Privacy Policy

Last updated: 21/01/2026

This Privacy Policy explains how our mobile application ("Hereditas") collects, uses, and protects personal data when you use our art and monument recognition service. By using the App, you agree to this Policy.

1. Information We Collect

Personal Identifiers

When you create an account, we collect your email address and authentication credentials. You can register with email/password or via third-party providers (Google or Apple). If you use Google or Apple login, we receive basic account information (name, verified email) to authenticate you. We do not collect passwords from those services, and we do not collect government IDs or phone numbers.

Public Profile Information: Your username and avatar image are publicly visible to all users of the App. This information is displayed on your profile and can be viewed by anyone using the App, regardless of whether they follow you or have access to your scans.

User Photos and Discoveries

The core function of the App is to recognize artworks, monuments, and cultural sites from photos. When you take or upload a photo, the App collects and uploads the image for analysis.

Each photo (a "discovery" or "scan") is stored securely in your user profile together with the location where the photo was taken, which helps improve recognition accuracy and allows you to revisit your discoveries later.

The location is collected via your device's location services at the time of capture (with your consent). If you disable location access, the App can still work but recognition and record accuracy may be reduced. We do not derive or store location data from metadata in other photos without your permission.

Photos and their associated recognition data (description, date, and location) are stored permanently in your profile until you choose to delete them.

Account Privacy Settings: You can choose to set your account as either public or private. Public accounts allow all users to view your scans and discoveries. Private accounts require you to approve follow requests before other users can access your scans. Once you approve a follow request, that user can view your scans and discoveries.

Social Features

The App includes social features that allow you to follow other users and be followed by others. When you follow another user, you can view their public scans or, if their account is private, you can send a follow request. If a private account accepts your follow request, you will be able to view their scans and discoveries.

We collect information about your follow relationships, including who you follow and who follows you, to enable these social features.

Content you choose to make visible to other users (such as public scans, discoveries, and profile information) may be viewed, shared, or saved by those users outside of the App (for example, via screenshots or screen recordings). We are not responsible for how other users handle content that you choose to make publicly accessible.

Automatic Device and Log Data

We collect limited technical information for security and operations, including:

  • IP address
  • Device type and operating system
  • App version and timestamps
  • Error or crash logs

This information helps ensure service reliability and detect abuse. It is not used for advertising or behavioral profiling.

2. How We Use Your Information

We use collected information to operate, maintain, and improve the App:

  • Recognition and Explanations: Your photo and its location are processed through AI recognition to identify the artwork, monument, or site and to generate an explanation.
  • Audio Narration: The textual explanation may be converted into speech using a third-party text-to-speech engine.
  • Profile History: We store each discovery - including its photo, explanation, and location - in your user profile. The visibility of this content depends on your account privacy settings (public or private).
  • Social Features: We use your profile information, follow relationships, and account privacy settings solely to enable social interactions within the App, such as following other users, approving follow requests, and viewing scans based on privacy settings. Follow relationships are not used for behavioral profiling or personalized advertising.
  • Authentication and Account Management: Your identifiers (email, Google/Apple ID) are used to authenticate your account, send password resets, and ensure security.
  • Support and Operations: Device and log data are used to monitor performance, troubleshoot issues, and prevent abuse.
  • Improvement: We may analyze aggregated, anonymized data to understand usage trends (e.g., most recognized monuments).
  • Advertising: We use Meta and TikTok to track anonymized interactions and conversions for advertising purposes.

3. Third-Party Services

We integrate a few essential third-party providers to power the App's features:

  • OpenAI (ChatGPT API): We send your photo and its location to OpenAI's API for AI recognition and explanation. OpenAI also provides text-to-speech services to convert explanations into audio narration. OpenAI does not use API data for training and retains data for up to 30 days solely for abuse monitoring.
  • Supabase (Backend): We use Supabase for secure database and file storage. Supabase stores user profiles, discoveries, and location data on encrypted cloud infrastructure (AWS or GCP). Data is encrypted in transit and at rest. Supabase acts as our data processor and cannot access or use your data for any independent purpose.
  • Google and Apple (Authentication): When using Google or Apple sign-in, these providers verify your identity and share basic info (name and email). We do not access your passwords or any unrelated personal data. You remain subject to their respective privacy policies during sign-in.
  • Meta and TikTok: We use Meta and TikTok to track anonymized interactions and conversions for advertising and marketing performance measurement. Data is processed according to their respective privacy policies.

We do not sell or share user data with data brokers. We may share anonymized or aggregated data with advertising platforms (such as Meta) for marketing and analytics purposes.

4. Data Sharing and Disclosure

Sharing with Other Users

The App includes social features that allow you to share content with other users:

  • Public Profile Information: Your username and avatar image are publicly visible to all users of the App.
  • Public Accounts: If your account is set to public, all users can view your scans, discoveries, and associated information (including photos, descriptions, dates, and locations). This content is accessible to anyone using the App.
  • Private Accounts: If your account is set to private, only users whose follow requests you have approved can view your scans and discoveries. You have full control over who can access your content by managing follow requests.
  • Follow Relationships: Information about who you follow and who follows you may be visible to other users, depending on your privacy settings.

You can change your account privacy settings at any time in the App. Changing from public to private will immediately restrict access to your scans, but users who were already following you will retain access. Changing from private to public will make all your scans visible to all users. We do not disclose private account content or follow-request data to other users unless you explicitly approve access through your privacy settings.

Other Disclosures

We only disclose personal data in limited situations:

  • Legal Requirements: If required by law, subpoena, or court order, we may disclose information after verifying the request's validity.
  • Security and Fraud Prevention: We may disclose data to prevent fraud, abuse, or threats to safety.
  • Business Transfers: In case of a merger, acquisition, or sale of assets, user data may be transferred to the successor organization, provided they maintain equivalent privacy standards.
  • Third-Party Links: This Policy does not apply to third-party websites or services that may be linked through the App. We recommend reviewing their privacy policies separately.

5. Data Retention and Security

Retention

  • Discoveries: Stored indefinitely in your profile (photo, explanation, location) until deleted by you or when your account is removed.
  • Chat Content: Processed transiently and not retained.
  • Logs: Retained briefly for operations and then deleted or anonymized.

If you delete your account, all discoveries and related data (including locations) are erased from our main systems within a reasonable time. Backups are securely purged in regular cycles.

Security

  • Encryption at rest and in transit (HTTPS/TLS)
  • Strong password hashing (bcrypt or equivalent)
  • Strict access controls and database isolation
  • Secure Supabase infrastructure (SOC 2– and GDPR-compliant)
  • Continuous monitoring and routine vulnerability updates

While no system is 100% secure, we apply best practices to prevent unauthorized access. Users should keep login credentials confidential and report any suspected breaches.

6. Legal Bases for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal grounds:

  • Contractual necessity: To deliver the core functions (recognition, profile storage, narration).
  • Consent: For using your device's camera and location services.
  • Legitimate interest: For ensuring security, preventing abuse, and improving functionality.

You can withdraw consent (for location or camera access) anytime through your device settings, though certain features may be limited.

7. International Data Transfers

Because our servers and providers (e.g., Supabase, OpenAI) may operate globally, your data may be stored or processed in countries outside your residence.

We implement safeguards such as EU Standard Contractual Clauses (SCCs) to ensure your data receives an equivalent level of protection wherever it is processed.

8. Your Rights

Depending on your jurisdiction (e.g., EU/UK GDPR, California CCPA/CPRA, Virginia CDPA), you have the right to:

  • Access and obtain a copy of your data
  • Correct inaccuracies
  • Delete your account and associated data
  • Withdraw consent (e.g., for location use)
  • Object or restrict certain processing
  • Request data portability

You can delete discoveries or your full account in-app or by contacting us at info@hereditas.dev. Because chat content is not stored, there is no chat history to export or erase.

We will respond to verified requests within the time required by law (typically within 30 days).

9. Cookies and Analytics

We use Meta and TikTok for analytics and advertising. These technologies track anonymized app events and conversions. Data is processed according to Meta's and TikTok's respective privacy policies.

If we introduce cookies, additional analytics, or advertising tools in the future, we will update this Policy and request any required user consent.

10. Newsletter and Push Notifications

If you opt in, we may use your email to send newsletters, product updates, and occasional offers. You may unsubscribe at any time using the link in the email.

The App may also send push notifications (e.g., feature updates or reminders). These can be disabled at any time through your device settings.

11. Children's Privacy

The App is not intended for children under 13 years old. We do not knowingly collect personal information from minors.

If you are under 13, do not use the App or provide personal data. If we discover that a child has provided personal data without parental consent, we will delete it promptly.

Parents who believe their child has an account should contact us at info@hereditas.dev.

12. Changes to This Policy

We may update this Policy periodically. Updates will be posted in the App and marked with a new "Last Updated" date.

For significant changes, we will notify users via email or in-app notice. Continued use of the App after updates means acceptance of the revised terms.

13. Contact Us

If you have questions or privacy-related requests, contact us at:
Email: info@hereditas.dev