Privacy

Last updated: July 4, 2026 · This is a plain-English summary; please consult counsel before relying on it for compliance purposes.

What we collect

Location pings published by your phone: latitude, longitude, timestamp, accuracy, battery level, and velocity. If you create an account, your email address. If you enroll in a supervision program (agency mode), we also collect a Face ID pass/fail result and — for a risk-based subset of check-ins — a face-verification photo and liveness signal each time a check-in is requested, plus a SHA-256 hash chain that ties each check-in to your existing location log. We do not collect contacts, photos other than optional photo notes and check-in selfies, microphone audio, or browser activity.

How we use it

Your pings power the maps, stops, and aggregations you see in your account. We use OpenStreetMap's Nominatim service to look up human-readable place names for the stops you cross the 30-minute threshold on. We don't pass identifying information to Nominatim.

Check-in photos are matched on-device against a reference selfie you take during onboarding (using Apple's Vision framework for face similarity and liveness detection). The match score, timestamp, GPS coordinates, and a SHA-256 hash of the result are uploaded to your account. The photo itself is stored only on our backend and is accessible only to you and any supervisor you've granted access to. We do not maintain a face-recognition database, do not sell or share photos, and do not train AI models on user data.

Who we share it with

Nobody by default. We don't sell or rent your data. We do not run advertising. We don't share data with brokers, aggregators, or marketing platforms.

If you generate a share link (e.g. to send to an attorney or family member), only people you give that link to can view the day you shared, and coordinates are snapped to the radius you select.

If you are enrolled in supervision (probation, parole, custody monitoring, employer verification, etc.), the officer or party you authorized in your supervision agreement can see your location history, check-in records, and case notes the officer adds. That party is the agency that issued your agency code and with whom you signed a supervision agreement.

Where it's stored

US-east region of Supabase (Postgres). Encrypted at rest. Connections to our API are TLS-only. RLS is enabled on every table; access is gated through SECURITY DEFINER functions that validate a per-device token or per-officer login token.

How long we keep it

Pings: retained until you delete them or delete your account. Share links: until their expiration timestamp. Signed evidence reports carry cryptographic integrity proofs for as long as you choose to keep them.

Supervision program: your supervision records (check-ins and the location history your agency monitors) are retained until supervision ends or a court order releases them, as required by your supervision agreement. Account deletion is still available to you — see "Your rights" below.

Your rights — including the right to delete

You can export everything we have on you as JSON or a signed PDF at any time, from the Settings screen in the app or via /api/export on the web.

You can request account deletion at any time, from the Settings screen in the app. For a personal account, we permanently delete your account and all of your personal data — your location history (pings and stops), maps, geofences, share links, and your enrolled reference photos — within 30 days (often within 24 hours).

If you are enrolled in a supervision program (probation, parole, pretrial, or a similar court- or agency-ordered program), your supervision records — your check-ins and the location history your supervising agency monitors — are retained until your supervision ends (or a court order releases them), because they are records of a court- or agency-ordered supervision program and we are required to retain them under the supervision agreement you signed. We disclose this here so you understand it before enrolling. Account deletion is still available to you, and your account-level personal information that is not part of that supervision is deleted within 30 days; the retained supervision records are deleted automatically once supervision concludes.

EU users have additional rights under GDPR; CA users under CCPA. GDPR Art. 17(3)(b) and CCPA §1798.105(d)(8) preserve the right to retain data for compliance with legal obligations — the basis for retaining supervision records for the duration of a supervision program.

Children

Wovenmap is not directed to children under 13 and we don't knowingly collect their data.

Changes

We'll notify you of material changes to this policy via email and update the "last updated" date above.