Privacy Policy

Last updated: February 2025

YahoLink lets you record your position during hikes and share it in real time with family or friends via a map. This policy describes what data we collect, how we use it, and your rights. It applies to the YahoLink website and the YahoLink Android app.

1. Who is responsible?

The service is operated by the person or organization that hosts the YahoLink instance you use. If you use the Android app, you configure it to send data to a server URL you choose (your own instance or one you trust). That operator is the data controller for the data processed on that server.

2. Data we collect and why

Account and profile (web and app)

When you create an account (hiker or admin), we store your email address and a hashed password so you can sign in. You may also create API keys in your profile; these are used by the Android app to authenticate when sending location updates. We do not share your email or API keys with third parties.

Location data (Android app)

The Android app requests permission to access your device’s location in the background during an active hike. It sends your position (latitude, longitude, altitude when available, timestamp, and optionally battery level and speed) to the YahoLink server you configured. This data is used to show your position on the map for you and for people you have shared a link with. Location data is only sent while a hike is “in progress” and you have started tracking.

Camera (Android app)

The Android app may request access to your device’s camera to scan QR codes or barcodes (for example to configure the server URL or an API key). The camera is used only for scanning; we do not record, store or upload any photo or video. No image data is sent to our servers.

Hike data (web and app)

When you create a hike (e.g. by uploading a GPX track), we store the track, hike name, status and related metadata. Support messages that viewers or you leave on the map are stored and shown to people with access to that hike. This data is used only to provide the service (map, progress, messages).

3. Who can see your data?

Your location during a hike and the current hike’s map are visible to you and to anyone who has a valid share link for that hike. Share links can be revoked at any time from the dashboard. Administrators of the YahoLink instance can manage users and hikes on that server; they do not have access to your password (only a hashed version is stored).

4. Data retention and storage

Data is stored on the server you connect to (your own or your provider’s). The operator of that server decides retention. Typically, hike and location data remain until you or an admin deletes the hike or the account. You can delete your account or specific hikes from the dashboard where the instance allows it.

5. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete or export your data, or to object to or restrict processing. To exercise these rights, contact the operator of the YahoLink instance you use. If you host the service yourself, you control the data and can delete it directly (database or dashboard).

6. Security

We use industry-standard practices: passwords are hashed, API keys are secret and transmitted over HTTPS when the server is configured for it. You should use a server URL that uses HTTPS in production.

7. Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top will be revised. We encourage you to review this page periodically.

8. Contact

For questions about this privacy policy or your data, contact the operator of the YahoLink instance you use. For the open-source project and the Android app, you can open an issue or discussion on the project repository.