Privacy Policy — iOS App

Scope

This policy applies solely to the OwnHomeMap iOS application (iPhone, iPad, Mac App Store). The website ownhomemap.com is covered by a separate policy with different subprocessors (Stripe, hosting, Resend for emails).

View the website privacy policy →

Data Controller

Orion Sportech, publisher of the OwnHomeMap application. For any questions about your data or to exercise your rights, contact us at direction@orion-sportech.com.

Data processed by the app

The app processes the following items, the majority of which are stored locally on your device:

• In-app purchases (StoreKit): transaction identifiers, product identifier, and signed cryptographic receipt (JWS). This information is handled by Apple (App Store); we never receive your payment-card details. Receipt signatures are validated offline by the app itself.
• Purchased credits and transaction history: stored locally (SwiftData). When iCloud Drive is enabled, an HMAC-signed journal is mirrored to iCloud Key-Value Store so that your credits can be restored after reinstall. The HMAC key is protected by the iOS Keychain and never leaves your device.
• Map configurations you create (city, theme, typography, custom points of interest): stored locally only; never sent to any third-party server.
• City searches: the string you type is sent to MapKit (Apple) for autocompletion, then to the Overpass API (OpenStreetMap) to fetch the geographic data of the selected city. No user identifier is attached to these requests.
• Cached OpenStreetMap data: roads, water features, and parks fetched from Overpass and stored locally to speed up subsequent renders. This data is public and contains no personal information.
• Saving generated maps to the iOS photo library: only when you explicitly request it, in add-only mode. The app never reads your existing photos.

What the app does not collect

To clarify the iOS app's privacy posture, here is what we never collect:

• No accounts, usernames, emails, or passwords: the app runs without any authentication step.
• No advertising identifier (IDFA) and no App Tracking Transparency prompt: zero ads, zero cross-app tracking.
• No location data: the app never accesses GPS or location sensors on your device.
• No third-party analytics SDKs: no Firebase, no Sentry, no Mixpanel, no Crashlytics, no telemetry.
• No payment-card data and no billing address: all payments are processed exclusively by Apple via in-app purchases.
• No reading of your photo library: the permission requested is strictly add-only (NSPhotoLibraryAddUsageDescription).

Third-party processors

The app relies on two categories of external services only:

• Apple Inc. — provides the App Store, in-app purchases, iCloud Key-Value Store, MapKit (place search), and the iOS Keychain. Apple's processing is governed by Apple's privacy policy. Apple servers are located, among other places, in the United States, under standard contractual clauses for international transfers.
• OpenStreetMap Foundation and Overpass mirrors (overpass-api.de, kumi.systems, private.coffee) — provide public map data (roads, parks, water features). Requests carry only the geographic coordinates of the searched city, with no user identifier.

International transfers

Because Apple processes some data in the United States, these transfers are governed by the European Commission's Standard Contractual Clauses and the EU-US Data Privacy Framework. You can review Apple's policy at apple.com/legal/privacy.

Retention

Map configurations and the OpenStreetMap cache stay on your device until you delete the app or remove the items yourself. The iCloud credit journal stays in your personal iCloud space until you choose to delete it. No server that we operate stores your data.

Your rights (GDPR)

Under the GDPR you have rights of access, rectification, erasure, restriction, portability, and objection.

Full erasure is immediate: simply uninstall the app to wipe all local data (configurations, cache, local wallet). For the iCloud journal, go to iOS Settings → Apple ID → iCloud → Manage Storage → OwnHomeMap. No action on our side is required because no personal data is stored on our servers.

For any formal rights request or to report an incident, contact direction@orion-sportech.com. You also have the right to lodge a complaint with the CNIL (or your local data protection authority).

Protection of minors

The app is not specifically directed to children under 13 (COPPA) or under 16 (GDPR). No part of the app deliberately targets that age range. If you are a parent or guardian and believe a minor made an unauthorized purchase, contact Apple Support to request a refund.

Security

The app implements several protective measures: iOS sandbox and macOS App Sandbox, offline receipt validation (ECDSA P-256), HMAC-SHA-256 signing of the credit journal with a Keychain-protected key, and an anti-capture mechanism that obfuscates purchased content during screen recording or screenshots to protect acquired works.

Apple App Privacy (Nutrition Label)

The App Privacy card published on the App Store discloses only the following categories: Purchases (transaction history, linked to your Apple ID), User Content (map configurations, not linked to identity), Search History (strings typed to search a city, not linked). No other category is checked.

Changes to this policy

Any material change will be reflected in the last-updated date above and, where appropriate, surfaced in an app update with explicit release notes.

Contact

Orion Sportech — direction@orion-sportech.com. For App Store or in-app purchase refund questions, the official channel is Apple Support (reportaproblem.apple.com).