Privacy Policy
Last updated: 18 June 2026
This Privacy Policy explains how the Santiago Walk mobile
application ("the App", "we", "us") collects, uses, and protects the personal
information of its users ("you", "the pilgrim"). The App is developed and
operated by Juan José Pereira Salinas as an individual developer based in
Spain. We comply with the EU General Data Protection Regulation (GDPR) and
Spanish data protection law (LOPDGDD).
1. Data we collect
1.1 Account data
- Email address — used to create your account, sign in,
and send password recovery emails. Stored in our authentication
provider (Supabase) in encrypted form.
- Display name and alias — shown publicly in the
Community feed if you choose to publish posts.
- Profile picture — optional, uploaded by you, shown
publicly with your posts.
1.2 Pilgrimage data
- Completed stages — which stages of the Camino you have
marked as completed. Stored locally on the device and synced to your
account so you can switch devices.
- Diary entries — title, text, mood, distance walked and
timestamps you write in your personal diary.
- Community posts — text, optional photo, and likes when
you choose to publish.
- Community alerts — weather, accommodation, health or
route warnings you choose to share.
1.3 Location data
The App requests access to your device location only
while in use, exclusively to display your position on the route map. Your
location is not stored, not transmitted, and not shared
with any third party. It only lives in memory while you have the map screen
open.
1.4 Photos
If you choose to upload a profile picture or add a photo to a community
post, the App requests access to your camera and/or gallery. The selected
photo is uploaded to our storage (Supabase) and associated with your account
or post.
2. How we use your data
| Data | Purpose |
|---|
| Email | Authentication, password recovery |
| Display name, alias, picture | Show authorship of community posts |
| Completed stages, diary | Personal tracking, sync between your own devices |
| Posts, alerts, likes | Show in the Community feed to other authenticated users |
| Location | Real-time map positioning, never stored |
3. Legal basis (GDPR)
- Performance of a contract (Art. 6.1.b GDPR) — to
provide you the App you create an account with us.
- Your explicit consent (Art. 6.1.a GDPR) — for optional
features such as photo upload, community posts and alerts.
- Legitimate interest (Art. 6.1.f GDPR) — to operate the
service, prevent abuse, and ensure data integrity (e.g. admin
moderation of inappropriate content).
4. Third-party services
To operate the App we rely on the following service providers (data
processors under GDPR Art. 28). Each one only receives the minimum data
required for its function:
- Supabase (Frankfurt, EU) — authentication, database,
file storage. Privacy policy.
- Stadia Maps (USA) — map tiles. No personal data is
sent; only anonymous tile coordinates. Privacy policy.
- OpenStreetMap — route geometry and POIs, downloaded
once at first launch. No personal data is sent.
- Open-Elevation — anonymous elevation lookups for
stage profiles.
- Google Play Services — required by the Android
operating system. Subject to Google's privacy policy.
5. Data retention
- While your account is active, we keep all data associated with it.
- If you delete your account, all your personal data (diary, posts,
alerts, stages, profile) is permanently deleted from our servers
within 30 days.
- Anonymized backups may persist for an additional 30 days for disaster
recovery purposes, after which they are also destroyed.
6. Your rights (GDPR)
You may exercise the following rights at any time by writing to
hello@santiagowalk.com:
- Access — request a copy of the personal data we hold
about you.
- Rectification — correct inaccurate data.
- Deletion — delete your account and all your data.
- Portability — receive your data in a machine-readable
format.
- Restriction or objection — limit or oppose the
processing of your data.
- Lodge a complaint — with the Spanish Data Protection
Agency (AEPD, www.aepd.es) or your
local supervisory authority.
7. Security
All traffic between the App and our servers is encrypted in transit via
HTTPS/TLS. Passwords are never stored in plaintext; we use the secure hashing
provided by Supabase Auth. Database tables holding personal data are
protected with Row-Level Security policies that restrict each row to its
owner.
8. Minors
The App is not directed to children under 14 years old. We do not
knowingly collect data from minors. If you are a parent or guardian and
believe your child has provided personal data, contact us to delete it.
9. International transfers
Our primary data processor (Supabase) operates infrastructure in the EU
(Frankfurt). When data must be transferred outside the EEA (e.g. Stadia
Maps tile requests), we rely on the European Commission's Standard
Contractual Clauses (SCC) or equivalent safeguards.
10. Changes to this policy
We may update this policy from time to time. We will notify you in-app or
by email of substantial changes. The "Last updated" date at the top of this
document indicates the latest revision.
11. Contact
Data Controller: Juan José Pereira Salinas
Email:
hello@santiagowalk.com
Website:
https://santiagowalk.com
← Back to Santiago Walk