Legal
Privacy Policy
Last updated: June 30, 2026
The short version: Lore collects the data the app needs to function — location to show you nearby places, your account info to save your history, and photos if you choose to share them. We don’t sell your data, we don’t run ads, and we don’t share it beyond what’s listed here. The details are below.
1. Who we are
Lore is operated by Tekavra Creative LLC, based in St. Petersburg, Florida, USA. Questions: hello@whatsthelore.app.
2. What we collect and why
Account data
- Email address and password — to create and protect your account. Passwords are hashed and never stored in plain text.
- Display name and profile photo — shown to other users in Crew and on places you’ve visited. Optional; you can use a pseudonym.
Location data
- Precise location (foreground) — used to show nearby places on the map while the app is open. Required for core discovery functionality.
- Precise location (background) — used only when you start an active Crew outing. Lets your Crew members see where you are during the outing. You are always shown a clear on/off toggle before background location activates, and it stops the moment the outing ends or you turn sharing off.
- Live location during outings is shared only with the specific Crew members in that outing. It is not stored permanently — only the most recent position is held in memory for the duration of the outing.
Photos and media
- Camera and photo library access — only when you choose to add a photo (profile picture or a place). Photos you upload are stored in our media service and may be visible to other users on the place’s page.
Contacts
- Contacts access — used only to help you find people you know when adding them to a Crew. Contact data is never uploaded to our servers or stored beyond the in-app search session.
Push notifications
- We request a push notification token to send you alerts (Crew invites, outing updates). Tokens are stored in our database and associated with your account. You can revoke notification permission at any time in your device settings.
User-generated content
- Places you save, visits you log, reviews or notes you write, and Crew outings you create are stored in our database and linked to your account. Some of this (place visits, reviews) may be visible to other users.
Usage data
- Basic technical data (device type, OS version, app version, error logs) collected to diagnose crashes and improve stability. Not linked to your identity beyond the session.
3. How we use your data
- To operate the app and provide the features you use.
- To send transactional emails (account confirmation, password reset).
- To send push notifications you have opted into.
- To prevent abuse (rate-limiting, spam detection).
- To improve the app based on aggregate, anonymised usage patterns.
- We do not use your data for advertising or sell it to third parties.
4. Third-party services
We use the following infrastructure providers. Each receives only the data necessary for its function.
- Cloudflare — serverless compute, media storage (R2), key-value cache, and AI inference. Your data may transit Cloudflare’s global network.
- Neon (PostgreSQL) — primary database for accounts, places, outings, and user content. Hosted in the United States.
- Brevo — transactional email delivery (account emails only). Your email address is shared with Brevo solely to send you emails we initiate.
- MapTiler — map tile provider. Your device fetches map tiles directly from MapTiler servers; your IP address is visible to them for this purpose.
- Google Maps Platform — used on iOS for the underlying map renderer. Subject to Google’s privacy policy.
5. Data retention
- Account data is kept until you delete your account.
- Live outing location data is ephemeral — held in memory only for the duration of the active outing, then discarded.
- Push notification tokens are removed when you delete your account or revoke permission and the token is no longer valid.
- Anonymised crash and usage logs are retained for up to 90 days.
6. Deleting your account and data
You can delete your account from within the app: go to Profile → Settings → Delete Account. This permanently removes your account, saved places, reviews, and all associated personal data. Deletion is irreversible.
Alternatively, email hello@whatsthelore.app from your registered address and we will delete it manually within 7 days.
7. Children
Lore is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has created an account, contact us at hello@whatsthelore.app and we will delete it.
8. Your rights
Depending on where you live, you may have the right to access, correct, or delete your personal data, or to restrict or object to its processing. To exercise any of these rights, email hello@whatsthelore.app.
9. Security
We use HTTPS for all data in transit. Passwords are hashed using industry-standard algorithms. Access to our database is restricted to authorised systems. No method of transmission or storage is 100% secure, but we take reasonable measures to protect your data.
10. Changes to this policy
If we make material changes, we’ll update the date at the top and notify active users by email or in-app notice. Continued use of the app after changes constitutes acceptance.
11. Contact
Tekavra Creative LLC
St. Petersburg, Florida, USA
hello@whatsthelore.app