Privacy Policy

Last updated: 8 June 2026

Waypoint ("Waypoint", "we", "us", or "our") respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights in relation to that data when you use the Waypoint app, website, and related services.

1. Who we are

Waypoint is operated by:

For the purposes of applicable data protection law, EQUILEV LIMITED is the data controller of the personal data described in this Privacy Policy.

2. Who this policy applies to

This Privacy Policy applies to users of:

• the Waypoint mobile app
• our website at waypointmap.co
• any related features, tools, and services we provide

Because Waypoint is available more broadly to users in multiple countries, this policy is written in a general form and may be supplemented by additional rights or disclosures required under local law.

3. What data we collect

Because Waypoint requires users to create an account, we collect and process the following categories of personal data:

a) Account and profile information

When you create and use an account, we may collect:

• your email address
• login and authentication information
• social login information where you sign in using Apple or Google
• account settings and preferences

b) Data you enter into the app

We store the data you enter or create in the app, including:

• saved places
• place names
• addresses
• coordinates
• categories
• tags
• notes
• visit status
• folders, lists, or other organizational structures
• uploaded links
• timestamps

c) Location data

If you allow location access, we may process your device's precise location in connection with map and place-related features, including the display of your current position on the map, the "/here" nearby search, and improving the accuracy of place extraction based on where you are.

We do not store a history of your location. Your device location is used in the moment for the active feature and is not persisted against your account.

d) Uploaded images and screenshots

If you upload a photo, screenshot, or image for place extraction, the image is sent to Google Gemini AI for processing to extract place information.

We do not store these uploaded images on our servers after processing. The image may still be processed temporarily by Google's systems according to its own policies.

e) URLs and extracted content

If you share a URL with Waypoint, we may collect and store:

• the original URL
• extracted place data
• related metadata generated through processing

We may also temporarily fetch and process page content (such as text from articles, social media posts, or video descriptions) in order to extract place information. Where the URL points to content on Instagram or TikTok, we may use a third-party scraping provider (Apify) to retrieve the post text and images.

To improve performance for popular URLs, the extracted place data (not your account information) may be cached server-side so that other users who later submit the same URL receive a faster response without re-processing.

f) Technical and diagnostic data

We use crash reporting and performance monitoring tools to keep the app stable. Depending on how you use the service, we may collect:

• device information (model, OS version)
• app version
• approximate network location derived from IP address
• crash logs and error stacks
• performance traces (such as launch time and slow operations)

We do not associate this diagnostic data with your account identifier.

g) What we do NOT currently collect

This version of Waypoint does not include:

• third-party advertising
• cross-app or cross-site tracking
• advertising identifiers (such as IDFA)
• product analytics tracking individual user behavior
• attribution or marketing measurement
• in-app purchases or subscription billing

If we add any of these features in a future version, this policy will be updated and your App Store privacy disclosure will reflect the change before that version is released.

4. How we use your data

We use your data to:

• create and manage your account
• authenticate you and keep you signed in
• save, sync, and organize your places across devices
• provide maps, place search, geocoding, and related features
• extract place information from text, links, screenshots, and images
• support social login and account recovery
• improve app functionality, performance, and reliability
• diagnose crashes, bugs, and technical issues
• provide customer support
• maintain security and prevent abuse, fraud, and misuse
• comply with legal obligations and enforce our terms

5. Our lawful bases

Where required by applicable law, we rely on one or more of the following lawful bases:

a) Contract

We process much of your data because it is necessary to provide the Waypoint service you requested, including account creation, app functionality, syncing, and place saving.

b) Consent

Where required, we rely on your consent, including for:

• location permissions
• uploading photos or screenshots
• any optional permissions you grant through your device or account settings

You can withdraw consent by changing your app or device settings, though some features may stop working.

c) Legitimate interests

Where permitted, we process certain data for our legitimate interests in:

• improving and developing the service
• securing the app and backend systems
• preventing fraud and abuse
• debugging and performance monitoring
• operating our business

d) Legal obligation

We may also process data where necessary to comply with legal, regulatory, tax, accounting, or law enforcement obligations.

6. Third parties and service providers

We use third-party service providers and infrastructure to operate Waypoint. Depending on how you use the app, your personal data may be processed by or shared with:

• Supabase for backend services, authentication, and database infrastructure
• AWS or related hosting infrastructure used through Supabase
• Google Gemini AI for place extraction from text and images
• Google Places API for place search, geocoding, and place resolution
• Google YouTube Data API for retrieving metadata from YouTube links
• Mapbox for map display, location, and map-related services
• OpenStreetMap / Nominatim as a fallback geocoding service
• Apify for retrieving content from Instagram and TikTok URLs you submit
• Apple and Google for social login (where you choose to use them)
• Sentry for crash reporting and performance monitoring
• email delivery providers used by Supabase for account-related messages

These providers may process personal data on our behalf or, in some cases, as independent controllers depending on the service and the role they play.

7. International data transfers

Because our providers and infrastructure may operate internationally, your personal data may be transferred to and processed in countries outside your country of residence, including outside the UK or EEA.

Where required, we take steps intended to ensure appropriate safeguards are in place for international transfers, such as contractual protections or other lawful transfer mechanisms.

8. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including providing the service, complying with legal obligations, resolving disputes, preventing fraud, maintaining backups, and enforcing agreements.

In general:

• account and app data are kept while your account remains active
• saved places and related content are kept until you delete them or delete your account
• URLs and extracted place data may be kept as part of your account data and service records
• cached extraction results (linked to URLs, not to your account) may be retained for service performance
• diagnostic logs and crash reports may be retained for as long as reasonably necessary for operational and security purposes
• when you delete your account, deletion is handled through Supabase's account deletion procedure, together with our related deletion processes, though limited residual copies may remain in backups, logs, or systems for a limited period where reasonably necessary

9. Data deletion

You can delete your account from within the app, in the Settings tab.

When you delete your account, we will initiate deletion of your account data in accordance with our systems and providers' deletion procedures. Some limited data may continue to exist for a limited period in backups, security systems, or logs where retention is necessary for legal, fraud-prevention, dispute, or technical reasons.

Deleting the app from your device does not delete server-side data associated with your account.

10. Security

We use reasonable technical and organizational measures intended to protect your personal data, including:

• HTTPS encryption in transit
• account authentication controls
• restricted access controls
• backend and database security measures, including row-level restrictions where applicable
• monitoring, logging, and technical safeguards appropriate to the nature of the service

However, no method of transmission, storage, or security is completely foolproof, and we cannot guarantee absolute security.

11. Your rights

Depending on where you live and the law that applies to you, you may have rights to:

• access the personal data we hold about you
• request correction of inaccurate or incomplete data
• request deletion of your data
• object to certain processing
• request restriction of processing
• request portability of your data
• withdraw consent where processing is based on consent
• complain to a data protection authority

If you want to exercise any of these rights, contact us at hello@waypointmap.co.

If you are in the UK, you may also complain to the Information Commissioner's Office (ICO).

12. Children

Waypoint is not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13 without appropriate authorization where required by law.

If you believe a child has provided personal data to us in violation of this policy, contact us at hello@waypointmap.co and we will review the issue.

13. Website and cookies

If you use our website at waypointmap.co, we and our third-party providers may use cookies, local storage, and similar technologies for site functionality, authentication, and security.

Where required by applicable law, we will request consent for non-essential cookies or similar technologies.

14. Third-party links and services

Waypoint may contain links to third-party websites, social login providers, and external services. We are not responsible for the privacy, security, content, or practices of third-party services that we do not control. Your use of those services is governed by their own terms and policies.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above. Where appropriate, we may also notify you through the app, website, or email.

If a future version of the app introduces new categories of data collection (such as analytics, advertising, or in-app purchases), we will update both this policy and the corresponding App Store privacy disclosure before that version is released.

16. Contact

If you have questions about this Privacy Policy or about how we handle your personal data, contact:

← Back to Waypoint