← Back

Privacy Notice

Last updated: July 5, 2026

This Privacy Notice describes how Aaron Rosenthal ("we", "us", "our"), the operator of Wailore (the "Service"), collects, uses, and shares your personal data. We act as the data controller for personal data processed through the Service.

1. Personal data we collect

  • Account data: email address, name (if provided), authentication identifiers (including Google sign-in ID where used).
  • Usage data: the places you look up, tours generated, audio played, and settings you configure.
  • Location data: approximate location or coordinates you enter or grant to the app, used solely to find nearby points of interest.
  • Device and log data: IP address, browser type, device identifiers, timestamps, and error logs.
  • Support communications: messages you send us.

2. Why we use it

  • To create your account and provide the Service (legal basis: performance of a contract).
  • To generate audio tours based on your location and interests (contract).
  • To keep the Service secure, prevent fraud and abuse, and diagnose errors (legitimate interests).
  • To communicate with you about your account and service updates (contract / legitimate interests).
  • To comply with legal obligations (legal obligation).

3. Who we share it with

We share personal data only with the following categories of recipients:

  • Hosting and infrastructure providers: Cloudflare and Supabase, who host and store data on our behalf.
  • AI model providers: the third-party model providers we use to generate narration text and voice audio, which process prompts you or the app submit.
  • Map and content providers: Google Maps and Wikipedia, which return places and article data based on queries.
  • Merchant of Record (Paddle): for sale of the Service, subscription management, payments, tax compliance, invoicing, and refunds. See Paddle's Privacy Notice.
  • Professional advisers (legal, accounting) where necessary.
  • Authorities where required by law.

4. International transfers

Some recipients above are located outside your country. Where we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions where required.

5. Data retention

We keep personal data only as long as needed for the purposes above, or as required by law. Account data is kept while your account is active and deleted or anonymised on request or after a reasonable period of inactivity. Payment records held by Paddle are retained according to Paddle's own policies for tax and compliance reasons.

6. Your rights

Depending on where you live, you may have rights to access, rectify, erase, restrict, or object to processing of your personal data, to data portability, and to withdraw consent where processing is based on consent. Users in the UK/EEA may also complain to their local supervisory authority. We will respond to valid requests within one month.

7. Security

We use appropriate technical and organisational measures — including encryption in transit, access controls, and least-privilege database policies — to protect your personal data.

8. Cookies and similar technologies

We use strictly necessary cookies and local storage to keep you signed in and to remember your preferences. We do not use advertising cookies.

9. Contact

To exercise your rights or ask questions about this notice, contact us through the app. Payment-related privacy queries can also be directed to Paddle at paddle.net.