Legal

Privacy Policy

Effective: 18 May 2026

Waymark is built on a simple principle: your walks are yours. We don't ask you to sign in, we don't build a profile of you, and your discoveries live on your phone. This page explains exactly what data the app touches, why, what leaves your device, and the legal rights you have over it.

Plain-English summary. No account. No tracking across apps or sites. No advertising. Your location is used only while you're actively exploring, and only to find nearby places. Your discoveries and chat history are stored on your device. We send anonymous events to help us fix bugs and improve stories.

Who we are (data controller)

Waymark is operated by Liriksoft, the data controller responsible for personal data processed in connection with the app. You can reach us at waymark@liriksoft.com for any privacy question, data request, or complaint.

Data we collect

Location

When you tap Start exploring, the app uses your device's location (when-in-use only) to find historic places nearby. The app sends your coordinates directly from your device to OpenStreetMap (via the Overpass API at overpass-api.de) to look up nearby points of interest. We do not receive or store your location coordinates on our servers — only the identifier of the place you choose to read about.

If you stop exploring, close the app, or revoke location permission, the app stops requesting your location.

Anonymous device identifier

The first time the app opens, it requests an anonymous, randomly-generated device token from our server. This token has no relationship to your name, email, Apple ID, or any other personal information. It exists so the server can rate-limit abuse and so a single device's subscription entitlement can be honored across reinstalls.

Story and chat content

When the app generates a story for a place near you, it sends the place's identifier (an OpenStreetMap or Wikidata ID) to our server. The server uses publicly available facts about that place to generate the story.

When you ask the guide a follow-up question, your question and the conversation context are sent to our server, which forwards them to a third-party AI model provider (see Third Parties below) to generate a reply. We do not retain the contents of your chats on our servers beyond what's needed to serve the response, and we don't link them to a personal identity.

Diagnostic events

The app sends anonymous events to help us fix bugs and improve quality. These events include things like:

A story was shown, dismissed, or failed to load
A chat was opened, the number of turns used
An exploration session started or ended
An error returned from a third-party data source

Events include a random session identifier, the place ID involved, and timing data. They do not include your location coordinates, the contents of stories or chats, or any personal information.

Purchases

If you subscribe to Premium, the purchase is processed by Apple through the App Store (on iOS) or Google through Google Play Billing (on Android). We use RevenueCat to manage subscription receipts and entitlements across both stores. RevenueCat receives an anonymous identifier and the receipt details required by the store for subscription management. We do not receive your payment details, your Apple ID or Google account, or your name.

Data we don't collect

Your name, email address, phone number, or any account information (the app has no signup)
Your contacts, photos, calendar, microphone, or camera
Browsing history outside the app
Advertising identifiers — we do not show ads and do not participate in cross-app tracking
Background location — we only ask for location when you start a session
Health, biometric, or sensitive special-category data of any kind

Data stored on your device

The following lives only on your phone, in the app's private storage, and is never sent to our servers:

Your discovered places (the Discoveries list)
Your chat conversations with the guide
Your settings, including story sensitivity and appearance preferences
The lifetime free-story counter that determines when the paywall appears

Deleting the app removes all of this data permanently. There's nothing to download or export from a server because nothing about you is stored there.

Third parties

To deliver the app's features, we work with the following providers (all of whom act as data processors on our behalf, except where otherwise noted):

Anthropic — generates stories and chat replies. Place context and your chat messages are sent to Anthropic's API. See Anthropic's privacy policy.
Apple — handles iOS app distribution and subscription billing through the App Store. Apple acts as an independent controller for its own processing. See Apple's privacy policy.
Google — handles Android app distribution and subscription billing through Google Play. Google acts as an independent controller for its own processing. See Google's privacy policy.
RevenueCat — manages subscription state and entitlement validation across both stores. See RevenueCat's privacy policy.
Cloudflare — hosts our backend, including the Durable Object that stores per-device quota and the analytics pipeline that records anonymous events. See Cloudflare's privacy policy.
OpenStreetMap and Wikidata — public, open data sources we query for place information. We send place coordinates and identifiers in queries; these services may log standard request metadata under their own privacy policies.

How we use the data

To find places near you while you walk
To generate stories and chat replies for those places
To process your subscription and verify entitlements
To fix bugs, measure feature reliability, and improve story quality (anonymous diagnostic events)
To prevent abuse and enforce rate limits
To respond to your support and privacy questions

We do not sell, rent, or share your data for advertising. We do not use it to train AI models on your inputs (our third-party AI provider Anthropic's policies apply to API processing). We do not share data with third parties beyond the service providers listed above.

Legal basis for processing (GDPR)

Where the EU General Data Protection Regulation or its UK equivalent applies to you, we process your data on the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR) — anonymous device authentication, story and chat generation, subscription validation, and other processing needed to deliver the service you requested.
Consent (Art. 6(1)(a) GDPR) — location access, which you grant via the iOS or Android permission prompt and can revoke at any time in your device's Settings without affecting prior processing.
Legitimate interests (Art. 6(1)(f) GDPR) — anonymous diagnostic events, abuse prevention, rate limiting, and security. Our legitimate interest is keeping a free-to-try, low-cost service working reliably and free from abuse; we balance this against your privacy by minimizing data collected, using anonymous identifiers, and excluding chat contents and location coordinates from the diagnostic pipeline. You may object to processing based on legitimate interests at any time.
Legal obligation (Art. 6(1)(c) GDPR) — retention of subscription records required by applicable tax, consumer-protection, and accounting law.

International data transfers

Some of our service providers process data outside your country of residence:

Anthropic, Apple, RevenueCat, Cloudflare — primarily in the United States, with some operations in other regions.
OpenStreetMap, Wikidata — distributed across multiple jurisdictions, primarily Europe.

Where personal data is transferred outside the European Economic Area, the United Kingdom, or another jurisdiction with similar protections, we rely on appropriate safeguards adopted by the European Commission and the UK Information Commissioner's Office, including Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum where applicable, to ensure your data continues to receive a level of protection equivalent to that under GDPR.

Data retention

We retain data only as long as necessary for the purpose for which it was collected:

Anonymous device identifier and quota counter — retained for the lifetime of the device's use of the app, to honor your subscription entitlement and free-tier quota across reinstalls. Reset by request to waymark@liriksoft.com (we will need your in-app device ID to locate the record).
IDFV-to-device-id recovery mapping — retained so that reinstalling the app on the same device restores your subscription state. Removed on request.
Anonymous diagnostic events — retained up to 90 days, then deleted or aggregated. Includes session and event metadata, never coordinates or chat contents.
Chat contents and story prompts — sent to Anthropic to generate a reply, then discarded by our servers. We do not store these on our infrastructure beyond the duration of the request.
Server access logs — retained up to 30 days for security, abuse prevention, and debugging.
Subscription and tax records — retained as required by Apple, Google, applicable tax law, and our records of any disputes; typically 6 to 7 years from the end of the tax year in which the transaction occurred.

Your rights under EU/UK GDPR

If you are in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction whose data-protection law mirrors GDPR, you have the following rights with respect to your personal data:

Right of access — to know what personal data we hold about you, if any, and to receive a copy.
Right of rectification — to have inaccurate or incomplete personal data corrected.
Right of erasure ("right to be forgotten") — to ask us to delete personal data we hold about you.
Right to restriction of processing — to limit how we process your data while a question is resolved.
Right of data portability — to receive your data in a structured, commonly used, machine-readable format.
Right to object — to processing based on legitimate interests, including profiling.
Right not to be subject to automated decision-making that produces legal or similarly significant effects on you. Waymark does not perform any such automated decision-making.
Right to withdraw consent — for processing based on your consent (such as location access), at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email waymark@liriksoft.com. We will respond within 30 days. Because Waymark has no signup, you may need to share your in-app device ID (Settings → About) so we can locate any data tied to your device. Identity verification is proportionate — we will not ask for more information than is necessary to confirm your request.

You also have the right to lodge a complaint with a data protection supervisory authority in the country where you live, work, or where you believe a violation occurred. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk. We would appreciate the chance to address your concern first.

Your rights as a California resident (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you the following rights regarding your personal information:

Right to know — what categories of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it (described above).
Right to delete — to ask us to delete personal information we have collected, subject to exceptions required by law.
Right to correct — to ask us to correct inaccurate personal information.
Right to opt out of sale or sharing — Waymark does not sell your personal information and does not share it for cross-context behavioral advertising, so there is nothing to opt out of.
Right to limit the use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the service, infer characteristics, or for purposes that would require an opt-out under the CPRA.
Right to non-discrimination — we will not deny you service, charge you different prices, or provide a different level of service because you exercised any of these rights.

To exercise these rights, email waymark@liriksoft.com. We will respond within 45 days. We do not have a process for authorized agents to submit requests on your behalf at this time; please contact us directly.

Deleting your data

Waymark stores data in two places: on your device (local SQLite, in app-private storage) and on our server (anonymous usage events and a quota counter, both keyed to a random device identifier). You can delete either or both at any time.

Local data on your device

All discoveries, chat history, settings, and the free-story counter live on your phone in app-private storage. Uninstalling the app deletes them immediately and irrecoverably.

iOS: long-press the Waymark icon → Remove App → Delete App.
Android: Settings → Apps → Waymark → Uninstall, or long-press the icon → App info → Uninstall. If you want to clear data without uninstalling, choose Storage & cache → Clear storage.

Server-side data

The only server-side data tied to you is an anonymous device identifier plus the quota counter and diagnostic event records associated with it (none of which include your location coordinates, the contents of stories or chats, or any personal information). To delete this data, email waymark@liriksoft.com from the device you want purged, or include your in-app device ID (Settings → About) in the message body. We will delete all records associated with that device ID within 30 days and confirm by reply.

If you have an active subscription, deleting server-side data does not cancel it; cancel separately in your store account (see "Your choices" below).

Your choices

Stop sharing location: revoke the app's location permission in iOS Settings (Settings → Waymark → Location) or Android Settings (Settings → Apps → Waymark → Permissions → Location), or simply stop your exploration session.
Delete everything on your device: uninstall the app (see "Deleting your data" above).
Delete server-side data: email waymark@liriksoft.com (see "Deleting your data" above).
Cancel your subscription: on iOS, Settings → your name → Subscriptions → Waymark. On Android, Google Play app → profile → Payments & subscriptions → Subscriptions → Waymark.
Ask us a question: email waymark@liriksoft.com.

Security

We use industry-standard technical and organizational measures to protect data in transit (HTTPS/TLS) and at rest (encrypted Cloudflare storage). No system is perfectly secure; if we become aware of a personal-data breach that affects you, we will notify you and the relevant supervisory authority as required by law (within 72 hours under GDPR, where applicable).

Children

Waymark is rated 4+ and is suitable for general audiences. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/UK, where applicable). The app's design, with no signup and no profile building, means it does not collect identifying information from any user, regardless of age. If you are a parent or guardian and believe a child has provided personal information that requires deletion, email waymark@liriksoft.com and we will act promptly.

Cookies and analytics on this website

The Waymark marketing website at waymark.liriksoft.com does not set its own tracking cookies and does not use cross-site advertising or analytics tools. Standard server access logs may record IP address, user agent, and requested URL for security and operational purposes, retained briefly.

Changes to this policy

If we change this policy in a material way, we'll update the effective date at the top of this page and, where appropriate, notify users in the app. Continued use of Waymark after a change indicates acceptance of the updated policy. Prior versions are available on request.

Contact

Questions, concerns, or data requests: waymark@liriksoft.com. We aim to respond within 30 days.