Master Privacy Policy

Effective Date: January 18, 2026

1. Introduction and Controller Identity

This Master Privacy Policy governs the collection, processing, retention, and cryptographic management of personal data by Meander ("We", "Us", "Our"), an application developed and operated by, acting as the primary Data Controller under the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). We are fundamentally committed to processing Your personal data with strict adherence to lawful, transparent, and secure methodologies. By accessing, downloading, or utilizing the Meander application and its associated backend routing services, You acknowledge the data processing practices detailed comprehensively within this Policy.

2. Categorization of Processed Data and Purpose Limitation

We process data strictly adhering to the principles of data minimization and purpose limitation. Data is categorized and processed as follows:

2.1 Identity and Authentication Data:

When You authenticate Your account via supported third-party identity providers (e.g., Apple ID, Google Account), We securely receive Your designated name, email address, and profile avatar. This data is utilized exclusively for identity verification, account security, and the provisioning of cloud-synchronized services.

2.2 Financial and Subscription State Data:

For users accessing premium tiers or subscription services, all financial transactions are managed entirely by Our dedicated payment processing sub-processor, RevenueCat. We do not collect, process, intercept, or store raw financial instruments (e.g., credit card numbers). We retain a cryptographic App User ID, transaction timestamps, and real-time subscription statuses to administer Your access rights, prevent fraud, and comply with the regulatory strictures of the Digital Markets, Competition and Consumers Act 2024 (DMCC).

2.3 Geolocation, Telemetry, and Routing Data:

• Foreground Geolocation: To render accurate spatial routing geometries, We process precise GPS coordinates (Latitude/Longitude). This data is processed ephemerally within volatile memory and is not logged permanently within Our databases unless You explicitly execute a "Save Route" command.
• Background Geolocation (Proximity Vectors):

  We leverage native mobile APIs to trigger proactive navigational cues (Proximity Alerts). On iOS devices, background geofencing is used to trigger proximity alerts, requiring "Always" location permissions. On Android devices, activating this feature starts a Foreground Service that continuously tracks Your location while in use and displays a persistent system notification.

  This computational processing occurs entirely locally on the device hardware to calculate vector distances to saved Points of Interest (POIs). Background telemetry is strictly device-bound and is not transmitted to Our primary servers.
• Cloud Synchronization: Saved navigational paths, user preferences, and associated POI metadata are transmitted via encrypted protocols and stored in Our remote relational database to facilitate cross-device continuity.
• Device-Local Caching: Semantic search queries (e.g., "Scenic routes near Hyde Park") are cached locally on Your device storage to accelerate subsequent search indexing. We do not aggregate, synchronize, or process raw search string inputs on Our remote servers.

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, Our data processing activities are predicated on the following lawful bases:

• Contractual Necessity (Art. 6(1)(b)): Processing identity, subscription state, and foreground location data is strictly necessary to perform the core navigation and routing services You request when accepting Our Terms of Service.
• Legitimate Interests (Art. 6(1)(f)): Processing anonymized usage metrics, system telemetry, and user feedback scores is necessary to refine Our algorithmic routing models, enhance platform security, and mitigate systemic fraud.
• Consent (Art. 6(1)(a)): Background location processing and the utilization of non-essential device tracking rely entirely on Your explicit, freely given, and readily revocable consent, granted via device-level permissions.

4. International Data Transfers and Sub-Processors

To provide a globally resilient infrastructure with low-latency routing, We utilize highly vetted third-party sub-processors. Consequently, Your data is routinely transferred outside the United Kingdom. We ensure all such international transfers comply rigorously with Chapter V of the UK GDPR:

• Fly.io (United Kingdom): Primary relational database hosting (PostgreSQL) and Application Programming Interface (API) deployment. Your permanent route history and account data remain physically hosted within the UK (London region).
• Google Firebase (USA): Utilized for identity management and secure authentication token generation. Transfers of authentication data to the United States are safeguarded by the execution of the UK Extension to the EU Standard Contractual Clauses (SCCs).
• RevenueCat (USA): Utilized for subscription state management. Transfers of cryptographic user IDs to the United States are safeguarded by the UK-US Data Bridge framework.
• Google Gemini AI (USA): We utilize large language models to synthesize descriptive POI data. Only raw, anonymized geographical coordinate data and generic location strings are transmitted to the Gemini API endpoints. We categorically do not transmit any personally identifiable information (PII) or user identities to these AI processing environments.

5. Data Retention Schedules and Cryptographic Anonymization

Data is retained only for the active lifecycle of Your account. In accordance with Article 17 of the UK GDPR (Right to Erasure), You possess the unambiguous right to mandate the immediate deletion of Your account and associated telemetry. Invoking the account deletion function via the Service interface triggers an automated, irreversible cascade that purges Your authentication identity, historical routing data, and OAuth tokens from Our active operational databases.

6. Your Statutory Rights under UK GDPR

You are vested with comprehensive statutory rights regarding the processing of Your personal data:

• Right of Access & Portability: You may request a structured, machine-readable export (JSON/CSV) of all personal data We hold concerning You.
• Right to Erasure (Right to be Forgotten): You may mandate the total deletion of Your cloud history and identity records at any time.
• Right to Rectification: You may correct inaccurate or incomplete data.
• Right to Restrict Processing: You may halt specific processing activities while disputes are resolved.

To exercise these rights, navigate to the privacy controls within the application or initiate a formal request via our designated Data Protection Officer at meander.dev@gmail.com.

7. Statutory Data Protection Complaints Procedure (DUAA 2025 Compliance)

Pursuant to Section 164A of the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025 (DUAA), We operate a mandatory, statutory internal complaints procedure. If You believe We have infringed upon Your data protection rights, mishandled Your data, or failed to honor a data subject access request, You must first raise the issue directly with Us before escalating the matter to regulatory authorities.

• Submission of Complaint: Complaints may be submitted securely via email to meander.dev@gmail.com with the subject line "Formal Data Protection Complaint," or via the dedicated digital form located at our contact page.
• Statutory Acknowledgment: We will officially acknowledge receipt of Your complaint, providing a reference number and an outline of the next steps, within thirty (30) calendar days of receipt.
• Investigation and Resolution: We will conduct a thorough, proportionate investigation into Your claims without undue delay. We aim to provide a comprehensive outcome report detailing Our investigative findings, legal reasoning, and any remedial actions taken within three (3) months of the initial acknowledgment. We will keep You apprised of any complex delays during this period.
• Regulatory Escalation: If You remain dissatisfied following the conclusion of Our internal complaints procedure, You retain the absolute right to escalate the matter to the Information Commissioner's Office (ICO). Contact the ICO via their portal at https://ico.org.uk/make-a-complaint/ or via telephone at 0303 123 1113.

8. Minors and Age Limitations

The Meander application is explicitly not designed for, nor directed at, individuals under the age of thirteen (13). We do not knowingly collect or process personal data from minors. If We become aware that a minor has provisioned an account, We will take immediate steps to summarily erase such information from Our servers.