Privacy Policy — Head North

Effective date: 2026-02-05
Last updated: 2026-04-24

Head North ("the App") is a paid Android application developed by Odd Horizon OÜ (registry code 17250379), Estonia. The App is a local GPX track viewer and does not use accounts or backend servers.

This policy explains exactly what data is used, where it goes, and why.

1. Data We Use

1.1 Location Data (Precise)

The App uses precise location (GPS) to:

• display your current position
• center the map on you in real time
• show heading and movement

Important clarification:

• The App does not transmit location data to our servers
• The App does not store location history
• However, Mapbox receives anonymized viewport coordinates derived from your GPS in order to render maps and keep them centered on your position

This occurs because map tiles must be requested for the area you are viewing.

We do not receive this data ourselves.

Location access is:

• used only while the App is in use
• optional (the App works with reduced features if denied)
• revocable at any time via Android settings

1.2 Legal Basis for Processing (GDPR Article 6)

• Location data processing via Mapbox: Legitimate interest (Art. 6(1)(f)) — necessary to provide the core map rendering functionality you purchased the App for
• Local preferences storage: Contract performance (Art. 6(1)(b)) — necessary to deliver the App's features as purchased

1.3 Local App Data (On-Device Only)

The App stores a small amount of non-personal data locally, such as:

• map style selection
• theme (light/dark)
• distance units
• UI preferences

This data:

• stays on your device
• never leaves the device
• can be removed by clearing app data or uninstalling

2. Third-Party Services

2.1 Mapbox

The App uses Mapbox for map rendering.

Mapbox processes:

• IP address
• device and network metadata
• map viewport requests derived from your GPS location

Mapbox telemetry is explicitly disabled in the App.

Mapbox processing is governed by their policy: https://www.mapbox.com/legal/privacy

We do not control Mapbox's retention or logging practices.

2.2 Google Play (System-Level)

Android / Google Play may collect:

• crash diagnostics
• basic device information

This is controlled by Google, not the App.

2.3 TelemetryDeck (Anonymous Usage Analytics)

The App uses TelemetryDeck (operated by TelemetryDeck GmbH, Germany) to collect a single anonymous metric: the distance in kilometres ridden between app sessions. This lets us see aggregate usage across all users without identifying anyone.

What is sent:

• distanceKm — kilometres ridden since the previous report, to 3 decimals
• Standard SDK metadata automatically attached by TelemetryDeck: app version, OS version, device model class, locale

What is NOT sent:

• Your name, email, or any account identifier (the App has no accounts)
• Your location, GPS coordinates, routes, rides, or GPX files
• Your IP address (TelemetryDeck does not store IP addresses)

Identifier: TelemetryDeck's SDK generates a random anonymous install identifier on first launch, stored in the App's private file storage on your device. The SDK hashes this identifier before transmission, and TelemetryDeck salts and re-hashes it server-side. It is removed when you uninstall the App, is not shared between installations, and cannot be traced back to you.

Processing location: Germany (EU), Hetzner data centres.
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) — understanding aggregate usage to improve the product.
TelemetryDeck privacy policy: https://telemetrydeck.com/privacy/

3. Data Sharing

We:

• do not sell personal data
• do not use advertising SDKs
• do not use cross-app or cross-site tracking SDKs

Mapbox and TelemetryDeck process data as service providers — Mapbox for map rendering (see 2.1), TelemetryDeck for anonymous usage analytics (see 2.3).

4. Data Retention

• No location history is stored by the App
• No user database exists
• No personal data is retained by the developer

Mapbox retention is governed by their own policies.

5. Legal Compliance (EU & US)

We comply with:

• EU GDPR
• EU Digital Services Act
• US state privacy laws (including California, Oregon, Connecticut, Indiana, Kentucky, Rhode Island)

Specifically:

• We do not sell precise geolocation data
• We do not profile users
• A random anonymous install identifier is used solely by TelemetryDeck for aggregate analytics (see 2.3); it is not linked to any account, contact, or device identifier
• Any location-derived data used by Mapbox is pseudonymized and used only for map rendering

5.1 California Consumer Privacy Act (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA/CPRA):

• We do not sell or share personal information as defined by the CCPA
• We do not use sensitive personal information for purposes beyond what is necessary to provide the App
• California residents may exercise their rights by contacting us at hello@headnorthgps.com

6. Your Rights

Depending on your jurisdiction, you may have rights to:

• access information about data use
• request deletion (clearing local data)
• restrict processing (by disabling permissions)

Because we do not store personal data, most rights are exercised directly via your device.

You also have the right to lodge a complaint with your local data protection authority. For Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): https://www.aki.ee

7. Children's Privacy

The App is not intended for children under 13 years of age.

If we learn that a child has accessed the App in violation of applicable law, we will take reasonable steps to delete any associated data.

8. Changes

Material changes will be communicated via:

• App updates
• public posting on the App listing or website

9. Website Analytics

This website (headnorthgps.com) uses Vercel Web Analytics, which collects anonymous, aggregated page view data without cookies or personal identifiers. This is separate from the App and does not affect app users.

10. Contact

Odd Horizon OÜ
Registry code: 17250379
Email: hello@headnorthgps.com