Privacy Policy

1. Introduction and Data Controller

Welcome to Alpaka Maps. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website (www.alpakamaps.com) and mobile application ("Alpaka Maps App").

Data Controller:
Alpaka Maps (Beta Version)
Email: hello@alpakamaps.com

Note: Complete business registration and address will be published before commercial launch.

This policy applies to users in the European Union (EU), European Economic Area (EEA), Switzerland, and worldwide. We comply with the General Data Protection Regulation (GDPR/DSGVO), the Swiss Federal Act on Data Protection (FADP/DSG), and other applicable data protection laws.

2. Data We Collect

2.1 Information You Provide Directly

• Account Information: When you create an account, we collect your name, email address, and authentication credentials.
• Waitlist Registration: Name, email address, country, preferred mountain region, and primary activity type.
• Communications: Any messages, feedback, or inquiries you send to us.

2.2 Information Collected Automatically

• Location Data: With your explicit consent, we collect GPS coordinates to provide navigation, slope analysis, and safety features. Location data may be collected in the background when you enable tracking features.
• Device Information: Device type, operating system, unique device identifiers, and app version.
• Usage Data: How you interact with our app, features used, and session duration.
• Log Data: IP address, browser type, access times, and referring URLs (website only).

2.3 Information from Third-Party Services

If you sign in using Google or Apple authentication, we receive basic profile information (name, email) as permitted by your settings with those providers.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): For location tracking, marketing communications, and analytics.
• Contract Performance (Art. 6(1)(b) GDPR): To provide our services, including account management and app functionality.
• Legitimate Interests (Art. 6(1)(f) GDPR): For security, fraud prevention, service improvement, and customer support.
• Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws and regulations.

4. How We Use Your Data

• Provide, maintain, and improve our services
• Display real-time slope analysis and avalanche safety information
• Enable offline map functionality
• Send service-related notifications and updates
• Process waitlist registrations and communicate about app availability
• Respond to your inquiries and provide customer support
• Analyze usage patterns to improve user experience
• Ensure security and prevent fraud
• Comply with legal obligations

5. Third-Party Services and Data Sharing

We use trusted third-party services to provide and improve our services. These providers process data on our behalf under strict data protection agreements:

5.1 Infrastructure and Backend Services

5.2 Mapping and Geographic Services

5.3 Authentication Services

5.4 Security and Analytics

5.5 Other Services

International Data Transfers: Some of our service providers are located in the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data during international transfers.

6. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

• Account Data: Until you delete your account, plus up to 30 days for backup purposes.
• Waitlist Data: Until the product launches or you unsubscribe, then deleted within 90 days.
• Location Data: Processed in real-time for navigation; stored tracking data retained for up to 12 months or until you delete it.
• Log Data: Up to 12 months for security and analytics purposes.
• Legal Requirements: Some data may be retained longer if required by law.

7. Your Rights Under GDPR

If you are located in the EU/EEA or Switzerland, you have the following rights:

• Right of Access (Art. 15 GDPR): Request a copy of your personal data.
• Right to Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data.
• Right to Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Art. 18 GDPR): Limit how we process your data.
• Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw consent at any time without affecting prior processing.

To exercise these rights, contact us at hello@alpakamaps.com. We will respond within 30 days.

Right to Lodge a Complaint: You have the right to file a complaint with a supervisory authority. For Germany, this is the relevant State Data Protection Authority (Landesdatenschutzbeauftragte). For Switzerland, the Federal Data Protection and Information Commissioner (FDPIC).

8. Location Data and Permissions

Our app requires location permissions to provide core safety features:

• Foreground Location: Used for real-time navigation, slope analysis, and displaying your position on the map.
• Background Location: With your explicit consent, used for GPS tracking during tours to record your route. You can disable this at any time in your device settings.

Location data is processed locally on your device whenever possible. When cloud processing is required, data is transmitted securely using encryption.

9. Cookies and Similar Technologies

Our website uses the following technologies:

• Essential Cookies: Required for website functionality (no consent required).
• Analytics (Vercel Analytics): Privacy-friendly analytics that do not use cookies and do not track individual users across sites.
• reCAPTCHA: Google reCAPTCHA uses cookies and collects data to distinguish humans from bots.

You can manage cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• Regular security assessments
• Access controls limiting data access to authorized personnel
• Firebase App Check to prevent unauthorized API access

11. Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@alpakamaps.com.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending an email notification for material changes (if you have provided your email)
• Displaying an in-app notification

We encourage you to review this policy regularly.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Alpaka Maps
Email: hello@alpakamaps.com

We aim to respond to all inquiries within 30 days.

14. Additional Information for Specific Regions

14.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

14.2 Swiss Residents

Swiss residents have rights under the Federal Act on Data Protection (FADP/DSG) that are similar to GDPR rights. The competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC).