Privacy Policy
This Privacy Policy explains what information Wandor collects, why we collect it, how we use it, and what rights you have over your data. Wandor is operated by Memocom, based in the Netherlands, and this policy is written in accordance with the General Data Protection Regulation (GDPR).
1. Who We Are
Wandor is a daily outdoor photography app developed and operated by Memocom, Strevelsweg 700-509, the Netherlands.
Memocom is the data controller for personal data collected through the Wandor app and website. For questions about this policy or your personal data, contact us at servicedesk@memocom.nl.
2. What Data We Collect
Account data. When you create an account, we collect your email address, username, display name, and optionally a profile photo. If you sign in with Apple or Google, we receive basic profile information from those services.
Quest photos and captions. When you complete a daily quest, you may upload a photo and optional caption. These are stored on our servers.
Route and location data. If you choose to record your walking route during a quest, we store that route. Route recording and sharing are optional. We do not collect your location in the background.
Social data. We store information about accounts you follow and accounts that follow you.
Technical data. We receive standard server logs when you use the app, including IP address, device type, operating system version, and app version. This data is used for security, debugging, and keeping the service running.
3. Why We Collect It and Our Legal Basis
Under the GDPR, we need a legal basis for each type of processing:
- Performance of a contract — account data, quest photos, and social data are processed to provide the Wandor service you signed up for.
- Legitimate interests — technical data and server logs are processed to keep the app secure, prevent abuse, and fix bugs. Our interest in operating a reliable service is balanced against minimal data collection.
- Consent — route and location data are collected only when you actively choose to record a route. You can stop at any time.
4. How We Use Your Data
We use your data only to provide and improve Wandor. Specifically:
- to create and manage your account;
- to show you the daily quest and store your completed photo;
- to display routes and photos to friends you follow, if you choose to share them;
- to show your profile to other users;
- to send you notifications about friend activity, if you have notifications enabled;
- to detect and prevent abuse, fraud, and violations of our Terms of Service;
- to fix bugs and improve app performance.
We do not use your data for advertising. We do not sell your data. We do not build advertising profiles.
5. Your Photos
You own your photos. We store and display them only to operate the app. We do not claim ownership of your photos and do not use them to train AI models or for any commercial purpose beyond hosting the service.
Quest photos are visible to your followers by default. You can control sharing settings within the app.
6. Route and Location Data
Recording a route is always optional. If you record a route, it is stored and may be shown alongside your quest photo to your followers if you choose to share it.
We strongly recommend not sharing routes that reveal your home, workplace, school, or other sensitive locations. You can review and delete your routes through the app.
Wandor does not track your location when the app is running in the background.
7. Third-Party Services
Supabase. We use Supabase (Supabase Inc., USA) for our database, authentication, and photo storage. Your account data, photos, and routes are stored on Supabase infrastructure. Supabase acts as a data processor on our behalf. Data may be stored on servers in the United States; this transfer is covered by Standard Contractual Clauses.
Apple and Google. If you use Sign in with Apple or Sign in with Google, those providers share basic profile information with us. Their privacy policies govern how they handle your data on their end.
Google Play Services. On Android, location access uses Google Play Services. Google may process location data according to their own privacy policy.
OpenStreetMap. Map tiles in the app are provided by OpenStreetMap. No personal data is sent to OpenStreetMap.
We do not use advertising networks, third-party analytics SDKs, or data brokers.
8. International Data Transfers
Wandor is operated from the Netherlands. Our backend infrastructure runs on Supabase, which may store data in the United States. We rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection for data transferred outside the European Economic Area.
9. How Long We Keep Your Data
We keep your data for as long as your account is active. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we are required to retain it for legal, security, or operational reasons.
Server logs are retained for a limited period for security and abuse prevention purposes and then deleted.
10. Children's Privacy
Wandor is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has created an account, we will delete it.
Users aged 13 to 17 may use Wandor only with parental permission.
11. Your Rights Under the GDPR
If you are based in the European Economic Area, you have the following rights over your personal data:
- Access — you can request a copy of the data we hold about you.
- Rectification — you can ask us to correct inaccurate data.
- Erasure — you can ask us to delete your data. You can also delete your account directly through the app.
- Restriction — you can ask us to limit how we process your data in certain circumstances.
- Portability — you can ask for your data in a structured, machine-readable format.
- Objection — you can object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent (such as route recording), you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at servicedesk@memocom.nl.
You also have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens, at autoriteitpersoonsgegevens.nl.
12. Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse. All data is transmitted over encrypted connections (HTTPS). Access to backend systems is restricted.
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at servicedesk@memocom.nl.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If changes are significant, we will notify you through the app or by email before they take effect.
Your continued use of Wandor after an updated policy takes effect means you accept the updated policy.
14. Contact
For any questions, requests, or concerns about this Privacy Policy or your personal data:
Memocom
Strevelsweg 700-509
servicedesk@memocom.nl