Privacy Policy

LoreAtlas is a GPS-powered city discovery app that helps you explore heritage sites, architecture, food history, and hidden stories across Los Angeles. The App uses your device's location to show you nearby sites and track which places you've visited.

We do not store or transmit precise GPS coordinates to our servers. Location processing occurs on your device. We store which places you've visited as simple site IDs — not your continuous location history, travel routes, or movement patterns.

Account Information. When you create an account, we collect your email address and a password. Account creation is handled by Supabase, our authentication provider. We do not store your password directly — it is encrypted and managed by Supabase.

Email Signup. If you sign up for our Field Dispatches email list, we collect your email address. This is processed by HubSpot, our email and CRM provider.

Content Interests. During onboarding, you may select content interest categories (such as Architecture, Film & Hollywood, Food & Drink, Haunted & Dark, etc.). These preferences are stored locally on your device.

Feedback and Corrections. If you contact us to report a correction or provide feedback, we collect the information you choose to share.

Location Data. When you enable GPS, we access your device's location to show you nearby sites and determine when you are within close proximity of a site (approximately 80–100 meters) to mark it as “visited.” Your location data is processed on your device in real time. We do not store or transmit precise GPS coordinates to our servers.

Visited Places. When you open a site's detail view while within GPS range, the App records that site's ID as “visited.” This visited list is stored locally on your device and is not transmitted to our servers under normal operation. If you are signed into an account, your visited site history may be synced to our servers to preserve your progress across devices. In that case, we store only the list of site IDs and timestamps — not your GPS coordinates or location history.

Purchase Information. When you purchase a content pack, the transaction is processed by Stripe. Stripe collects your payment information directly — we never see or store your full card details. We receive confirmation of which pack you purchased and when.

Device and Usage Information. We may collect basic technical information such as device type, browser type, and general usage events to improve the App. Analytics data may include anonymized device identifiers and general usage events, but is not used to track your precise location.

Cookies and Local Storage. The App uses your browser's localStorage to store preferences, content unlock status, visited site history, and session data. This data is stored locally on your device and is not transmitted to our servers under normal operation. We do not use tracking cookies for advertising purposes.

We use the information we collect to provide the App's core features (nearby discovery, visited tracking, content delivery, walking routes), process purchases, send Field Dispatches emails if you signed up, improve the App based on anonymized usage patterns, respond to feedback and support requests, and protect against fraud.

We process your data to provide the App, fulfill purchases, and based on your consent (such as enabling location services or signing up for emails). You can withdraw consent at any time.

We do not:

• Sell your personal information to third parties
• Share your location data with advertisers
• Track your continuous GPS location or movement patterns
• Build advertising profiles based on your behavior
• Use third-party advertising networks
• Use your data for purposes unrelated to the App

• Supabase (Authentication) — Handles account creation, login, and password management. Stores your email and encrypted password. supabase.com/privacy
• Stripe (Payments) — Processes content pack purchases. Collects and stores your payment information directly. We never see your full card details. Stripe may retain transaction records as required by financial regulations. stripe.com/privacy
• HubSpot (Email & CRM) — Manages our Field Dispatches email list. If you sign up for emails, HubSpot tracks email opens and clicks. HubSpot may use cookies for this tracking. legal.hubspot.com/privacy-policy
• Vercel (Hosting) — Hosts the App. May collect basic server logs including IP addresses. vercel.com/legal/privacy-policy
• Leaflet / OpenStreetMap (Maps) — Provides map tiles. Map tile requests may include your general viewport area but not your precise GPS coordinates. wiki.osmfoundation.org/wiki/Privacy_Policy
• PostHog (Analytics — Planned) — Will be used for anonymous, aggregated usage analytics. Does not use third-party cookies. Not yet active. posthog.com/privacy

Local Data. Most of your App data (preferences, visited sites, unlock status, content interests) is stored locally on your device in your browser's localStorage. This data remains on your device until you clear it.

Account Data. If you create an account, your email and encrypted password are stored by Supabase on secure servers. We retain account and purchase data as long as your account is active, and as required for legal or financial recordkeeping. If you delete your account, we remove your data within 30 days, except where retention is required by law.

Email Data. If you subscribe to Field Dispatches, your email address is stored by HubSpot. It is retained until you unsubscribe or request deletion.

Purchase Data. Records of your content pack purchases are retained as long as your account is active. Stripe may independently retain transaction records as required by financial regulations.

We use industry-standard security practices appropriate for the type of data we handle. However, no method of electronic transmission or storage is 100% secure.

Location Access. You can enable or disable GPS at any time through the App or your device's settings. The App works without GPS — you can browse all content manually.

Visited History. Your visited site history is stored on your device. You can clear it by clearing your browser's localStorage for the App.

Email Communications. You can unsubscribe from Field Dispatches at any time by clicking the unsubscribe link in any email.

Account Deletion. You can request deletion of your account and all associated data by emailing privacy@getloreatlas.com. We will process requests within 30 days.

Data Export. You can request a copy of your personal data by emailing privacy@getloreatlas.com. We will provide your data in a commonly used format within 30 days.

Do Not Track. The App does not respond to “Do Not Track” browser signals because we do not engage in cross-site tracking.

LoreAtlas is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at privacy@getloreatlas.com.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request a summary of the categories of personal information we have collected, including identifiers (email address), commercial information (purchase history), internet or electronic network activity (general usage data), and geolocation data (visited site IDs, not continuous location).
• Right to Delete: You can request deletion of your personal information.
• Right to Opt Out of Sale: We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@getloreatlas.com.

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top. For material changes, we will notify you via email or through a notice in the App.

Email: privacy@getloreatlas.com

Address: LoreAtlas · Los Angeles, CA 90020