Privacy Policy
Last updated: 3 July 2026 · Applies to the hellolocals mobile application (Android and iOS)
hellolocals ("the app", "we", "us") is a digital companion for guests of partner accommodations. This policy explains what personal data the app processes, why, where it is stored, and the rights you have. We collect as little as possible: the app exists to show you information about your stay and your destination, not to profile you.
1. What data we process, and why
a) Stay code (guest access)
To use the app you enter a unique stay code provided by your host, either by typing it or by scanning a QR code. The code links you to a specific accommodation and stay period. We process the code, the guest name your host entered for the booking, and the validity dates of your stay. Purpose: giving you access to the right accommodation's content. Legal basis: performance of the service you request (GDPR Art. 6(1)(b)).
b) Optional account data
You may optionally create an account with an email address and password, and add profile details such as a display name and date of birth. Passwords are never stored in readable form. Purpose: keeping your profile and favorites across devices. Legal basis: performance of the service (Art. 6(1)(b)).
c) Favorites and app preferences
When you mark activities, restaurants or accommodations as favorites, or set preferences such as language and theme, we store these to provide the feature. Language and display preferences are stored locally on your device; favorites may be stored in your account if you have one.
d) Camera (QR scanning)
The app requests camera permission solely to scan your stay QR code. The camera image is processed on your device to read the code and is not recorded, stored or transmitted. You can always type the code instead and deny the permission.
e) Weather-based suggestions
To suggest activities that fit the weather, the app requests current weather for your accommodation's area (not your personal GPS position). No precise location of your device is collected for this feature.
f) Technical data
When the app communicates with our servers or loads map tiles, the receiving servers technically process your IP address and basic request data, as with any internet service. We do not use this to identify you and do not run advertising or cross-app tracking. The app contains no ads and no third-party advertising or analytics SDKs.
2. Where your data is stored
App data (stay codes, accounts, favorites, content) is stored with our backend provider Supabase, hosted on servers in the European Union (AWS eu-central-1, Frankfurt, Germany).
3. Third-party services
| Service | Used for | Data involved |
|---|---|---|
| Supabase (EU/Frankfurt) | Database, authentication and file storage | Account data, stay code, favorites, content; IP address technically |
| OpenFreeMap (map tiles, OpenStreetMap data) | Displaying maps and hiking routes | IP address and tile requests, technically required to load the map |
| Weather data provider | Weather-matched activity suggestions | The accommodation area's location; no personal data |
Map data is © OpenStreetMap contributors. We do not sell personal data and do not share it with third parties for their own marketing.
4. How long we keep data
- Stay codes and guest records are kept for the duration configured by the host for the booking and are deactivated after the stay's validity ends.
- Account data is kept until you delete your account. You can delete your account directly in the app (Settings → Profile); this removes your profile data from our systems.
- Local preferences (language, theme) remain on your device and are removed when you uninstall the app.
5. Your rights (GDPR)
If you are in the European Economic Area, you have the right to:
- access the personal data we hold about you (Art. 15),
- have inaccurate data corrected (Art. 16),
- have your data deleted (Art. 17),
- restrict or object to processing (Art. 18, 21),
- receive your data in a portable format (Art. 20),
- lodge a complaint with a supervisory authority — in Italy, the Garante per la protezione dei dati personali (gpdp.it).
To exercise any of these rights, email hellolocals.app@gmail.com. We respond within one month.
6. Children
The app is intended for travelers and their families. It is not directed at children, does not knowingly collect data from children, and contains no advertising. Guest records are created by hosts for bookings; children do not need their own account to use content shared with a family's stay code.
7. Security
Data is transmitted over encrypted connections (HTTPS/TLS). Access credentials on your device are stored using the operating system's secure storage. Access to production data is restricted to the operator.
8. Changes to this policy
If we change what data the app processes, we will update this page and the "last updated" date above, and inform you in the app where the change is significant.
9. Contact
Questions about privacy or this policy: hellolocals.app@gmail.com