Privacy Policy

1. Introduction

This Privacy Policy describes how Ayten ("we", "our", or "us") collects, uses, and protects information when you use the Dowser walking discovery app, the Dowser WearOS companion, and the related website at dowser.buildaffect.com (together, the "Service").

Dowser is operated from the District of Columbia, United States. By using the Service, you agree to the practices described in this policy.

2. Account and Authentication

You sign in with an email and password or with a Google account. Authentication is handled by Firebase, our identity provider. From your sign-in we receive:

• Your email address
• Your display name and profile photo, where you choose to provide them via Google
• A user identifier issued by our identity provider

The same identity is shared with the Ayten travel itinerary app so that your preferences carry across both products. We do not store your password; our identity provider handles credential management.

3. Location Data

Location is central to the Service, so we describe it in detail.

• When we collect it: precise GPS coordinates are read from your device only while a walking session is active or while you initiate a route request. We do not track your location in the background or after the app is closed.
• What is sent to our servers: your starting coordinates accompany each route request so we can find a destination near you. Live location updates during a walk are processed on-device for the directional arrow and arrival detection; they are not streamed to our servers.
• What is stored: session records (route start, route end, arrival outcome) are stored in our backend. Coordinates retained in long-term server logs are reduced to approximately 100 metres of precision so that an individual cannot be tracked from log data.
• What is not stored: we do not build a continuous movement profile, a precise GPS trace, or a history of every place you have stood.
• Your control: you can revoke location permission in your device settings at any time. The Service cannot generate routes without it.

4. Preferences and Settings

When you change a preference on phone or watch, the change is saved to your account. We store:

• Your selected theme
• Walk-distance preference and other discovery settings
• Locale preference (the city you are exploring)
• Display, units, and language preferences

5. Preference Profile and Cross-App Integration

Dowser keeps a preference profile for your account so it can pick destinations you are more likely to enjoy. The profile is shared with the Ayten travel itinerary app under the same account. When you give a thumbs-up or thumbs-down on a Dowser destination, that signal updates your profile for both apps. Preference signals are tied to your account identifier, not to advertising identifiers, and are never sold or rented to third parties.

6. Walking Sessions and Telemetry

To operate and improve the Service we record:

• Session metadata: start time, duration, walked distance, theme used, locale, arrival or abandonment outcome
• Destination feedback: thumbs-up and thumbs-down votes
• "Signal" votes you submit for cities or locales you would like added to the Service
• Application events used for diagnostics, abuse prevention, and aggregate analytics. Coordinates attached to these events are rounded to approximately 100 metres of precision before they leave your device.

Telemetry events are tied to your account identifier so we can measure the experience of a real user end-to-end. Aggregate analytics derived from these events do not identify individual users.

Where you have not opted out, the app sends crash reports to Firebase Crashlytics (by Google) so we can diagnose and fix bugs. Each crash report contains:

• The crash type, stack trace, and recent breadcrumbs (in-app navigation events leading up to the crash)
• Your device model, operating system version, and app version

Crashlytics is configured to scrub user identifiers — crash reports do not include your email address, account identifier, name, profile photo, GPS coordinates, route data, or any free-text content you have entered. Crash reports are used solely to identify and fix bugs.

7. Waitlist Sign-Ups

If you submit the waitlist form on our marketing website to be notified when Dowser launches in your region, we collect:

• Your email address (required)
• Your name (optional)
• The locale or region you are interested in (optional)

We use this information solely to notify you when Dowser becomes available in your region and to gauge demand across geographies. Waitlist entries are stored in our backend in the United States and are not shared with any third-party mailing service or other external party. The source IP address of each submission is hashed at the time of receipt (SHA-256, truncated) and only the resulting hash is stored — the raw IP address is not retained. The hash is used solely for spam and abuse signals (for example, detecting submission floods from the same address). Waitlist records do not auto-expire; we retain your entry until your sign-up is fulfilled (you receive launch notification and either convert to an account or unsubscribe) or until you request deletion via privacy@ayten.app.

8. WearOS Companion

The Dowser WearOS app is a free companion to the phone app and requires a paired Android phone running Dowser. The watch and phone exchange settings and the active route's directional arrow, distance, and arrival state locally between your paired devices. The watch does not authenticate independently with our servers; it relies on the phone for backend access.

9. Third-Party Data Processors

The Service relies on a small number of third-party providers. Each operates under its own privacy policy, linked below.

• Firebase Authentication (Google LLC) — sign-in and account credentials. Receives your email address, display name and profile photo where you provide them, and a user identifier. Privacy policy: policies.google.com/privacy.
• Firebase Crashlytics (Google LLC) — crash reporting. Receives the crash type, stack trace, breadcrumbs, device model, operating system version, and app version. Does not receive your account identifier, email address, name, GPS coordinates, or route data (see §6). Privacy policy: policies.google.com/privacy.
• Mapbox (Mapbox, Inc.) — walking-route geometry. Each route request sends a starting coordinate and a destination coordinate to the Mapbox Directions API so Mapbox can compute the walking path. Mapbox does not receive your account identifier, authentication tokens, name, or email. Privacy policy: mapbox.com/legal/privacy.
• Google Places API (Google LLC) — point-of-interest data used to choose destinations. Place data is fetched by our backend during an offline data-enrichment process; your device does not query Google Places directly during normal use, and we do not send your account identifier, authentication tokens, or any per-user query to Google Places. Privacy policy: policies.google.com/privacy.
• Amazon Web Services (Amazon Web Services, Inc.) — cloud hosting for servers, storage, and logs in the United States. Privacy policy: aws.amazon.com/privacy.

We do not sell or rent your data, and we do not share data with advertisers or data brokers.

10. Cookies and Website Fonts

The Dowser mobile app and the Dowser WearOS companion do not use cookies.

The marketing website at dowser.buildaffect.com loads typefaces from Google Fonts (Google LLC). When your browser fetches a Google Fonts stylesheet, Google receives the request and may log your IP address and user-agent string in accordance with the Google Privacy Policy. Google has stated that the Google Fonts API does not use cookies and does not log requests against an end-user identifier. We do not place advertising, analytics, or tracking cookies on the marketing site, and we do not embed third-party analytics scripts. Google Fonts privacy details: developers.google.com/fonts/faq/privacy.

You can block the Google Fonts request via your browser settings or a content-blocking extension; the site will still render in a system fallback font.

11. Data Retention

• Active accounts: account, settings, preference profile, and session data are retained while your account is active.
• Deleted accounts: personal data tied to your account is deleted within 30 days of a verified deletion request.
• Server logs: retained for up to 90 days for debugging and abuse prevention. Coordinates in retained logs are reduced to approximately 100 metres of precision.
• Aggregate analytics: derivative aggregate datasets that no longer identify a user may be retained indefinitely.

12. Your Rights

Subject to applicable law, you may:

• Access: request a copy of the personal data we hold about you
• Correct: ask us to update inaccurate information
• Delete: request deletion of your account and associated personal data
• Export: request a machine-readable copy of your settings, preference profile, and exploration history
• Opt out of optional analytics where the Service exposes that control

To exercise any of these rights, email privacy@ayten.app from the address associated with your account. We will respond within a reasonable period and in any case within the time required by applicable law.

13. Children

The Service is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

14. Security

We use HTTPS/TLS for data in transit, signed authentication tokens to verify you, and role-based access controls on our backend. No system is perfectly secure, but we take reasonable measures to protect your information.

15. International Data Transfers

The Service is operated from the District of Columbia and processes data in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in-app and reflected on this page with a new "Last updated" date. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

17. Jurisdiction and Contact

Ayten is based in the District of Columbia, United States. Privacy questions, data subject requests, and account deletion requests should be sent to:

Email: privacy@ayten.app