PathQuest

Privacy Policy

Your privacy matters to us. PathQuest was built around a simple idea: your steps, your journey, your data — yours. This page explains what little we collect, why, where it goes, and how to remove it whenever you want. We’ve kept the language plain on purpose.

Last updated: 1 May 2026

Who we are

PathQuest is an indie iOS app made by Juan Carlos Castellet, a solo developer based in Castellón, Spain. There’s no team, no investors, no advertising network behind the scenes.

For the rest of this page, “we” means me, and “you” means you — the person walking around with the app on their phone.

What stays on your device

Almost everything. PathQuest is offline-first by design.

When you grant the app permission to read HealthKit, it reads your daily step count and walking and running distance. Those numbers stay on your iPhone — Apple’s HealthKit framework doesn’t let apps send health data anywhere unless they explicitly choose to, and we don’t. We never copy or transmit your individual HealthKit samples; we use them to compute the cumulative distance you’ve walked since starting a quest, and we save that single total alongside the quest.

Your quests, stages, and preferences live in a local SwiftData database on the device, alongside a small set of preferences (theme, distance unit, premium flag, sync flag) shared between the app and the home-screen widget. Uninstalling the app removes all of this. There’s no cloud account to deactivate.

What goes to Google (Firebase)

PathQuest uses three Google Firebase modules: Analytics (so we know which features people use), Crashlytics (so we hear about crashes before you do), and Remote Config (which lets us roll out feature changes gradually as the app grows). All three are anonymous — none of them know who you are.

Firebase Analytics receives an event each time something interesting happens in the app — opening a screen, starting a quest, tapping a button. Those events let us see which features people actually use, so we can give those parts extra love. They’re anonymous: no name, no email, no account ID, no step counts, no quest content. We can see, in aggregate, that “20% of users have the widget installed” — we can’t see that you specifically have a widget installed.

Firebase Crashlytics is even simpler: when the app crashes, it sends us the stack trace and the device/OS state at the moment of the crash, so we can fix the bug. No personal identifiers are attached.

One technical detail worth mentioning: Firebase assigns an ID to each install of the app. It’s generated locally on first launch and resets if you reinstall. It isn’t linked to you, and we never see it.

Your IP address is visible to Google’s servers transiently — that’s how internet requests work — and Google may use it for very coarse country-level region tagging. We don’t store it ourselves and we don’t use it to identify you. Google’s full description of these services is at firebase.google.com/support/privacy.

What goes to Apple (iCloud)

iCloud sync is a premium feature and off by default. If you turn it on, your quest data — quest names, distances, progress, stages, dates — is stored in your private iCloud container. That data lives in your Apple account, encrypted by Apple, and is visible only to you and the devices signed into your Apple ID. We never see it.

If you don’t enable iCloud sync, none of your quest data leaves your device.

What we do not collect

A short list, because what’s not collected is sometimes more useful than what is:

  • Your name, email address, or phone number
  • Your real-world location (PathQuest does not use Core Location)
  • Your contacts, photos, microphone, or camera
  • Any advertising identifier — we don’t run ads or partner with ad networks
  • Your individual step counts (those are kept by Apple, on your device)
  • Anything that would let us, or anyone else, identify you personally

Children

PathQuest is not directed at children under the age of 13 (or under 14 in Spain, the minimum age for digital consent under Spanish data protection law). We do not knowingly collect data from anyone in those age groups.

Your rights

Privacy isn’t an afterthought here — it’s the reason the app collects nothing tied to who you are. Because we go out of our way to keep everything anonymous, there isn’t a “your data” sitting on a server somewhere with your name on it that we could pull up and hand over. That said, the rights you have under the GDPR and similar laws still apply, and most of them are exercisable yourself:

  • Local data: Delete the app. Your quests, stages, preferences, and the per-session analytics signal all stop immediately.
  • iCloud quest data: On your iPhone, open Settings → tap your name at the top → iCloud → Manage Account Storage → PathQuest, and choose to delete the data there.
  • Firebase analytics and crash records: Neither analytics events nor crash reports are tied to any user identifier — no name, no email, no persistent device ID — so there isn’t a “your data” we could reach in to find. Records are pooled anonymously and aged out on Google’s standard retention schedule (see below). If you have specific concerns, get in touch.

You can also lodge a complaint with your data protection authority. For Spain, that’s the AEPD.

How long data is kept

  • Firebase Analytics events are auto-purged after 14 months (Google’s default).
  • Firebase Crashlytics crash records are kept for 90 days.
  • iCloud quest data lives until you delete it, the app, or your iCloud account.
  • Local data lives until you delete the app or wipe the device.

Changes to this policy

This policy may change from time to time as the app evolves. The date at the top of this page reflects the latest revision; it’s worth checking back occasionally.

Contact

Questions, concerns, or requests of any kind: pathquest@castellet.dev.