PISTE MAPPER – PRIVACY POLICY
Piste Mapper is governed by the UK General data Protection Regulation (UK GDPR) and the Data Protection Act 2018
Last updated: [1st November 2025]
Who we are. Piste Mapper Limited (Company No. 15002386), The
Mitre, 20 St Marys Grove, Richmond, Surrey, TW9 1UY, United Kingdom
("Piste Mapper", "we", "us",
"our").
Contact (privacy):
[privacy@pistemapper.com]
We respect your privacy. This Policy explains what data we collect, why we collect it, how we use and share it, your choices, and your rights. It applies to the Piste Mapper mobile application, website, and related services (the "App").
We do not sell your personal data.
1) Summary (Plain English)
We collect only what's needed to run navigation, optional group sharing, reliability, and support.
Live location powers routing and (if you enable it) group sharing; by default it is session-only and deleted when you end/close the App.
Run History is opt-in (off by default).
We obtain consent for sensitive features (precise location, notifications, Run History).
You can access, export, correct, delete, and withdraw consent at any time.
2) Who controls your data & legal bases
Data Controller: Piste Mapper Limited (UK).
We process personal data under UK GDPR/EU GDPR using these legal bases: Consent, Contract, Legitimate Interests, and Legal Obligation. We indicate the basis for each purpose below.
3) What we collect, why, and how long we keep it
Category |
What we collect |
Why we collect/use it |
Legal basis |
Typical retention |
Account & Identity |
Name, email address (verification), optional mobile number/photo |
Create and secure your account; service comms; email updates, fraud prevention |
Contract, Legitimate Interests |
While account is active; 30 days after deletion, then delete/anonymise (legal records may persist per law) |
Live Location |
GPS/approx. location during active session |
Turn-by-turn routing; ability-based suggestions; show your position to your private group if you enable sharing |
Consent |
Session-only (short operational cache may persist briefly then purge) |
Run History (optional) |
Saved routes/activities (if enabled) |
Personal records, insights, trip history |
Consent |
Until you delete runs or disable Run History; if inactive for 24 months, we may delete/anonymise |
Group Features |
Group name/members; location you choose to share |
Help friends/family keep together |
Consent |
For the duration of group use; stop sharing ends transmission immediately |
Usage & Diagnostics |
App events, performance, crash logs, device/OS, IP (security/CDN), coarse region |
Reliability, support, abuse/fraud prevention, security |
Legitimate Interests, Legal Obligation (security logs) |
Typically up to 13 months |
Purchases (if enabled) |
Store receipt/token, product tier, renewal state |
Deliver paid features, resolve billing, prevent fraud |
Contract, Legitimate Interests |
Per tax/accounting law (usually 6–7 years UK) |
User Content / Reports (if feature provided) |
Reports, POIs, messages you submit |
Operating the feature, safety UX, moderation |
Consent, Legitimate Interests |
For account life or until removed; logs up to 13 months |
Children. The App is intended for users 16+. If you are under 16, a parent/guardian must review this Policy and consent to your use. If we learn we collected data from a child without proper consent, we will delete it.
4) Your choices & consent controls
Location permission: iOS/Android prompts. Allow Precise/Approximate, While Using the App. Change any time in device settings.
Group sharing: Off by default. Toggle on/off in the group screen; leaving a group stops sharing immediately.
Run History: Off by default. Enable/disable in Settings; delete runs individually or in bulk.
Notifications/marketing: Opt in/out in device settings or in-app.
Marketing emails (if any): We only send with your consent; unsubscribe any time.
You may withdraw consent at any time. This will not affect processing already performed.
5) How we use your data (purposes)
We use personal data to:
Provide navigation and ability-based routing; surface relevant resort info (e.g., openings/closures).
Power optional group location sharing.
Maintain safety UX (we are not a safety or emergency service; see Terms).
Operate, secure, and improve the App; fix crashes; prevent fraud/abuse.
Provide support and service communications; send marketing only if you opt in.
Comply with legal obligations.
We do not use automated decision-making that produces legal or similarly significant effects.
6) Sharing your data (no sales; processors & third parties)
We do not sell personal data. We share data only as needed to run and improve the App, under contracts restricting use to our instructions.
Typical recipients:
Hosting/Cloud/CDN (e.g., UK/EU/US providers).
Maps & Routing (e.g., MapTiler tiles; OpenStreetMap-derived data; our Valhalla routing servers).
Analytics & Crash (platform SDKs for reliability).
Communications (SMS verification; support ticketing).
Payments (Apple App Store / Google Play) if/when enabled.
Legal/Compliance where required by law or to protect rights.
We can provide a current list of sub-processors and regions on request.
We may disclose data if required by law or lawful authority (e.g., court order), or with your consent (e.g., when you choose to share in a group).
7) International transfers
We may process/store data in the UK, EEA, US, or other countries. Where data is transferred outside the UK/EEA, we use lawful safeguards (UK/EU Standard Contractual Clauses) and implement appropriate technical/organisational measures. Contact us for details (redactions may apply).
8) Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (and at rest where appropriate), access controls, least-privilege, monitoring, and secure development practices. No system is 100% secure, but we work to prevent unauthorised access, use, alteration, or disclosure.
If a data breach risks your rights and freedoms, we will notify the appropriate authority and, where required, inform you without undue delay.
9) Your rights
Depending on your location, you may have the right to access, correct, delete, restrict, object to processing, and port your data, and to withdraw consent at any time.
How to exercise: use in-app controls where available or email [privacy@pistemapper.com]. We may need to verify your identity.
UK: You can complain to the ICO (ico.org.uk).
EU (including France/CNIL): You can complain to your local authority (e.g., CNIL in France). You may also set post-mortem directives where applicable.
We will respond within one month (extendable in complex cases as permitted by law).
10) Cookies and similar technologies
Mobile App: We don't use browser cookies. SDKs may rely on identifiers strictly necessary for analytics, crash reporting, or messaging. Manage in your device settings and in-app Privacy controls.
Website: We use only necessary cookies by default. Where we use analytics or marketing cookies, we will request your consent via a banner with granular choices. Cookie lifetimes will not exceed applicable legal limits (e.g., analytics identification typically up to 13 months; associated metrics up to 25 months).
11) Data retention (summary)
We keep data only as long as needed for the purposes stated. When no longer needed, we delete or anonymise it. See the retention column in Section 3 for typical periods.
12) Third-party links & content
The App may link to third-party services (e.g., resorts, restaurants). Their privacy practices are not ours; please review their policies.
13) Changes to this Policy
We may update this Policy. If changes are material, we will notify you (e.g., in-app notice or email). The "Last updated" date shows the latest version. Continued use after an update means you acknowledge the changes.
14) Contact
Email: [privacy@pistemapper.com]
Postal: Piste
Mapper Limited, The Mitre, 20 St Marys Grove, Richmond, Surrey, TW9
1UY, UK
Appendix A — Data map (at a glance)
Data |
Mandatory? |
Stored? |
Basis |
Typical retention |
Account (name, mobile) |
Yes |
Yes |
Contract/LI |
Life of account + legal retention |
Live location |
Only when navigating/group |
Session-only |
Consent |
Deleted at session end |
Run History |
Opt-in |
Yes |
Consent |
Until deleted/disabled; 24-mo inactivity clean-up |
Diagnostics/Crash |
Yes |
Yes |
LI/Legal |
Up to 13 months |
Purchases |
If you buy |
Yes (via stores) |
Contract |
Per law (6–7 yrs UK) |
LI = Legitimate Interests
Attribution (maps & data)
We show attribution in-app, e.g., "Map data © OpenStreetMap contributors" and acknowledge providers such as MapTiler and other licensed sources. Third-party data availability and accuracy may vary.