Privacy Policy

How we handle your data

Effective: 19 April 2026 Version: 1.0 (draft) Contact: privacy@walklore.app
On this page
  1. Who we are
  2. What we collect
  3. Why we collect it
  4. Who we share it with
  5. How long we keep it
  6. Your rights
  7. Security
  8. Children
  9. International transfers
  10. Changes to this policy
  11. Contact

1. Who we are

Walklore (“we”, “us”) is a location-based audio storytelling service that generates short, narrated stories about places near you. This policy explains what personal data we collect when you use the Walklore web app, Android app, or related services, and what we do with it.

The controller of your data is Walklore — contact: privacy@walklore.app.

2. What we collect

CategoryDataSource
Account Name, email address, Google account ID, profile photo URL Google Sign-In, when you create an account
Precise location Latitude and longitude (GPS-accurate), compass heading Your device, when you tap Spark or enable Walk Mode
Preferences App language, content language, narrator voice, story categories, mood, playback speed Settings you configure in the app
Usage content Stories generated for you, audio playback history, saved library items, photos you submit via “What is this place?” Your interactions with the app
Device & logs IP address, user agent, request timestamps, error logs Automatically, when your device contacts our servers

We do not collect biometric data, contacts, SMS, call logs, or microphone input. We do not use advertising identifiers.

3. Why we collect it

  • To provide the core service. Precise location is required to find points of interest near you and generate a relevant story. Without location, the app cannot function.
  • To personalize your experience. Preferences shape the stories we generate — language, tone, topics, narrator voice.
  • To remember your library. Stories and generations you create are tied to your account so you can replay them later.
  • To keep the service working. Logs and error reports help us debug crashes and investigate abuse.
  • To comply with law. We may retain records when required by legal obligation.

Under the GDPR, our legal basis is “performance of a contract” (Art. 6(1)(b)) for the data you need for the service to work, and “legitimate interests” (Art. 6(1)(f)) for security logs and abuse prevention.

4. Who we share it with

We do not sell your personal data. We do share it with the following third-party processors, strictly to deliver the service:

ProcessorPurposeData shared
Google Cloud Platform Application hosting, database, storage (Cloud Run, Cloud SQL, GCS) All service data — encrypted at rest and in transit
Google Sign-In Authentication Your Google account identity, as you authorize
Google Maps Platform Maps, geocoding, directions Your latitude/longitude during a session
Google Gemini (AI) Story text generation Point-of-interest names, your chosen language, mood, and category (no account identifier)
Google Cloud Text-to-Speech & ElevenLabs Story narration The story text to be narrated
Wikipedia & Wikimedia Commons Background content and images Queries based on location (no personal identifier)
OpenStreetMap / Overpass Map and POI data Bounding-box queries based on your location (no personal identifier)

These processors act under their own privacy policies. We do not share data with advertisers or data brokers.

5. How long we keep it

  • Account data: until you delete your account.
  • Generated stories & library: until you delete them, or until you delete your account.
  • Location data: the exact coordinates of each Spark are stored alongside the resulting story. If you delete the story, the coordinates are deleted with it.
  • Server logs: 30 days, then deleted or anonymized.
  • Photos submitted via “What is this place?”: discarded after the story is generated unless you save it to your library.

6. Your rights

Wherever you live, you have the following rights over your data:

  • Access — ask for a copy of what we hold about you.
  • Correction — fix inaccurate data.
  • Deletion — delete your account and all associated data. You can do this from inside the app under Settings → Delete account, or on the web at /delete-account.
  • Export — receive a machine-readable copy of your data.
  • Withdraw consent — revoke Google Sign-In permission at any time from your Google Account.

If you are in the EU/EEA or UK, you may also lodge a complaint with your national data-protection authority.

Account deletion is permanent and immediate. We do not retain deleted accounts. Server-log entries are anonymized within the normal 30-day retention window.

7. Security

Your data is encrypted in transit (HTTPS/TLS) and at rest (Google-managed keys). Access to production systems is restricted to a small number of engineers and is audit-logged. We do not store your Google password — authentication is handled entirely by Google.

No online service is perfectly secure. If we discover a breach that affects your personal data, we will notify you without undue delay as required by law.

8. Children

Walklore is not intended for users under 13 years of age (or 16 where applicable under local law). We do not knowingly collect data from children. If you believe a child has provided us data, please contact us so we can delete it.

9. International transfers

Our servers run in Google Cloud’s europe-west1 region. When data is transferred to processors outside the EEA (for example, to AI services operated from the United States), it is covered by Google’s and ElevenLabs’ standard contractual clauses and equivalent safeguards.

10. Changes to this policy

If we make material changes, we will notify you in the app and by email before the changes take effect. The “Effective” date above always reflects the current version. Earlier versions are available on request.

11. Contact

Questions, requests, or complaints? Write to privacy@walklore.app. We respond within 30 days.

This policy is provided in English. Translations may be offered for convenience, but in any dispute the English text is the binding version.