CityChat Privacy Policy
This policy explains what personal data the CityChat iOS app processes, why, and what rights you have. It is written to be read, not skimmed past — it is short because the app collects little.
Last updated: 10 June 2026 · wersja polska
1. Who is responsible (controller)
Paweł Rojek
E-mail: kontakt@citychat.pl
2. What we process, why, and on what legal basis
| Data | Why we process it | Legal basis (GDPR) |
|---|---|---|
| E-mail address | Creating and signing in to your account (magic link or Sign in with Apple) | Art. 6(1)(b) — performance of a contract |
| Account identifier | Linking your chats, subscription status, and settings to your account | Art. 6(1)(b) |
| Chat messages | Generating answers about the city you are exploring | Art. 6(1)(b) |
| Photos you take in visual search | Recognising the landmark or place in the photo and answering about it | Art. 6(1)(b) — processed only when you take a photo for that purpose |
| AI memory — durable preferences you reveal in chat (optional, off by default) | Personalising future answers: when you switch AI memory on, the app can remember facts you state in chat — dietary preferences, accessibility needs, who you travel with, lasting interests. Because such facts can reveal health information or religious beliefs, they are stored only with your explicit consent and you can view and delete every remembered fact in Settings → AI memory | Art. 6(1)(a) and Art. 9(2)(a) — explicit consent via the AI memory switch; withdraw any time by switching it off or deleting entries |
| Visual-search query log (what a scan identified) | Enforcing daily scan limits and improving recognition quality | Art. 6(1)(b); Art. 6(1)(f) for quality review |
| Usage statistics; aggregate analysis of questions and searches | Understanding which features are used and what people ask, to improve the app | Art. 6(1)(f) — our legitimate interest; you can object at any time (Art. 21) |
| Precise location | Showing and answering about places near you; optional arrival notifications | Art. 6(1)(a) — consent, given through the iOS location permission and withdrawable any time in Settings |
| Push notification token | Delivering notifications you have enabled | Art. 6(1)(a) — consent via the iOS notification permission |
| IP address and technical request logs | Keeping the service secure: abuse prevention, rate limiting, fault diagnosis | Art. 6(1)(f) — our legitimate interest in running a secure service |
| Subscription status | Unlocking PRO features you purchased | Art. 6(1)(b). Payment itself is handled entirely by Apple — we never see your payment details |
We do not show ads, do not sell or share data for advertising, do not track you across other apps or websites, and do not make automated decisions that produce legal effects about you.
3. Who receives your data (processors)
We use a small number of service providers, each bound by a data processing agreement:
- Google (Gemini API) — processes your chat messages and visual-search photos to generate answers. Under our paid API agreement Google acts as our processor and does not use this content to train or improve its models. Processing may involve transfers outside the EEA, safeguarded by the EU Standard Contractual Clauses and Google's participation in the EU–US Data Privacy Framework.
- Apple — Sign in with Apple, push notification delivery (APNs), and all subscription payments.
- Cloudflare — encrypted database backups, stored exclusively under Cloudflare R2's European Union jurisdiction.
The application servers and database are operated by us in Poland (EU).
4. How long we keep data
- Account data and chat history: until you delete them or delete your account.
- Database backups: rotated automatically; any backup is deleted no later than 30 days after it was made, so deleted data leaves backups within 30 days.
- Technical logs: short-lived and rotated automatically; not archived.
5. Your rights
Under the GDPR you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21), and the right to withdraw consent at any time (location and notifications can be switched off in iOS Settings; withdrawal does not affect processing that happened before it).
To exercise any of these, e-mail kontakt@citychat.pl. You also have the right to lodge a complaint with a supervisory authority (Art. 77) — in Poland this is the President of the Personal Data Protection Office (PUODO, uodo.gov.pl), or the authority in your own EU country.
6. Children
CityChat is not directed at children. We do not knowingly process personal data of children below 16; if you believe a child has created an account, contact us and we will delete it.
7. Changes
We will update this policy when the app's data processing changes and show the new version here with a new "last updated" date before it takes effect.