Privacy Policy
Last updated: April 27, 2026
Worldo ("we", "our", or "the App") is a journey tracking and city discovery application. This Privacy Policy explains how we collect, use, share, and protect your information, and the choices you have. By using Worldo, you agree to the practices described below.
1. Information We Collect
Information you provide
- Account information: Email address, display name, profile photo, and authentication credentials when you create an account or sign in with Apple, Google, or email.
- Journey content: Routes, GPS coordinates, timestamps, photos, captions, and notes you capture during journeys, including content you attach to memory blogs and postcards.
- Avatar customization: Your pixel-art traveler appearance, equipment, and accessory selections.
- Social activity: Friend connections, postcards you send or receive, comments, likes, and reports/blocks you submit.
- Purchase records: Receipts and transaction identifiers from Apple when you purchase a subscription or coins. We do not receive or store your payment card details.
Information collected automatically
- Precise location (GPS): Coordinates and movement data, collected during active journeys (Sport / Daily mode) and during background tracking when you have explicitly enabled the corresponding iOS permission ("Always Allow").
- Motion and fitness data: Step counts, walking/running/cycling/driving/transit detection from Core Motion, used to improve journey recording accuracy and to power Lifelog.
- HealthKit data: Daily step counts read from HealthKit (only if you grant permission). Workout sessions written to HealthKit to maintain stable background tracking.
- Push notification token: When you grant notification permission, your device generates a token used to deliver friend updates, postcard arrivals, and tracking-related alerts.
- Camera and photo library: When you choose to add a photo to a journey, the App accesses the camera or photo library you select. We do not access photos you do not pick.
- Device and diagnostic information: App version, OS version, device model, App Store region, device locale, anonymized crash reports, and basic event logs used to diagnose issues and improve stability.
2. How We Use Your Information
- Record, display, and replay your journeys and city visits
- Show daily steps, movement history, and mood entries in Lifelog
- Enable social features (friend connections, postcards, friend city cards) where available
- Sync your data across your Apple devices via iCloud (Apple CloudKit)
- Improve journey tracking accuracy using motion and activity data
- Determine feature availability based on your App Store region
- Process subscriptions and in-app purchases through Apple
- Detect and respond to abuse, fraud, and violations of our Terms of Service
- Communicate with you about service updates, security alerts, and customer support
3. Third-Party Services and SDKs
We integrate the following third-party services to operate Worldo. Each service has its own privacy policy governing the data it processes.
- Apple CloudKit: Stores your synced journey data, photos, and Lifelog entries in your private iCloud container. Apple cannot read this data.
- Apple HealthKit: Reads step and motion data with your permission. Health data is never sent to our servers.
- Apple Maps / Apple CLGeocoder: Used to convert GPS coordinates into city and country names, and optionally to snap routes to roads.
- Firebase Authentication (Google): Handles secure email/password and federated sign-in (Google, Apple). Receives your email and authentication tokens.
- Firebase / Google Analytics for Firebase: Bundled with the Firebase SDK. May collect anonymized device identifiers, app open events, and crash diagnostics for the purpose of stability and reliability.
- Google Sign-In SDK: Used when you sign in with a Google account.
- Google Ads On-Device Conversion SDK: Performs on-device attribution to measure the effectiveness of advertising. This SDK does not transmit personally identifiable information off the device.
- Mapbox SDK: Renders premium map styles. Mapbox may collect anonymized telemetry (style usage, performance metrics) governed by Mapbox's Privacy Policy.
- Cloudflare R2: Stores journey photos and avatar assets uploaded to our backend.
- Apple App Store / In-App Purchase: Processes all subscription and coin transactions. We do not receive payment card details.
We do not sell, rent, or share your personal information with advertisers or data brokers.
4. Data Storage and Security
Your journey data is stored locally on your device by default and optionally synced via iCloud (Apple CloudKit). Account information, social interactions, postcards, and uploaded photos are stored on our backend servers, which are currently hosted in Tokyo, Japan. All data transmission uses HTTPS / TLS encryption, and account access is protected by JWT-based authentication. Photos uploaded to our backend are stored on Cloudflare R2 with restricted-access keys.
5. Data Sharing
We do not sell your personal information. Your data may be shared only in these limited cases:
- With friends you connect with: Your display name, avatar, city cards, and postcards are visible to friends you have explicitly added or accepted.
- With map and geocoding services: Your coordinates are sent to Apple's geocoding service to resolve city and country names, and optionally to Apple Maps for route snapping.
- With service providers: Firebase, Mapbox, and Cloudflare process data on our behalf as described above. Their access is limited to operating the App's functionality.
- For legal reasons: We may disclose information if required by applicable law, valid legal process, or to protect the rights, safety, or property of Worldo, our users, or others.
- In a business transfer: If Worldo is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before this happens and ensure equivalent privacy commitments apply.
6. Data Retention
- Account data: Retained for as long as your account is active.
- Journey and Lifelog data: Retained until you delete it from the App or delete your account.
- Account deletion: When you delete your account from within the App or by contacting us, your personal data is removed from our active systems within 30 days. Backups containing your data are purged within 90 days.
- Legal retention: We may retain certain transactional records (e.g., purchase receipts) for the period required by tax, fraud-prevention, or other legal obligations.
- Aggregated and anonymized data: Data that no longer identifies you may be retained indefinitely.
7. Your Rights and Choices
- You can disable location tracking at any time through iOS Settings.
- You can revoke camera, photos, motion, and HealthKit permissions through iOS Settings without losing core functionality.
- You can manage push notifications in iOS Settings.
- You can review and delete individual journeys, photos, and Lifelog entries within the App.
- You can block other users at any time. Blocked users cannot interact with you.
- You can request a copy of your data, request correction of inaccurate data, or request deletion by contacting us at the email below.
For users in the European Economic Area, United Kingdom, and Switzerland (GDPR)
You have the right to access, rectify, port, and erase your personal data; to restrict or object to processing; and to lodge a complaint with your local data protection authority. The legal bases on which we rely are: performance of contract (to provide the App's features), legitimate interests (to operate, secure, and improve the service), consent (for optional permissions like location and HealthKit), and compliance with legal obligations.
For users in California (CCPA / CPRA)
You have the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, the right to opt out of sale or sharing for cross-context behavioral advertising (we do not sell or share for this purpose), and the right not to be discriminated against for exercising these rights.
8. HealthKit Data Disclosure
Health data accessed through HealthKit is used solely within the App to display your daily steps and activity in Lifelog and to maintain accurate background journey tracking via workout sessions.
Health data accessed through HealthKit is never used for advertising, marketing, data-mining, or any purpose other than the features described in this Privacy Policy. Health data is never sold or shared with third parties. Health data is never transmitted to our servers.
9. Account Deletion
You can delete your account at any time:
- From within the App: Settings → Account → Delete Account.
- By contacting us at the email below.
Account deletion permanently removes your account credentials, profile, social connections, postcards, photos uploaded to our servers, and other personal data within 30 days, with backup purges completed within 90 days. Locally stored data on your device will be removed when you uninstall the App.
10. International Users
Worldo is operated from Asia, and our backend is currently hosted in Tokyo, Japan. If you access the App from outside Japan, your information will be transferred to and processed in Japan. By using Worldo, you consent to this transfer.
11. Children's Privacy
Worldo is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by updating the "Last updated" date above. Your continued use of Worldo after changes become effective constitutes acceptance of the revised policy.