What we collect, why we collect it, and what we don't.

Last updated: 23 May 2026 · Effective: 23 May 2026

Wendlore is a motorcycle navigation and audio-storytelling app. To do its job it needs to know where you are, where you want to go, and a handful of things about you. This page explains what we keep, what we share, and how to get rid of it. We've tried to write it in plain English; the legal terms only show up where they have to.

This policy applies to the Wendlore mobile app (iOS, Android, Android Auto, Apple CarPlay), the backend services that power it, and this website (wendlore.com).

1. Who we are

Wendlore is operated by Globy Peaks ("Wendlore", "we", "us"). For any privacy question, write to [email protected]. We respond to GDPR / CCPA / general data requests at the same address.

For users in the European Economic Area or the United Kingdom, we act as the data controller for the personal data described below. Our establishment is in Sweden.

2. What we collect

We try to keep this list short. Each item below explains the data, the reason we need it, and where it lives.

Account & profile

Email address — used to sign you in, send password resets, and reach you about your account. Stored in our authentication system (Supabase Auth).
Display name, avatar image, vehicle type (motorcycle / bicycle / car / on foot), preferred curviness, story density, story format, and language — your in-app preferences. Stored in your profile row.

Location

Live location while the app is in use — required to plan a route from where you are, to draw your position on the map, and to trigger location-anchored stories at the right corner.
Background location — only when you start a ride. Wendlore continues to track your position with the screen off so turn-by-turn cues and story narration keep working when your phone is in a tank bag or your pocket. Background location is released as soon as the ride ends. You can revoke it at any time from your OS settings.
Group-ride live position — if you join or host a group ride, your current coordinates are shared in near-real-time with the other riders in that group while the ride is active, and only with them. Sharing stops when you leave the ride.

Routes & ride data

Routes you generate or save — start/end points, waypoints, the route path (a list of coordinates), distance, duration, elevation, and a count of how many times you've ridden it.
Published routes — if you mark a route as public, the route itself (path + metadata) becomes readable by other Wendlore users. Your email and account identifier are not attached to a published route's public view.

Camera

QR scanning — when you scan a friend's group-ride QR, the camera reads the code on-device. No image is uploaded.
Avatar photos — if you choose to upload an avatar, the image is sent to our storage bucket and linked to your profile. You can replace or remove it at any time from the profile screen.

Microphone

Voice search — only when you explicitly start a voice search. The microphone is not used at any other time. We do not record ambient audio. We do not record while you are riding.

Device & technical data

App version, OS, language, and device type — used to debug issues and route you to the right build.
Authentication session tokens — stored locally on your device so you don't have to sign in every time.
Cached audio & route data — story audio and generated routes are cached on your device so they replay offline and don't re-cost network or compute. Cached data stays on your device until you clear it.

What we don't collect

We don't run third-party advertising trackers. We don't sell your data. We don't build advertising profiles. We don't have a marketing list. We do not collect contacts, calendar entries, SMS, call history, or files outside the photos you explicitly choose for your avatar.

3. Why we collect it (legal bases)

If you're in the EEA / UK, here is the GDPR legal basis for each use:

Contract (Art. 6(1)(b)) — account, profile, route generation, navigation, voice search, group-ride participation. Without this data, the app can't do its job.
Consent (Art. 6(1)(a)) — background location, camera, microphone. You grant consent through the OS permission prompt and can withdraw it at any time from OS settings.
Legitimate interest (Art. 6(1)(f)) — keeping the service secure, preventing abuse, and debugging crashes.

4. Service providers we share with

Wendlore relies on a small set of providers that process data on our behalf. Each one only sees the slice of data it needs to do its job.

Supabase — authentication, database, file storage (your account, profile, routes, avatar). supabase.com/privacy
GraphHopper — route calculation. Your start point, end point, and waypoints are sent to GraphHopper to compute a route. graphhopper.com/legal/privacy
Anthropic (Claude) — generates the narrative text for stories tied to places you pass. We send the place name and rough location; we do not send your account identifier. anthropic.com/legal/privacy
ElevenLabs — converts generated story text to audio. We send story text; we do not send your account identifier. elevenlabs.io/privacy
Google Maps Platform & Apple Maps — render the map tiles you see and resolve place names. Subject to Google's / Apple's own privacy terms.
Cloudflare — serves this website and protects our endpoints. cloudflare.com/privacypolicy

We do not sell or rent personal data to anyone. We do not share data with advertisers.

5. International transfers

Some of the providers above are based in the United States or operate global infrastructure. Where personal data is transferred outside the EEA / UK, we rely on Standard Contractual Clauses or an equivalent transfer mechanism with each provider. If you want a copy of the relevant clauses, email [email protected].

6. How long we keep it

Account & profile — for as long as your account exists. Delete your account and it is removed within 30 days.
Routes & rides — for as long as your account exists, or until you delete the route. Published routes you've shared publicly remain available unless you delete them or your account.
Live group-ride positions — held only while the ride is active, then deleted.
Cached audio & route data on your device — until you clear app data or uninstall the app.
Logs & security records — up to 90 days, then purged.

7. Your rights

You can:

Access a copy of the personal data we hold about you.
Correct any of it that's wrong (most of it you can edit from the app's profile screen).
Delete your account, which removes your profile, routes, avatar, and any group-ride history. Email [email protected] or use the in-app delete-account flow.
Object to processing based on legitimate interest.
Withdraw consent for background location, camera, or microphone at any time from your OS settings. The relevant feature will stop working but the rest of the app keeps running.
Export your data in a portable format.
Complain to your local data-protection authority. In the EU, you can find yours via edpb.europa.eu.

California residents have equivalent rights under the CCPA / CPRA: the right to know what we collect, to delete it, to correct it, to opt out of "sale" or "sharing" of personal information (we don't do either), and not to be discriminated against for exercising those rights. Use the same email above.

8. Permissions on Google Play & iOS

Required reading for both stores' submission. Each permission, why it exists, and what happens if you decline:

Foreground location (ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION / NSLocationWhenInUseUsageDescription) — used to anchor the map, plan a route from where you are, and trigger location-based stories. If you decline, Wendlore cannot generate routes or play stories.
Background location (ACCESS_BACKGROUND_LOCATION / NSLocationAlwaysAndWhenInUseUsageDescription) — used only during an active ride, so turn-by-turn cues and story playback continue when the screen is off, the app is backgrounded, or your phone is in a tank bag. Released as soon as the ride ends. If you decline, navigation cannot continue with the screen off.
Camera (CAMERA / NSCameraUsageDescription) — used to scan group-ride QR codes and (optionally) to take a profile photo. If you decline, you can still join group rides by entering a code manually.
Microphone (RECORD_AUDIO / NSMicrophoneUsageDescription) — used only when you explicitly start a voice search. The microphone is otherwise off. If you decline, voice search is unavailable; everything else still works.
Foreground service (Android FOREGROUND_SERVICE_LOCATION) — required by Android to keep ride tracking and audio narration running with the screen off. Active only during a ride.
Notifications — used for turn cues and ride alerts. Optional; the app works without them.

9. Children

Wendlore is not directed at children under 16 and we do not knowingly collect personal data from children under 16. If you believe a child has provided data to us, contact [email protected] and we will delete it.

10. Security

Connections are encrypted with TLS in transit. Data at rest is encrypted by our hosting providers. Database access is gated by row-level security so a given user can only read or modify their own rows. Authentication uses short-lived session tokens. No system is perfectly secure, but we take reasonable measures and tell you promptly if a breach affects your data.

11. Changes to this policy

If we make a material change, we will update the "Last updated" date above and, for changes that meaningfully affect how we handle your data, notify you in-app or by email before the change takes effect. Continuing to use Wendlore after a change means you accept the updated policy.

12. Contact

Privacy questions, data requests, general questions — all to [email protected].

← Back to wendlore.com