Privacy Policy

Effective date: 2 March 2026

Skimapp is operated by Skigroup Technology Ltd, a company registered in England and Wales (the “Company”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Skimapp mobile application and website (together, the “Service”).

By using the Service you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Data We Collect

1.1 Account Information

Email address — used for authentication and account recovery.
Display name — chosen by you, shown to group members on the map.

1.2 Location Data

Skimapp collects precise GPS location (latitude, longitude, and accuracy) to enable real-time location sharing with your ski group. Location collection operates in two modes:

Mode	Interval	Trigger
Foreground	Every 60 seconds	App is open and location sharing is enabled
Background	Every 5 minutes or 100 metres	Automatically started when you have active groups; location is only stored and shared when inside a ski resort

Background location tracking starts automatically when you are a member of at least one group. However, your location is only stored and shared with group members when you are inside a known ski resort area. Outside resort boundaries, location checks occur on-device only and no data is transmitted or stored. You can disable location sharing at any time from the Profile screen, which immediately stops all location collection.

1.3 Group and Social Data

Group membership — which groups you have joined or created.
Rally point coordinates — meeting points you create and share with your groups.

1.4 Device and Technical Data

Push notification token — used to deliver push notifications about group activity.
Home resort preference — your selected home resort, used to personalise the map view.
Location sharing preference — whether you have enabled or disabled location sharing.

1.5 Analytics and Crash Data

App usage events — anonymous interaction events (e.g. screens visited, features used) collected via Firebase Analytics and stored in our analytics events collection. These help us understand how the app is used and improve it.
Crash reports — if the app crashes, Firebase Crashlytics automatically collects device model, operating system version, and a stack trace. This data does not include personal identifiers and is used solely for bug fixing.
Broadcast read receipts — when you read an admin announcement, we record that you have read it so we do not show it again.

2. How We Use Your Data

Real-time location sharing — showing your position on the map to members of your groups while skiing.
Push notifications — alerting you when friends join or leave groups, and when rally points are created.
Resort detection — determining whether you are inside a ski resort to control when your location is shared with your group. Location data collected outside resort boundaries is not stored or shared.
Service operation — authentication, group management, and core functionality.
Service improvement — analysing anonymous usage patterns to improve app features and performance.
Bug fixing — using crash reports to identify and resolve technical issues.

3. Data Sharing and Third Parties

We do not sell your personal data. We do not share your data with advertisers or data brokers.

We use the following third-party services to operate the Service:

Service	Provider	Purpose	Privacy Policy
Firebase / Google Cloud	Google LLC	Authentication, database, cloud functions, hosting, analytics, crash reporting	firebase.google.com/support/privacy
Expo	650 Industries, Inc.	Push notifications, over-the-air updates	expo.dev/privacy
MapTiler	MapTiler AG	Map tiles and terrain rendering	maptiler.com/privacy-policy
Google Sign-In	Google LLC	Optional authentication via Google account	policies.google.com/privacy
Apple Sign-In	Apple Inc.	Optional authentication via Apple ID (iOS only)	apple.com/legal/privacy

Your location data is shared only with members of groups you have voluntarily joined. No location data is shared publicly or with any third party beyond the infrastructure providers listed above.

4. International Data Transfers

Our infrastructure is hosted on Google Cloud (Firebase). Your data may be processed and stored in the United States and other countries where Google operates data centres. Where your data is transferred outside the European Economic Area (EEA) or the United Kingdom, we rely on Google’s compliance with Standard Contractual Clauses and other approved transfer mechanisms to ensure adequate protection of your data.

5. Data Retention

Location data is ephemeral. Each location update overwrites the previous one. We do not maintain a history of your past locations.
Account data (email, display name, group membership) is retained while your account is active.
Rally points persist until you delete them or delete your account.
Analytics and crash data is retained by Firebase Analytics and Crashlytics according to Google’s standard retention periods (typically 14 months for analytics, 90 days for crash logs).
When you delete your account, all your data — including your user profile, rally points, group memberships, location data, notification tokens, and associated analytics data — is permanently deleted from our systems.

6. Your Rights

6.1 All Users

Regardless of your location, you can:

Access your data by viewing your profile and groups in the app.
Correct your display name directly in the app via the Profile screen.
Delete your account from the Profile screen in the app. This permanently removes all your data.
Withdraw consent for location sharing at any time by toggling the Location Sharing switch off in the Profile screen, or by deleting your account.
Request data portability by contacting us at privacy@skimapp.app.

6.2 Rights for Users in the European Economic Area and the United Kingdom (GDPR / UK GDPR)

If you are in the EEA or the UK, the following additional information applies under the General Data Protection Regulation (EU) 2016/679 and the UK GDPR:

Data controller: Skigroup Technology Ltd, registered in England and Wales. Contact: privacy@skimapp.app.
Legal basis for processing:
- Consent (Article 6(1)(a)) — for collecting and sharing your precise location data. You grant this consent when you enable location permissions and can withdraw it at any time.
- Legitimate interest (Article 6(1)(f)) — for service operation, security, fraud prevention, analytics, and crash reporting.
- Performance of a contract (Article 6(1)(b)) — for providing the core service features you have requested (authentication, group management).
Data retention periods: See Section 5 above.
Right to erasure: You may request deletion of all your data by using the in-app account deletion feature or by contacting us.
Right to lodge a complaint: You may lodge a complaint with a supervisory authority. For users in the UK, this is the Information Commissioner’s Office (ICO). For users in the EEA, contact your local data protection authority.
You may request restriction of processing or object to processing by contacting us.
Automated decision-making: We do not make any decisions based solely on automated processing that produce legal effects concerning you.

6.3 Rights for Users in California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) provides you with additional rights:

Categories of personal information collected: identifiers (email, display name), geolocation data (precise GPS coordinates), internet or electronic network activity (push tokens, analytics events).
Purposes of collection: providing the location-sharing service, push notifications, service improvement via analytics, and crash detection/bug fixing.
Sensitive personal information: We collect precise geolocation data, which is classified as sensitive personal information under the CPRA. This data is used solely to provide the location-sharing features you have requested. You may limit use of this data by disabling location sharing in the app.
Right to know: You can request the categories and specific pieces of personal information we have collected about you.
Right to delete: You can request deletion of your personal information. Use the in-app account deletion feature or contact us.
Right to correct: You can request correction of inaccurate personal information.
Right to opt out of sale or sharing: We do not sell or share (for cross-context behavioural advertising) personal information. No opt-out is necessary.
Right to limit use of sensitive personal information: You can limit the use of your precise geolocation by disabling location sharing in the Profile screen.
Non-discrimination: We will not discriminate against you for exercising any CCPA/CPRA rights.

7. Children’s Privacy (COPPA)

Skimapp is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information as soon as possible. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@skimapp.app and we will promptly delete it.

8. Security

We take reasonable measures to protect your data, including:

Authentication via Firebase Auth with secure credential handling.
Firestore security rules that restrict data access to authorised users (e.g. only group members can see each other’s locations).
All data transmitted over HTTPS/TLS encryption.
Cloud Functions that verify authentication before performing operations.

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Background Location Disclosure

Skimapp uses background location access to continue sharing your position with your ski group while the app is not in the foreground. This feature:

Activates automatically when you have joined at least one group.
Checks your position every 5 minutes or when you move 100 metres.
Only shares your location when you are inside a known ski resort area. When you are outside a resort (e.g. at home, commuting), your location is checked locally on the device but is not stored or shared with anyone.
Expires automatically after 7 days as a safety measure, requiring re-activation.
Can be stopped at any time by turning off Location Sharing in the app.

Background location data is used solely to share your position with your group members on the ski slope map. It is not used for advertising, analytics, or any purpose other than the core location-sharing feature.

Why background location is required: Skiing involves long periods where your phone is in your pocket or bag. Without background location, your group members would lose sight of you every time your phone screen turns off, defeating the purpose of the app. Background location ensures your friends can always find you on the mountain.

10. Account Deletion

You can delete your account at any time from the Profile screen in the app. Account deletion permanently removes:

Your user profile (name, email, preferences).
All rally points you have created (including copies shared with groups).
Your membership from all groups.
Your location data from all groups.
Your push notification token.
Your analytics and crash data associated with your account.
Your Firebase authentication record.

This action is irreversible. If a group has no remaining members after your departure, the group is also deleted.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via an in-app notification or by email. The “Effective date” at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Skigroup Technology Ltd
Email: privacy@skimapp.app