Privacy Policy
Last Updated: April 11, 2026
Note: This privacy policy has been drafted to comprehensively reflect how the WalkTalk application collects and processes data. We recommend consulting with a qualified attorney for jurisdiction-specific compliance review before relying on this document for legal purposes.
WalkTalk ("we," "our," or "us") is operated by an individual developer based in the European Union. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and safeguard your information when you use the WalkTalk mobile application ("App"), available at the App Store.
By downloading, accessing, or using WalkTalk, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the App.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Full name and display nickname
- Email address
- Authentication credentials (managed via Firebase Authentication and/or Google Sign-In)
- Unique device identifiers and device name
- Session tokens for single-device login enforcement
1.2 Profile Information
You may optionally provide:
- Biography/description
- Profile picture (including animated GIF images)
- City or location (manually set or GPS-derived)
- Favorite activity types
- Notification preferences and sound settings
- Chat deletion preferences
1.3 Activity and Social Data
- Activities you create or join, including titles, descriptions, meeting points, schedules, checkpoints, and route information
- Chat messages, including text, images, and system messages
- Join requests, invitations, and participant interactions
- Walk buddy connections
- Blocking and reporting actions
- Challenge participation (weekly, monthly, friend, streak, and community challenges)
1.4 Automatically Collected Data
Location Data
- Foreground location: Used to show nearby activities, calculate distances, and display your position on maps during active sessions
- Background location: During active walking sessions, your real-time GPS coordinates, heading, and speed are shared with activity participants at regular intervals (15 seconds active, 10 seconds during navigation, 60 seconds when stationary)
- Geohash: An approximate location identifier (geohash precision 4, ~39km cells) derived from your GPS for nearby activity discovery and local leaderboards
- Walking path: Your GPS trace is recorded during active sessions and stored in the Firebase Realtime Database, with periodic route uploads (~90 seconds)
Health and Fitness Data
- Pedometer data (CMPedometer): Step count and step-based distance when GPS is unavailable (indoor, tunnels, dead zones). This data is processed on-device and not uploaded to our servers as raw health data
- Walking speed: Calculated from GPS samples for ETA estimates during navigation
- Distance walked: Accumulated per-activity and stored in activity records (
participantDistances)
Camera and AR Data
- Camera access: Used for profile photo capture and AR walking navigation
- AR session data: When using AR navigation, ARKit processes camera frames, device orientation, and detected horizontal surfaces on-device. No camera imagery is transmitted to our servers
Contacts
- Safety contacts: With your permission, we access your contacts to let you designate people who can track your location during walking activities. Contact data is not uploaded to our servers or shared with other users
Device and Technical Data
- Device type, model, and operating system version
- Firebase Cloud Messaging (FCM) tokens for push notifications
- App version and build number
- Session activity and usage patterns
- Crash logs and diagnostic data (via Firebase Crashlytics)
1.5 Payment Information
- Apple In-App Purchases (StoreKit 2): Subscription tier, purchase date, expiry date, renewal status, and transaction identifiers. Apple processes all payment card information; we never receive or store your payment card details
- Subscription data stored: Subscription tier (Basic/Premium), expiry date, grace period and billing retry status, and lifetime purchase flag
Auto-Renewable Subscription Terms
- Payment will be charged to your Apple ID account at the confirmation of purchase
- Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current billing period
- Your account will be charged for renewal within 24 hours prior to the end of the current period at the then-current subscription price
- You can manage and cancel your subscriptions by going to your device Settings → Apple ID → Subscriptions
- Any unused portion of a free trial period, if offered, will be forfeited when you purchase a subscription
- Subscription prices may vary by region and are determined by Apple's price tier system
2. How We Use Your Information
2.1 Providing and Operating the Service
- Creating and managing your account
- Connecting you with other users for walking activities
- Displaying your real-time location to activity participants during active sessions
- Providing turn-by-turn walking navigation and checkpoint tracking
- Facilitating in-app messaging between activity participants
- Processing subscription payments and managing entitlements
- Sending push notifications about activity updates, join requests, messages, and system events
- Enforcing tier-based limits (activity creation, cancellations, join requests, chat features)
- Maintaining single-device session security
2.2 Gamification and Social Features
- Tracking walking streaks, XP, and badge progress
- Populating leaderboards (friends, local, and global)
- Processing weekly, monthly, friend, streak, and community challenges
- Generating AI-powered activity summaries and achievement descriptions
2.3 Safety and Content Moderation
- Automated text content filtering using keyword detection and the OpenAI Moderation API (toxicity, harassment, hate speech, and harmful content detection)
- Automated image moderation using Google Cloud Vision SafeSearch
- Enforcing user blocks and activity bans
- Verifying user attendance at activities
2.4 Improving the Service
- Analyzing usage patterns to improve features and user experience
- Debugging issues and improving app performance
- Developing new features based on aggregated usage data
2.5 Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data on the following legal bases:
| Purpose |
Legal Basis |
| Account creation, messaging, activities |
Performance of contract (Article 6(1)(b) GDPR) |
| Processing payments |
Performance of contract (Article 6(1)(b) GDPR) |
| Location sharing during activities |
Consent (Article 6(1)(a) GDPR), withdrawable via iOS Settings |
| Health/fitness data (pedometer) |
Explicit consent (Article 9(2)(a) GDPR) |
| Camera/AR access |
Consent (Article 6(1)(a) GDPR) |
| Push notifications |
Consent (Article 6(1)(a) GDPR) |
| Content moderation and safety |
Legitimate interest (Article 6(1)(f) GDPR) — user safety |
| Analytics and service improvement |
Legitimate interest (Article 6(1)(f) GDPR) — improving service quality |
| Compliance with legal obligations |
Legal obligation (Article 6(1)(c) GDPR) |
3. AI and Automated Processing
3.1 AI-Powered Bot Users
Important Disclosure: WalkTalk includes AI-powered bot users ("Ghost Host" bots and "Agent" bots) that may create activities and interact with you in chat. These bots are designed to enrich the community experience. Bot interactions are powered by Google Gemini AI. Bot users have profile information and participate in activities similarly to human users.
3.2 AI-Generated Content
- Suggested replies: On iOS 26+, Apple Foundation Models may generate suggested reply options on-device. These are never stored on our servers. On earlier iOS versions, a server-side Cloud Function using Google Gemini may generate suggested replies based on conversation context
- Smart Compose (Premium): On iOS 26+, on-device AI provides ghost text predictions while you type. This processing occurs entirely on your device
- Activity summaries and achievements: After activity completion, Google Gemini AI may generate brief summaries and achievement descriptions based on activity data
3.3 Automated Content Moderation
We use automated systems to review content for safety:
- Text moderation: Messages and activity descriptions are checked against keyword filters and the OpenAI Moderation API for toxicity, harassment, and harmful content. Only text content is sent — no user identifiers are included. Content flagged as harmful may be blocked or reviewed
- Image moderation: Uploaded images are analyzed by Google Cloud Vision SafeSearch. Images flagged for adult, violent, or otherwise harmful content may be hidden or removed
- Automated decisions: Content moderation decisions are made automatically. If you believe your content was incorrectly moderated, you may contact us at technical_support@walktalk.me
3.4 Natural Language Analysis
On iOS 17+, the App uses Apple's on-device Natural Language framework (NLLanguageRecognizer, NLTagger) to detect message language, classify intent (question, greeting, etc.), and assess sentiment. This analysis occurs entirely on-device and is not transmitted to any server.
3.5 On-Device AI Processing
Certain AI features on iOS 26+ use Apple Foundation Models that run entirely on your device. Data processed by these models (suggested replies, smart compose, language analysis) never leaves your device unless you choose to send a suggested reply as a message.
4. Location Data
How We Use Location
- Nearby activity discovery: Your approximate location is used to show activities near you. We store a geohash (precision 4, ~39km resolution) for activity filtering and local leaderboards
- Activity participation: During active walking sessions, your precise GPS coordinates, heading, and speed are shared in real-time with other activity participants via the Firebase Realtime Database
- Walking path recording: Your GPS trace during activities is periodically written to the Realtime Database (~every 90 seconds) and may be stored as route coordinates in the activity record
- Navigation: We calculate walking directions to meeting points and checkpoints using the Mapbox Directions API. Your coordinates are sent to Mapbox for route calculation
- Map matching: GPS traces may be snapped to roads/paths using the Mapbox Map Matching API for more accurate distance tracking
- Elevation data: Your route coordinates may be sent to the Mapbox Terrain API to retrieve elevation profiles
- Arrival detection: GPS is used to detect when you arrive at meeting points (80m radius) and checkpoints (80m arrival / 110m departure hysteresis)
- AR navigation: Your precise location and heading are used by the AR overlay to position navigation elements and nearby points of interest
Important: Your real-time location is only visible to participants of activities you have actively joined. It is not shared with all WalkTalk users. When you leave an activity or the activity ends, real-time location sharing stops.
Location Data Storage and Retention
- Real-time GPS: Stored in the Firebase Realtime Database at
activityLocations/{activityId}/participants/{userId} during active sessions. This data is overwritten with each update and is not permanently archived
- Arrival status: Written to the Realtime Database and retained for the duration of the activity
- Checkpoint progress: Stored in the Realtime Database during the activity and merged to Firestore upon activity completion
- User presence: Your active chat room ID is stored in the Realtime Database at
presence/{userId} and automatically removed on disconnect (via onDisconnectRemoveValue)
- Route coordinates: May be stored as part of the activity record in Firestore for historical reference
- Geohash: A low-resolution location hash is stored on your user profile for activity discovery and local leaderboards
Privacy Controls
- You can disable location services for WalkTalk in iOS Settings at any time. This will prevent activity participation features that require location
- You can set your city manually in your profile instead of using GPS-derived location
- Online status visibility can be toggled off in settings (bi-directional: both users must have it enabled)
5. Information Sharing
5.1 With Other WalkTalk Users
- Your profile information (name, bio, profile picture, city) is visible to other users
- Your real-time location, heading, and speed are visible to participants of activities you have joined
- Your activity history, streak count, badges, XP level, and leaderboard position are visible on your profile
- Your chat messages are visible to the chat room participants
- Your typing indicators are visible to chat participants in real-time
- Your online status is visible to users with whom you share a chat, if both users have online status enabled
5.2 Service Providers
We share data with the following third-party service providers who process data on our behalf:
| Provider |
Purpose |
Data Shared |
| Firebase / Google Cloud |
Authentication, database, storage, cloud functions, push notifications, crashlytics |
Account data, messages, activity data, FCM tokens, location data, crash logs |
| Mapbox |
Maps, directions, map matching, geocoding, search, AR POI discovery |
GPS coordinates, route waypoints, search queries |
| Google AI (Gemini) |
Bot conversations, suggested replies, activity summaries |
Message context, activity data, user communication patterns |
| OpenAI (Moderation API) |
Text content moderation (toxicity, harassment, hate speech detection) |
Message text, activity descriptions, profile bios (text content only — no user identifiers sent to OpenAI) |
| Google Cloud Vision |
Image content moderation (SafeSearch) |
Uploaded chat images |
| Google Places API |
Checkpoint route generation (points of interest) |
Location coordinates, search radius, POI categories |
| Apple (WeatherKit) |
Weather data for activity creation and home display |
GPS coordinates |
| OpenWeatherMap |
Weather context for chat features |
GPS coordinates (rounded to 2 decimal places) |
| Apple (StoreKit 2) |
In-app purchases and subscription management |
Transaction data, Apple ID account token |
| Wikipedia API |
AR POI descriptions and thumbnails |
GPS coordinates, page IDs |
5.3 Legal Requirements
We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to:
- Comply with a legal obligation or valid legal process
- Protect and defend the rights, property, or safety of WalkTalk, our users, or others
- Prevent fraud or other illegal activity
- Enforce our Terms of Service
5.4 Business Transfers
If WalkTalk is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify you via the App or email before your data is transferred and becomes subject to a different privacy policy.
6. Data Retention and Deletion
6.1 General Retention
- Account data: Retained until you delete your account
- Activity records: Retained for your activity history (viewable in your profile)
- Gamification data: Badges, streaks, XP, challenges, and leaderboard entries are retained until account deletion
- Subscription data: Retained for the duration of your account, including historical purchase records for support purposes
6.2 Chat Message Auto-Deletion
Chat messages are subject to automatic deletion based on the activity host's chat deletion preference:
- Basic tier: Chat messages are automatically deleted 1 hour after the activity ends (server-enforced)
- Premium tier: The host may choose from 1 hour, 24 hours, 7 days, 30 days, or never
When a chat room's scheduled deletion time is reached, all messages in that chat room are permanently deleted.
6.3 Location Data Retention
- Real-time GPS data: Overwritten with each location update during an active session; not permanently archived as time-series data
- Route coordinates: Stored as part of the activity record if route planning was used
- Presence data: Automatically removed on disconnect via Firebase Realtime Database
onDisconnect handlers
6.4 Account Deletion
You may delete your account at any time through the App's Settings. Upon account deletion:
- Your profile information (name, bio, profile picture) is removed
- Your account is deactivated and you will no longer be able to log in
- Activity records where you were a participant may retain anonymized participation data
- Messages you sent may persist in other users' chat rooms until those rooms are deleted per the auto-deletion schedule
6.5 Data Export
You may request an export of your personal data through the App's Privacy Settings. The data export includes your profile, activities, chat rooms, invitations, challenges, buddies, badges, notifications, and leaderboard entries. Exports are rate-limited to one request per 48 hours. The export is provided as a downloadable JSON file with a 1-hour download link expiry. An audit trail of your export requests is maintained.
6.6 Selective Data Deletion
You may request deletion of specific personal data (bio, profile picture, activity history) through the App's Privacy Settings without deleting your entire account.
7. Your Rights
7.1 Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:
- Right of access (Article 15): Request a copy of your personal data. You can do this via the in-app data export feature or by contacting us
- Right to rectification (Article 16): Correct inaccurate personal data via your profile settings or by contacting us
- Right to erasure (Article 17): Request deletion of your personal data. You can delete your account in Settings or use the selective data deletion feature
- Right to restrict processing (Article 18): Request that we limit the processing of your data in certain circumstances
- Right to data portability (Article 20): Receive your data in a structured, commonly used, machine-readable format (JSON) via the in-app data export
- Right to object (Article 21): Object to processing based on legitimate interests. Contact us to exercise this right
- Right not to be subject to automated decision-making (Article 22): Our automated content moderation may affect your ability to post content. You may contact us to request human review of any automated moderation decision
- Right to withdraw consent: Where processing is based on consent (e.g., location, camera, notifications), you may withdraw consent at any time via iOS Settings or in-app settings without affecting the lawfulness of prior processing
To exercise these rights, contact us at technical_support@walktalk.me. We will respond within 30 days as required by GDPR.
You also have the right to lodge a complaint with your local data protection supervisory authority.
7.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to delete: Request deletion of your personal information
- Right to opt-out of sale: We do not sell your personal information to third parties
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
To exercise these rights, contact us at technical_support@walktalk.me.
7.3 In-App Privacy Controls
- Location: iOS Settings > WalkTalk > Location
- Camera: iOS Settings > WalkTalk > Camera
- Contacts: iOS Settings > WalkTalk > Contacts
- Motion & Fitness: iOS Settings > WalkTalk > Motion & Fitness
- Notifications: iOS Settings > WalkTalk > Notifications, or in-app notification settings
- Online status: In-app profile settings
- Data export: In-app Privacy Settings
- Data deletion: In-app Privacy Settings or account deletion in Settings
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Firebase Authentication with secure credential management
- Firestore and Realtime Database security rules restricting data access to authorized users
- HTTPS/TLS encryption for all data in transit
- Server-side Cloud Functions for sensitive operations (subscription validation, content moderation, data export)
- Single-device session enforcement to prevent unauthorized access
- FCM token cleanup on logout to prevent cross-account notification leakage
- Keychain storage for session tokens on-device
- Rate limiting on Cloud Functions to prevent abuse
- Content hashing (SHA-256) for moderation cache lookups
Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for keeping your account credentials confidential and for the security of the device you use to access WalkTalk.
9. International Data Transfers
WalkTalk is operated from the European Union. Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (Google/Firebase, Mapbox, OpenWeatherMap) maintain servers.
For transfers from the EEA/UK to countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The service providers' own GDPR compliance mechanisms (e.g., Google's Data Processing Addendum)
By using WalkTalk, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own.
10. Children's Privacy
Age Requirement: WalkTalk is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are under 18, you may not use the App.
If we learn that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a person under 18, please contact us immediately at technical_support@walktalk.me.
11. Third-Party Services and Links
WalkTalk integrates with the following third-party services. Each has its own privacy policy governing how they handle your data:
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.
12. Cookies and Tracking Technologies
WalkTalk is a native iOS application and does not use browser cookies. However:
- Firebase Analytics: May collect anonymized usage data and device identifiers for crash reporting and performance monitoring
- UserDefaults: We store preferences, cached data, and local state on your device using iOS UserDefaults. This data does not leave your device
- Keychain: Session tokens are stored securely in the iOS Keychain
We do not use third-party advertising trackers or sell your data to advertisers.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last Updated" date at the top of this page
- We will notify you via an in-app notification or push notification for significant changes
- For material changes affecting your rights or how we use sensitive data, we will seek your renewed consent where required by law
Your continued use of WalkTalk after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
14. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
For GDPR-related inquiries, you may also contact us at the email address above. We will respond to data subject access requests within 30 days.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
© 2026 WalkTalk. All rights reserved.