Privacy Policy
Your privacy matters to us. PathQuest was built around a simple idea: your steps, your journey, your data — yours. This page explains what little we collect, why, where it goes, and how to remove it whenever you want. We’ve kept the language plain on purpose; if anything’s unclear, write to pathquest@castellet.dev and we’ll explain.
Who we are
PathQuest is an indie iOS app made by Juan Carlos Castellet, a solo developer based in Castellón, Spain. There’s no team, no investors, no advertising network behind the scenes. If you have a question about how your data is handled, you can email me directly at pathquest@castellet.dev — the message lands in my inbox, not a support queue.
For the rest of this page, “we” means me, and “you” means you — the person walking around with the app on their phone.
What stays on your device
Almost everything. PathQuest is offline-first by design.
When you grant the app permission to read HealthKit, it reads your daily step count and walking and running distance. Those numbers stay on your iPhone — Apple’s HealthKit framework doesn’t let apps send health data anywhere unless they explicitly choose to, and we don’t. We never copy or transmit your individual HealthKit samples; we use them to compute the cumulative distance you’ve walked since starting a quest, and we save that single total alongside the quest.
Your quests, stages, and preferences live in a local SwiftData database on the device, alongside a small set of preferences (theme, distance unit, premium flag, sync flag) shared between the app and the home-screen widget. Uninstalling the app removes all of this. There’s no cloud account to deactivate.
What goes to Google (Firebase)
PathQuest uses two Google Firebase services to keep the app reliable: Analytics (so we know which features people use) and Crashlytics (so we hear about crashes before you do). Both are anonymous — neither knows who you are.
Firebase Analytics receives an event each time you do something interesting in the app (open a screen, start a quest, tap a button). Each event carries a small bag of context:
- A session UUID generated fresh each time you open the app — it isn’t tied to you across sessions or across devices
- The app version, build number, and iOS version
- Your device model (e.g.
iPhone15,2) and locale (e.g.en_US) - Whether dark mode is on, whether distance is in km or miles, whether you have premium, whether iCloud sync is enabled, whether the widget is installed, and whether HealthKit is authorized
- A timestamp
That’s it. No name, no email, no account ID, no step counts, no quest names, no quest content. We can see, in aggregate, that “20% of users have the widget installed” — we cannot see that you specifically have a widget installed.
Firebase Crashlytics is even simpler: when the app crashes, it sends us the stack trace and the device/OS state at the moment of the crash, so we can fix the bug. No personal identifiers are attached.
Your IP address is visible to Google’s servers transiently — that’s how internet requests work — and Google may use it for very coarse country-level region tagging. We don’t store it ourselves and we don’t use it to identify you. Google’s full description of these services is at firebase.google.com/support/privacy.
What goes to Apple (iCloud)
iCloud sync is a premium feature and off by default. If you turn it on, your quest data — quest names, distances, progress, stages, dates — is stored in your private iCloud container. That data lives in your Apple account, encrypted by Apple, and is visible only to you and the devices signed into your Apple ID. We never see it.
If you don’t enable iCloud sync, none of your quest data leaves your device.
What we do not collect
A short list, because what’s not collected is sometimes more useful than what is:
- Your name, email address, or phone number
- Your real-world location (PathQuest does not use Core Location)
- Your contacts, photos, microphone, or camera
- Any advertising identifier — we don’t run ads or partner with ad networks
- Your individual step counts (those are kept by Apple, on your device)
- Anything that would let us, or anyone else, identify you personally
Children
PathQuest is not directed at children under the age of 13 (or under 14 in Spain, the minimum age for digital consent under Spanish data protection law). We do not knowingly collect data from anyone in those age groups. If you believe a child has been using the app and you’d like that data removed, email us and we’ll help.
Your rights
You have the right to know what’s collected, to request a copy, to ask us to delete it, and to withdraw consent. Most of these rights are easy to exercise yourself:
- Local data and analytics: Delete the app. Local quest data, preferences, and the per-session Firebase Analytics signal all stop immediately. Already-collected analytics events ride out their retention window (see below).
- iCloud quest data: On your iPhone, open Settings → tap your name at the top → iCloud → Manage Account Storage → PathQuest, and choose to delete the data there.
- Firebase Analytics or Crashlytics records still on Google’s servers: Email us at pathquest@castellet.dev and we’ll request deletion from Google on your behalf. Because we don’t tie events to a user identifier, the practical handle is your session UUID — let us know roughly when you used the app, plus your device model and iOS version, and we’ll do our best.
You can also lodge a complaint with your data protection authority. For Spain, that’s the AEPD.
How long data is kept
- Firebase Analytics events are auto-purged after 14 months (Google’s default).
- Firebase Crashlytics crash records are kept for 90 days.
- iCloud quest data lives until you delete it, the app, or your iCloud account.
- Local data lives until you delete the app or wipe the device.
Changes to this policy
If we change anything material, we’ll update the date at the top and link to the previous version from the app’s Settings → Privacy entry. Small typo fixes don’t count as material.
Contact
Questions, concerns, or requests of any kind: pathquest@castellet.dev.
The legal entity behind PathQuest is Juan Carlos Castellet, autónomo (sole proprietor), Castellón, Spain.