Privacy Policy

• Account information: Your email address and codename (chosen during signup).
• App data: Cities, specimens (journal entries), routes, profile settings, and travel preferences you create within the app.
• Photos: If you upload photos, they are stored with your app data. EXIF metadata (GPS coordinates, camera info, date taken) may be extracted client-side and stored alongside the image.
• Usage data: Login timestamps, sync timestamps, and state version numbers used to keep your data consistent across sessions.

• Account authentication is handled by Supabase, hosted on AWS infrastructure.
• Your app data is stored as an encrypted JSON document in a Supabase PostgreSQL database.
• A local copy of your data is also cached in your browser's localStorage for offline access and performance.
• Your data is associated with your user account and protected by Row Level Security — only you can access your data.

GUS relies on a small number of third-party services to function:

• Supabase (authentication, database) — supabase.com/privacy
• Cloudflare (website hosting, CDN) — cloudflare.com/privacypolicy
• Google Fonts (typography loading) — fonts.google.com — no cookies are set; font files are cached locally by your browser.
• OpenStreetMap / CARTO (map tiles) — when you use the Atlas, map tile images are loaded from these services.
• Nominatim (geocoding) — city coordinates are looked up via OpenStreetMap's Nominatim service.

• We do not use cookies.
• We do not use advertising trackers.
• We do not use analytics services.
• Supabase stores authentication tokens in your browser's localStorage (not cookies).

• Export: You can export all your data at any time in JSON or CSV format from within the app (Settings > Export).
• Delete: You can delete your account and all associated data by contacting us.
• Access: You can view all data we store about you within the app itself.
• Portability: Your exported JSON file contains your complete dataset and can be imported into any future version of GUS.

• All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
• Database access is protected by Row Level Security policies.
• We do not share, sell, or rent your personal data to any third party.

GUS is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

We may update this policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

If you have questions about this policy or your data, reach us at gustravelintel@gmail.com.