Get the App

Privacy Policy

This policy covers the website www.gatto.city and the Gatto iOS application.

1. Data Collected

Gatto does not collect any personally identifiable information by default. However, certain technical and functional data is collected depending on the platform used.

1.1 Technical Connection Data

Automatically collected when accessing the service:

  • IP address (potentially anonymized by certain service providers),
  • device type, browser or app version, operating system,
  • pages or screens visited,
  • date and time of access,
  • HTTP request logs.

This data is necessary for security, abuse prevention, and performance.

1.2 Google Analytics (GA4) — Website Only

The Gatto website uses Google Analytics 4 to measure traffic. The iOS app does not use any third-party analytics SDK (no Firebase, Amplitude, Mixpanel, PostHog, Segment, or Crashlytics).

Data collected on the website:

  • IP address (anonymized if enabled in configuration),
  • GA4-specific cookies,
  • pages visited,
  • events (clicks, navigation),
  • approximate geographic location,
  • device type / browser.

Google may transfer certain data to the United States in accordance with its Standard Contractual Clauses (SCC).

1.3 Mapbox — Website Only

The website uses Mapbox for map display. The iOS app uses Apple Maps (MapKit) and does not transmit any data to Mapbox.

Data collected by Mapbox on the website:

  • IP address,
  • approximate location derived from IP,
  • browser technical information,
  • map display event.

1.4 Hosting and Distribution

Gatto uses several service providers for distribution:

  • Vercel (website hosting) — IP, user agent, requested URL, access logs.
  • AWS CloudFront (CDN) — IP, user agent, approximate region, data necessary for asset delivery.
  • Gatto API (hosted on Fly.io) — service backend. Receives GPS coordinates, filters, and language to provide results.
  • Apple App Store — iOS app distribution. Apple collects data in accordance with its own privacy policy.

None of this data is used for advertising profiling.

1.5 User Account

Creating an account is optional on all platforms (website and iOS application). Non-logged-in users can freely access all discovery features: interactive map, search, place details, rankings, and collections.

An account is only required for account-based features, notably saving favorites. This feature requires authentication because favorites are associated with a user identifier and stored on our servers.

Two identity providers are available:

  • Apple Sign In — available on the iOS app. Requested scope: full name and email. The name is optional (Apple may hide it) and the email may be an Apple relay address.
  • Google OAuth — available on the website and the iOS app (via system browser).

Data collected when creating an account:

  • Email address (required) — for account identification,
  • Full name (optional for Apple Sign In) — to personalize the experience,
  • Profile picture — avatar URL provided by the identity provider,
  • User ID (UUID) — auto-generated by Supabase.

This data is stored securely via Supabase (see section 6).

Authentication token storage:

  • On iOS: tokens are stored in the iOS Keychain with the protection level kSecAttrAccessibleWhenUnlockedThisDeviceOnly.
  • On the website: tokens are managed via secure cookies.

JWT tokens expire after 1 hour and are automatically refreshed.

1.6 Favorites

If you are logged in, you can save places to your favorites. This data is:

  • associated with your user identifier,
  • stored on our servers (Supabase),
  • used solely to allow you to retrieve your saved places.

1.7 Google API Services Compliance

Gatto's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Data obtained from Google Sign-In (email, name, profile picture) is used only for user authentication and account management.
  • This data is not shared with third parties except as described in this policy (Supabase for secure storage).
  • This data is not used for advertising, marketing, or profiling purposes.
  • Users can delete all their Google-sourced data at any time by deleting their account.

1.8 Location

Gatto may use your geographic location to display nearby places, calculate walking distances, and center the map.

  • On the website: browser geolocation is used with your explicit consent (browser permission prompt).
  • On the iOS app: location is requested in "When In Use" mode only — never in the background.

Coordinates are sent as query parameters to Gatto API endpoints to provide relevant results.

Location data is not linked to your user identity and is not used for tracking or profiling.

1.9 Outbound Click Tracking

When you tap a link to a place's website, phone number, directions, or an external mention, Gatto logs the click to improve recommendation quality.

Data recorded:

  • user identifier (if logged in),
  • place identifier (POI),
  • click type (website, phone, directions, mention),
  • source domain and URL, city.

This tracking is deduplicated (2-second window) and operates in fire-and-forget mode. Data is stored in Supabase. No third-party advertising or analytics SDK is used.

1.10 Share Extension — iOS App Only

The iOS app includes a Share Extension that lets you add places to Gatto from other applications.

  • Accepts: URLs and plain text (Google Maps, TikTok, Instagram links, etc.),
  • resolves shortened URLs (goo.gl, bit.ly, t.co, maps.app.goo.gl),
  • extracts: place name, coordinates, place ID,
  • uses an ephemeral network session (no persistent cookies),
  • shares authentication tokens with the main app via a secure App Group.

1.11 Local Storage — iOS App Only

On the iOS app, certain data is stored locally on your device:

  • Keychain: access token, refresh token, and user profile.
  • UserDefaults (App Group): shared tokens for the Share Extension, pending deep links.

No local database is used (no CoreData, SQLite, or local cache). All local data is deleted upon logout or account deletion.

2. Data Not Collected

Gatto does not collect:

  • phone number,
  • postal address,
  • date of birth, gender,
  • background GPS geolocation data,
  • sensitive data (religion, health, orientation, etc.),
  • payment data (Gatto is completely free),
  • advertising identifier (IDFA) — no App Tracking Transparency framework is used,
  • push notification data (not implemented),
  • camera, photos, contacts, calendar, or health data.

On the iOS app: no third-party analytics or advertising SDK is integrated (no Firebase, Amplitude, Mixpanel, PostHog, Segment, Crashlytics, or Sentry).

On all platforms (website and iOS app), creating an account is optional. Non-logged-in users can freely access all discovery features. An account is only required for account-based features (favorites).

3. Processing Purposes

The data collected is used solely to:

  • ensure proper service operation (web and mobile),
  • display the map and nearby places,
  • measure website traffic (via Google Analytics — website only),
  • ensure security and detect potential abuse,
  • optimize display performance (via CloudFront and Vercel),
  • improve recommendations through outbound click analysis.

Gatto does not sell or share any user data with third parties for advertising purposes.

4. Legal Basis for Processing

In accordance with GDPR:

4.1 Legitimate Interest

For:

  • security,
  • technical operation,
  • audience measurement (website),
  • map display,
  • outbound click tracking (service improvement).

4.2 Consent

For:

  • location (browser or iOS system permission),
  • marketing cookies (if added in the future — not currently the case).

5. Data Retention Period

  • Technical data / logs: up to 12 months.
  • Analytics data (GA4, website): standard duration ~26 months (configurable).
  • Outbound clicks: up to 24 months.
  • Account data: retained until account deletion by the user.
  • Favorites: retained until deletion by the user or account deletion.
  • iOS local data (Keychain, UserDefaults): deleted upon logout or account deletion.

6. Service Providers

To provide the service, Gatto uses:

  • Vercel Inc. (website hosting)
  • Mapbox Inc. (map display — website only)
  • Amazon Web Services EMEA (CloudFront CDN)
  • Google LLC (Google Analytics — website; Google OAuth)
  • Apple Inc. (Apple Sign In, App Store distribution)
  • Supabase Inc. (authentication, storage of accounts, favorites, and outbound clicks)
  • Fly.io (Gatto API hosting)

These service providers may process technical data related to your use of the service, as well as your account data if you are logged in.

7. Transfers Outside the European Union

Certain service providers (Google, Mapbox, Vercel, Apple, Fly.io) perform processing in the United States or outside the EU.

These transfers are based on:

  • Standard Contractual Clauses (SCC),
  • additional compliance mechanisms.

8. Security

Gatto implements various measures:

  • HTTPS encryption (TLS 1.2+) for all requests,
  • distribution via reliable CDN,
  • logs limited to strict necessity,
  • no personal data stored locally on the website,
  • secure token storage in the iOS Keychain,
  • sensitive logs excluded in Release mode on iOS,
  • isolated architecture,
  • restricted system access.

9. User Rights (GDPR)

You have the following rights:

  • right of access (access data concerning you),
  • right of rectification,
  • right of erasure,
  • right to object,
  • right to restriction,
  • right to data portability (if applicable).

9.1 Account Deletion

If you have created an account, you can permanently delete your account and all associated data (favorites, outbound clicks) at any time:

  • From the iOS app: Profile → "Delete my account"
  • From the website: User menu → "Delete my account"
  • By email: contact@gatto.city

Deletion is immediate and irreversible. All your personal data will be erased from our servers. On iOS, tokens and local data (Keychain, UserDefaults) are also deleted.

9.2 Contact and Complaints

To exercise your rights: contact@gatto.city

You may also file a complaint with the CNIL.

10. Deep Links and Universal Links

The iOS app supports deep links for direct navigation to a place or map view:

  • Custom scheme: gatto://
  • Universal Links: https://www.gatto.city/...

No tracking data is included in these links.

11. iOS Privacy Manifest

In compliance with Apple's requirements, the iOS app includes a privacy manifest declaring:

  • Tracking: disabled — no advertising tracking.
  • Declared data: precise location (not linked to user, app functionality) and user identifier (linked to user, app functionality).
  • Declared system APIs: UserDefaults.
  • Tracking domains: none.

12. Modifications

This policy may be updated at any time to reflect:

  • service evolution,
  • legal requirements,
  • or the addition of new features.

The current version is always available on this page.

13. Legal Notice

For more information about the publisher and hosting, please consult our Legal Notice.

    Privacy Policy | Gatto