Privacy Policy

Last updated: March 25, 2026

1. Introduction

Welcome to WeCamino. We are committed to protecting your privacy. This privacy policy explains how we collect, use, and protect your personal information when you use our mobile application and website.

2. Information We Collect

We collect the following categories of information to provide and improve our service:

Account Information

  • Name — Your display name, used in your profile and visible to other pilgrims
  • Email Address — Used for account creation, authentication, and important communications
  • Profile Details — Optional biography, home country, and avatar photo

Location Data

  • GPS Coordinates — Precise location (latitude, longitude, altitude) collected during active walks to track your Camino progress
  • Background Location — When you have an active walk, location tracking continues in the background so your progress is recorded even when the app is not in the foreground
  • Current Position — Used to show your location on the Camino map and to suggest nearby pilgrims

Location tracking only occurs when you explicitly start a walk. You can stop tracking at any time by completing or abandoning your walk.

Photos

  • Trail Photos — Photos you choose to upload, along with captions, the GPS location where they were taken, and associated walk/stage information

Social & Community Data

  • Posts & Replies — Text content, images, and location/stage tags you share in the feed
  • Likes — Posts you like
  • Friend Connections — Friend requests you send and accept

Walk & Activity Data

  • Walk History — GPS traces, distances, start/end locations, route names, durations, and completion status for each walk
  • Statistics — Aggregated totals such as total kilometres walked and walks completed

Usage Analytics

We use PostHog to collect anonymised usage analytics including screen views, feature usage events, and error reports. This data is linked to your user ID and helps us improve the app experience. No analytics data is shared with advertisers.

3. How We Collect Information

Authentication

We offer the following sign-in methods:

  • Sign in with Apple — We receive your name (if you choose to share it) and email address (or Apple's private relay email). Apple Sign In provides enhanced privacy protections.
  • Sign in with Google — We receive your name and email address from your Google account.
  • Email & Password — You provide your email and a password directly. Passwords are securely hashed and never stored in plain text.

Location Services

Location access is requested when you first use the app. You can manage location permissions at any time in your device's Settings. Background location ("Always" permission) is only used during active walks to ensure continuous tracking.

Data Storage

We use Supabase as our backend service provider for authentication, database, and file storage. Supabase provides enterprise-grade security and is compliant with major privacy regulations including GDPR. Your data is encrypted both in transit (TLS/SSL) and at rest.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your account
  • To track and display your Camino walking progress
  • To show your location on the map and suggest nearby pilgrims
  • To enable social features — posts, replies, likes, and friend connections
  • To store and display your trail photos
  • To provide community leaderboards and statistics
  • To send you important updates about the app or your account
  • To improve the app based on usage analytics
  • To provide customer support

We do NOT use your information for:

  • Third-party advertising or behavioural tracking
  • Selling or sharing your data with third parties for their marketing purposes

5. Privacy Controls

WeCamino gives you control over your visibility and data sharing. Within the app, you can configure:

  • Profile Visibility — Choose who can see your profile: everyone, friends only, or private
  • Show Distance — Hide or show your total walking distance from other users
  • Show Home Country — Hide or show your home country on your profile
  • Activity Sharing — Control whether your activity is shared with the community
  • Friend Requests — Allow or block incoming friend requests

6. Data Sharing and Third Parties

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We share data only with the following service providers who help us operate the app:

  • Supabase — Authentication, database, and file storage (processes all core data on our behalf)
  • Apple — Authentication services (when you use Sign in with Apple)
  • Google — Authentication services (when you use Sign in with Google)
  • PostHog — Usage analytics (receives anonymised usage events and error reports)
  • Resend — Transactional email delivery (receives your email address when we send you emails)

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

7. Data Security

We take the security of your personal information seriously and implement industry-standard security measures:

  • All data transmission is encrypted using TLS/SSL protocols
  • Data at rest is encrypted in Supabase's secure infrastructure
  • Passwords are securely hashed — we never store or have access to your plain-text password
  • Row Level Security (RLS) policies ensure users can only access their own data
  • Access to personal data is restricted to authorised personnel only

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. When you delete your account, we will delete your personal information within 30 days, including your profile, walk history, photos, posts, and friend connections. Some anonymised analytics data may be retained for product improvement purposes.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access — Request a copy of the personal information we hold about you
  • Correction — Request correction of inaccurate or incomplete information
  • Deletion — Request deletion of your personal information and account
  • Data Portability — Request a copy of your data in a structured, machine-readable format
  • Withdraw Consent — Withdraw your consent to data processing at any time
  • Object — Object to certain types of data processing

To exercise any of these rights, please contact us at the email address in Section 12. We will respond to your request within 30 days.

10. Children's Privacy

WeCamino is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy in the app and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: privacy@wecamino.com

Response Time: We aim to respond to all inquiries within 48 hours

Compliance

This privacy policy is designed to comply with:

  • Apple App Store Review Guidelines (Section 5.1 — Privacy)
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)