PRIVACY POLICY

Where Am I (WAI)

Last updated: 12 Mar 2026

1. Controller and Scope

This Privacy Policy explains how personal data is processed when you use the mobile application Where Am I (“WAI”, “App”, “Service”).

Data Controller

Stanislav Pelekhov

Flotowgasse 23/1/7

1190 Vienna

Austria

Email: [privacy@jumpstartapp.at]

This Privacy Policy applies to users located in the European Union (EU)/European Economic Area (EEA), the United Kingdom, and the United States.

This document applies regardless of whether you use the App actively, passively, in the background, or through future integrations (such as vehicle or system interfaces).

This Privacy Policy is intended to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), applicable Austrian data protection law, and other relevant data protection regulations.

2. Overview and Core Principles

The App is designed as a location-based informational and experiential service.

The operator processes personal data in accordance with the principles of:

data minimization,
purpose limitation,
storage limitation,
integrity and confidentiality.

Personal data is processed only to the extent necessary to provide the App’s core functionality and is never used for advertising, resale, or unrelated profiling purposes.

3. Categories of Personal Data Processed

3.1 Location Data (Core Functionality)

The App processes precise location data on a continuous basis while the App is in use.

This may include:

latitude and longitude,
timestamps,
inferred movement patterns based on location signals.

Purpose

Location data is required to determine proximity to places, trigger narration, and associate generated content with passed locations. Without precise location data, the core functionality of the App cannot operate.

Storage

Location history is stored locally on the device for up to 24 hours and is automatically deleted unless explicitly saved by the user. The operator does not maintain a permanent server-side log of unsaved location histories.

Location data is not used to track users across unrelated services or applications.

3.2 Generated Content and Usage Data

The App processes:

AI-generated narration and textual descriptions,
associations between locations and generated content,
interaction data (e.g., narration started, skipped, saved).

This data is processed to provide continuity of experience, enable recap functionality, and improve content relevance.

Generated content may be stored temporarily on servers as part of the content generation process and may be retained in anonymized or aggregated form to improve the Service.

3.3 Technical and Diagnostic Data

The App processes limited technical and diagnostic data, including:

device type and operating system version,
app version,
crash logs and error reports,
anonymized performance metrics.

This data is processed strictly to ensure stability, security, and functionality of the App. It is not used to identify users personally.

3.4 Account Data (Future Features)

At launch, the App does not require the creation of a user account.

If account functionality is introduced, the App may process identifiers such as email address or platform login credentials, together with user preferences and saved journeys. Any such processing will remain subject to this Privacy Policy and applicable law.

4. Use of Artificial Intelligence

The App uses artificial intelligence services, including third-party providers, to generate location-based content.

Location data and contextual signals may be transmitted to servers solely for the purpose of generating requested outputs. AI providers act on the operator’s instructions and do not independently determine the purposes of processing.

AI-generated content is produced automatically and is not reviewed or curated on an individual basis.

AI-related processing is conducted strictly within the scope of the legal bases described in this Privacy Policy and does not involve automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR.

5. Legal Bases for Processing (EU / UK)

Personal data is processed under the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR): Processing necessary to deliver the App’s core functionality.
Consent (Art. 6(1)(a) GDPR): Processing of precise location data where required by device or platform rules.
Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary to ensure security, prevent misuse, and improve the Service.

Where processing is based on consent, users may withdraw consent at any time via device settings. Withdrawal of consent may limit or disable App functionality.

6. Sharing of Personal Data

Personal data is shared only to the extent necessary to operate the App.

6.1 Service Providers

Personal data may be shared with service providers that support:

AI processing,
analytics,
crash reporting,
hosting and infrastructure.

Such providers act as processors under applicable data protection law and are contractually bound to process data only on documented instructions and to apply appropriate security measures.

6.2 Third-Party Navigation Services

If you choose to open third-party navigation or mapping services (e.g., Google Maps), data processing is governed exclusively by the third party’s privacy policies.

The operator does not control, access, or receive data processed by such third-party services.

7. International Data Transfers

Some service providers may be located outside the EU/EEA or UK.

Where personal data is transferred internationally, appropriate safeguards are applied, including adequacy decisions, standard contractual clauses, or equivalent legal mechanisms. Transfers are limited to what is necessary for service delivery.

8. Data Retention

Personal data is retained only for as long as necessary for the purposes described:

non-saved location data: automatically deleted within 24 hours;
saved journeys: retained until deleted by the user;
technical and diagnostic data: retained for limited periods necessary for stability and security.

Retention periods may vary depending on legal obligations, operational needs, or security requirements.

9. User Rights (EU / UK)

Users have the following rights under applicable law:

access your personal data;
request rectification of inaccurate data;
request erasure (“right to be forgotten”);
request restriction of processing;
receive data portability where applicable;
object to processing based on legitimate interests.

Requests are handled in accordance with applicable law and may require verification of identity.

10. US Users – State Privacy Rights

Depending on applicable state law, US users may have rights to:

access personal data;
request deletion or correction;
limit certain processing activities.

The App does not sell personal data and does not engage in targeted advertising or cross-context behavioral profiling.

11. Security Measures

The operator implements appropriate technical and organizational measures to protect personal data, including access controls, encrypted communications, and limited access to data.

While reasonable efforts are made to protect data, no system can guarantee absolute security, and residual risks may remain.

12. Children’s Privacy

The App is not intended for individuals under 18 years of age.

The operator does not knowingly collect personal data from minors. If such data is identified, it will be deleted without delay.

13. Changes to This Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in functionality, legal requirements, or operational practices.

Material changes will be effective upon publication, and continued use of the App constitutes acceptance of the updated Privacy Policy.

14. Contact and Complaints

For privacy-related inquiries, requests, or complaints, contact:

Email: [privacy@yourdomain.com]

EU/UK users also have the right to lodge a complaint with a competent data protection authority.

For users in Austria, the competent authority is the Austrian Data Protection Authority (Datenschutzbehörde).