Privacy Policy

Last updated: April 4, 2026

A quick note before you dive in

Privacy policies are usually long, dense, and written so nobody reads them. We did the opposite. This one is short, written in plain language, and hides nothing.

Lava Guide is a curated travel app for exploring Tenerife. We help you find the best hikes, beaches, and towns without the overwhelm. To do that well, we collect some data about how you use the app. This policy explains exactly what, why, and where.

If something is unclear, email us at legal@skyp.app. We mean it.

Our key principles

  • We never sell your data
  • Your trip plans and bookmarks stay on your device
  • We only collect what we need to make the app work well for you
  • All our servers are in the European Union
  • We use your data solely to improve our products

Table of contents

  • Who is behind Lava Guide?
  • What data do we collect?
  • Why do we collect this data?
  • Who can see my data?
  • Does my data leave the EU?
  • How is my data protected?
  • How long do we keep your data?
  • What are my rights?
  • Do you use cookies?
  • Is the app suitable for minors?
  • Will this policy change?
  • How can I contact you?

Who is behind Lava Guide?

Lava Guide is currently operated by its founding team. We are a small, independent team building a travel app we wish existed when we first explored Tenerife.

As we grow, we will update this section with our registered entity details.

For anything privacy-related, you can reach us at legal@skyp.app.

What data do we collect?

Your account

When you sign up, we collect the following:

  • Your email address
  • Your first name (optional)
  • Your last name (optional)

This data is stored on Supabase, hosted in the European Union. We use it to create your account and let you sign in.

How you use the app

We use PostHog, an analytics service hosted in the EU, to understand how people use Lava Guide. This helps us figure out what works, what does not, and how to improve your experience.

The types of interactions we track include:

  • Which screens you visit and which content you browse
  • Taps on buttons, cards, and navigation elements
  • Which hikes, cities, and day trips you explore
  • When you bookmark something or add it to your planner
  • Onboarding completion
  • Feedback you submit through the app

We also send your email and name to PostHog so we can connect your activity to your account. This helps us debug issues specific to your experience.

Session replays

To understand how people actually use the app and to fix usability issues, we record session replays. Think of it as watching someone use the app from over their shoulder, but with important protections.

Here is what you should know:

  • We record about 10% of normal sessions. When an error occurs, we record 100% so we can reproduce and fix the bug.
  • All text input fields are masked. We see gray boxes, not what you type.
  • Passwords are always masked, no exceptions.
  • We capture network request metadata (speed, size, status code) but never the actual content of requests or responses.

Session replays are processed by PostHog (EU) and Sentry (EU, Germany).

Crash reports and performance data

When the app crashes or behaves unexpectedly, we automatically collect technical details to help us fix the problem. This includes:

  • Error messages and stack traces
  • Your device type, operating system, and app version
  • Performance metrics (how fast things load, memory usage)
  • Your IP address

This data is sent to Sentry, hosted in the European Union (Germany). If you submit a bug report through the app, we also ask for your email so we can follow up with you.

Location data

When you tap the "center on my location" button on a map, the app reads your GPS coordinates to show where you are.

Here is what matters:

  • Your location is never sent to our servers
  • Your location is never included in our analytics
  • Your location is never stored anywhere except temporarily on your phone
  • Your device will ask you for permission first, and you can always say no. The app works fine without it.

Data stored only on your device

Some data never leaves your phone. It is stored locally in encrypted storage and we cannot see it, access it, or recover it if you uninstall the app.

This includes:

  • Your bookmarks (saved hikes, cities, activities, and highlights)
  • Your trip plans (names, dates, daily itineraries)
  • Your destination preference
  • Your onboarding progress

Feedback

When you give feedback through the app, we collect:

  • Your feedback (positive or negative)
  • Your selected reasons and feature categories
  • Any additional text you write (optional)
  • Which content you were reviewing (a hike, a city, a day trip, etc.)

This data is sent to PostHog surveys in the EU.

Authentication tokens

To keep you signed in, we store session tokens on your device. These are encrypted using hardware-backed secure storage (the iOS Keychain or Android Keystore). They are technical tokens, not readable data. They expire and refresh automatically.

Why do we collect this data?

Under the GDPR, we need a legal reason for processing your personal data. Here is ours for each category:

  • Account information: we need it to provide you with the service you signed up for. This falls under contract performance (GDPR Article 6(1)(b)).
  • Analytics and session replays: we use this to understand how people use the app and to fix usability issues. This falls under legitimate interest (GDPR Article 6(1)(f)).
  • Crash reports: we use this to fix bugs and maintain app stability. This falls under legitimate interest (GDPR Article 6(1)(f)).
  • Location: we do not collect your location. It stays entirely on your phone and is used only for map display.
  • Feedback: we use this to improve the app based on your input. This falls under legitimate interest (GDPR Article 6(1)(f)).

Who can see my data?

Only the services that help us run Lava Guide have access to your data. Here is exactly who they are and what they do:

  • Supabase (EU): stores your account data and handles authentication
  • PostHog (EU, eu.i.posthog.com): processes analytics events, session replays, and feedback surveys
  • Sentry (EU, Germany): processes crash reports, error tracking, and error session replays
  • Sanity: delivers app content (hikes, cities, day trips). No user data is processed by Sanity.

We do not share your data with data brokers or any other third parties. The services listed above are the only ones that process your data, and only for the purposes described in this policy.

Does my data leave the EU?

No. All the services we use are hosted in the European Union:

  • Supabase: EU region
  • PostHog: EU instance (eu.i.posthog.com)
  • Sentry: Germany (de.sentry.io)

Your data does not leave the EU. No international transfers, no additional safeguards needed.

How is my data protected?

We take data security seriously. Here is what we do:

  • All network communication is encrypted with HTTPS/TLS
  • Local data on your device is encrypted using MMKV with hardware-backed encryption keys stored in the iOS Keychain or Android Keystore
  • Authentication tokens are stored in your device's secure enclave
  • Text inputs are masked in session replays so we never see what you type
  • Passwords are always masked, no exceptions
  • We capture network request metadata but never the actual content of requests or responses

How long do we keep your data?

  • Account data: until you delete your account
  • Analytics events: according to PostHog's data retention policy
  • Session replays: according to PostHog and Sentry's retention settings
  • Crash reports: according to Sentry's data retention policy
  • Local device data (bookmarks, trip plans): until you uninstall the app or clear app data

When you delete your account, we remove your data from our systems. Your local data (bookmarks, trip plans) stays on your device until you remove the app.

What are my rights?

Under the GDPR, you have the right to:

  • Access: ask us what data we have about you
  • Correction: ask us to fix incorrect data
  • Deletion: ask us to delete your data
  • Portability: ask for a copy of your data in a standard format
  • Objection: object to processing based on legitimate interest
  • Restriction: ask us to limit how we use your data
  • Withdraw consent: for location, you can revoke permission anytime in your device settings

To exercise any of these rights, email us at legal@skyp.app. We will respond within 30 days, as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Do you use cookies?

No. Lava Guide is a mobile app and does not use cookies.

We use encrypted local storage on your device for keeping you signed in and remembering your preferences. This data stays on your phone and is not shared with anyone.

We use your data solely to improve our products, not for any kind of marketing purposes.

Is the app suitable for children?

Lava Guide is designed for users aged 16 and over, in line with the GDPR's default digital consent age.

We do not knowingly collect data from anyone under 16. If you believe someone under 16 has created an account, please contact us at legal@skyp.app and we will delete it promptly.

Will this policy change?

We may update this policy as Lava Guide evolves. When we make meaningful changes that affect how your data is used, we will let you know through the app.

The "Last updated" date at the top always reflects the latest version.

How can I contact you?

For anything privacy-related, questions, requests, complaints, or just curiosity, reach out to us at legal@skyp.app.

We are a small team and we read every email.