
• Secure HTTPS connections for all data transmission
• Regular security audits and updates
• Access controls and authentication requirements

6. Data Retention

We retain your personal information only as long as necessary for the purposes set out in this Privacy Policy. You may request deletion of your account at any time by contacting us at privacy@stepquests.com.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Receive your data in a structured format
• Withdraw Consent: Opt-out of optional data collection

To exercise these rights, contact us at privacy@stepquests.com.

8. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country. We ensure appropriate safeguards are in place for such transfers, including compliance with EU-US Privacy Shield and GDPR requirements.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of our service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

12. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be informed about data collection and use
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision making

Our legal basis for processing your data includes: consent, contractual necessity, legal obligations, and legitimate interests. You may withdraw consent at any time.