Privacy Policy
Last updated: June 22, 2026
1. Introduction
This Privacy Policy explains how Live.tau ("Live.τ", "Service", "we", "our") collects, uses, stores, and shares personal data when you use the mobile application, related web pages, backend services, notifications, integrations, subscriptions, and experimental features.
The Service is developed and operated by Nikolai Simonov, Belgrade, Serbia, who acts as the controller for personal data processed by the Service. For privacy questions or requests, contact: [email protected].
We have not appointed a separate Data Protection Officer at this stage. If a Data Protection Officer, EU representative, or other privacy contact becomes legally required for the Service, this Policy will be updated with those details.
The Service is designed for activity telemetry, live location sharing, safety notifications, Suunto account integration, route and map management, field notes, push-to-talk voice features, groups, nearby or Mayday features, automations, subscriptions, stories, and optional broadcast features. Some features may be available only in specific builds, platforms, countries, subscription plans, or experimental settings.
2. Data We Collect
2.1 Device, App, and Account Identifiers
We may collect and use:
- A unique device identifier generated or assigned for the Service
- Linked username or account status where you enable account features
- Push notification tokens, including Firebase Cloud Messaging tokens
- App version, build flavor, platform, operating system version, device manufacturer, model, and package identifier
- Subscription plan, entitlement, purchase status, and provider identifier
- Technical request metadata such as IP address, user agent, timestamps, and request logs
2.2 Location, Route, and Activity Data
When tracking, live sharing, map, route, group, SOS, or related features are used, we may process:
- GPS coordinates, altitude, accuracy, speed, heading, and timestamps
- Live activity sessions, including start, pause, resume, lap, stop, timeout, and lifecycle events
- Route files and route metadata, including GPX/KML routes, synced Suunto routes, waypoints, checkpoints, trigger geometry, and planned route geometry
- Historical tracks, live session state, H3 or nearby cell state, and map camera/cache state
- SOS or Mayday events with associated location and timestamp
Location data is central to the Service. Live.τ may collect, transmit, store, and share location data to enable Phone GPS fallback for Assisted GNSS, active session tracking, live location sharing, route alerts, SOS/Mayday safety messages, field notes, and configured automations. When Phone GPS fallback or another background-capable feature is enabled, location data may be processed even when the app is closed, in the background, or not visible. Do not use live sharing, group, nearby, route, SOS, field note, or automation features if you do not want location data to be processed or shared with selected recipients or providers.
2.3 Watch, Sensor, and Bluetooth Telemetry
If supported by your watch, app settings, and active feature configuration, we may process telemetry from a watch, Bluetooth connection, or connected service, including:
- Heart rate, speed, cadence, power, temperature, and related activity metrics
- Battery or power status
- Motion or sensor-forwarding data where enabled
- Watch connection state, Bluetooth identifiers visible to the app, handshake state, protocol diagnostics, and connection errors
- Watch button configuration and push-to-talk or audio-note button actions
These metrics are used to provide activity telemetry and related features. The Service is not a medical device and does not provide medical advice, diagnosis, monitoring, treatment, or emergency medical services. Where watch telemetry may be treated as health-related or special-category data under applicable law, we process it only for the requested feature and rely on explicit consent or another applicable legal condition where required.
2.4 Suunto Account Integration
If you choose to link your Suunto account, we may receive or process:
- Suunto username
- Email address associated with the linked account
- Temporary OAuth, web, or linking tokens
- Account link status
- Permalink preferences, such as using an @username instead of a device-based link
- Route data and route metadata available through the linked integration
Suunto account linking is optional. You can unlink your Suunto account from the app settings.
2.5 Contacts and Notification Recipients
When you configure emergency contacts, subscribers, followers, or event notifications, we may process:
- Phone numbers selected for SMS or SOS notifications
- Email addresses selected for event notifications
- Notification preferences, such as start, stop, SOS, or other event subscriptions
- Unsubscribe, invite, or management tokens
- Delivery status and limited delivery history
If you use the device contact picker, the app may request access to your address book to let you choose a contact. The full address book is used locally for selection; only the specific phone numbers or email addresses you choose may be uploaded to our servers to provide the selected notification service.
2.6 Emergency and Safety Data
When SOS, Mayday, emergency SMS, group safety, shake detection, or related features are used, we may process:
- SOS or Mayday message content
- Current or last known location
- Emergency activation, cancellation, and receipt timestamps
- Selected phone numbers, email addresses, push recipients, group recipients, or nearby recipients
- Delivery metadata for SMS, email, push, in-app, group, or nearby notifications
- Source device identifier, linked username, and group membership context where needed
Emergency features are supplemental tools only and may fail due to network, device, platform, battery, permission, provider, configuration, or software issues.
2.7 Field Notes, Media, Voice, and Audio Data
If you create field notes, use audio notes, or use push-to-talk voice features, we may process:
- Text notes
- Photos, thumbnails, audio recordings, video files, and related media
- Media metadata, such as file type, MIME type, size, duration, and local file references
- Optional note location, timestamps, session identifiers, sync status, visibility settings, and upload status
- Microphone audio captured for audio notes or push-to-talk transmission
- Encoded voice packets, input/output volume levels, transmission state, playback state, and connection statistics
- Bluetooth headset route and audio-session diagnostics where needed for audio operation
Field notes and media may be stored locally and may be synced to backend or object-storage services when your account, device, connectivity, and feature settings allow it. Push-to-talk voice is transmitted to the configured real-time media service and intended recipients for the active feature; it is not intended to be a permanent recording unless you explicitly create an audio note or another recording feature is enabled.
Do not include sensitive information in field notes, media, audio notes, or voice transmissions unless you are comfortable with it being processed as part of the Service.
2.8 Groups, Nearby, Mayday, and Shared Activity Features
If you join or use groups, nearby, Mayday, or shared activity features, we may process and share within the relevant feature:
- Group names, membership, roles, invite links, temporary membership state, and membership status
- Member display identifiers, such as username or device identifier
- Member location markers, timestamps, SOS or Mayday status, live activity state, and offline or removal events
- Messages or events necessary to keep group and nearby features synchronized
Group and nearby features may make your location or safety state visible to other group members or selected recipients.
2.9 Automations and Third-Party Integrations
If you connect automation providers or configure checkpoint actions, we may process and transmit event payloads to the selected provider. These payloads may include:
- Event type, such as start, stop, pause, resume, lap, SOS, field note created, Suunto workout synced, route checkpoint, or first session location
- Session identifier, device identifier, timestamp, and activity status
- Location or checkpoint data, including crossing location where applicable
- User-configured message content, automation name, provider key, and connection state
Automation providers may include Zapier, Make, n8n, IFTTT, or other providers shown in the app. These providers process data under their own terms and privacy policies.
2.10 Subscriptions, Purchases, and Entitlements
If you view, buy, restore, or manage subscription plans, we may process:
- Product identifiers, plan identifiers, offer identifiers, entitlement status, purchase status, and provider identifiers
- Store purchase tokens, transaction identifiers, signed purchase data, package identifiers, base plan identifiers, or similar verification data
- Web checkout tokens, customer portal tokens, and return-target information where supported
- Linked account or device identifiers needed to associate purchases with the Service
Payment processing and app store billing may be handled by third-party providers such as Dodo Payments, Google Play, and Apple App Store. We do not store full payment card details.
2.11 Broadcast and Streaming Configuration
If broadcast features are enabled and used, we may process:
- Broadcast destination URL, RTMP host, stream key, gateway host, ports, secure connection setting, and optional authentication token
- Broadcast profile settings such as orientation, zoom, codec, bitrate, width, height, and frame rate
- Session identifier and linked username needed to start or stop broadcast sessions
Broadcast destinations and streaming platforms may process data under their own terms.
2.12 Stories, In-App Content, and Sponsored Content
When stories or in-app content are loaded or viewed, we may process:
- Story identifiers, source identifiers, source names, source avatars, story type, title, description, media URLs, CTA text, CTA URLs, sponsored flags, and targeting metadata such as platform or build range
- Viewed, unread, skipped, paused, dismissed, completed, or CTA-tapped state
- Cached story content metadata and ETag values
- Analytics events related to story display and interaction
Stories may include official, partner, sponsored, or user-source content. If you open an external link from a story, the destination service may process data under its own terms and privacy policy.
2.13 Maps, Offline Maps, and Tile Services
When you use map or offline map features, the app may load map styles, tiles, sprites, glyphs, and offline regions from map infrastructure or tile providers. This may involve technical metadata such as IP address, requested tile coordinates, device/app metadata, and cache state.
The Service may use DigitalOcean Spaces, OpenFreeMap, MapLibre-related components, or other map infrastructure configured in the app.
2.14 Analytics, Diagnostics, and Logs
Where enabled, we may collect:
- Product analytics events, such as feature usage, settings changes, route loading, permission flows, subscription screens, story interactions, and session lifecycle events
- Session replay or visual interaction diagnostics where enabled
- Crash reports, stack traces, error messages, breadcrumbs, performance traces, and device context
- Backend logs, security monitoring events, and provider delivery logs
Analytics and diagnostics are used to improve reliability, debug issues, understand feature usage, prevent abuse, and maintain the Service.
2.15 Data From Third Parties and Other Sources
Most data is collected from you or your device. We may also receive data from:
- Suunto / Amer Sports Digital Services, when you link your Suunto account
- App stores, Dodo Payments, or billing providers, when purchases, renewals, cancellations, or restore flows are processed
- Automation providers, broadcast destinations, or integration services you connect
- Group members, subscribers, emergency contacts, or recipients, when they interact with shared features or delivery flows
- Infrastructure, analytics, diagnostics, delivery, and security providers, when they return technical events, logs, or delivery status
3. How We Use Data
We use personal data to:
- Provide Phone GPS fallback for Assisted GNSS, live tracking, route, route alerts, map, watch telemetry, Bluetooth, push-to-talk, and activity features
- Process SOS, Mayday, SMS, email, push, group, nearby, and notification features
- Link and manage Suunto accounts
- Sync field notes, media, routes, checkpoints, and session data where enabled
- Provide group, nearby, public link, permalink, and sharing features
- Enable automations and third-party integrations you configure
- Provide subscriptions, entitlements, purchase verification, restore purchase flows, and customer portals
- Provide broadcast and streaming gateway features where enabled
- Load, cache, target, and measure stories and in-app content
- Maintain security, prevent abuse, troubleshoot issues, and monitor reliability
- Provide support and respond to user requests
- Comply with legal obligations
4. Legal Bases for Processing
Depending on the feature and applicable law, we process personal data based on:
- Consent, for optional account linking, notifications, contacts, analytics where required, field notes, microphone/audio features, automations, broadcast settings, and optional tracking or sharing features
- Contract necessity, to provide the Service, subscriptions, purchases, account-related features, and requested functionality
- Vital interests, for SOS, Mayday, and emergency notification features
- Legitimate interests, for security, abuse prevention, diagnostics, service reliability, product improvement, and support
- Legal obligations, where we must retain or disclose information to comply with applicable law
Where processing involves health-related telemetry or another special category of personal data under GDPR Article 9, we rely on explicit consent or another applicable Article 9 condition where required.
You may withdraw consent where processing is based on consent. Some features may stop working if consent or permissions are withdrawn.
5. Required and Optional Data
Providing personal data is generally not a statutory requirement. Some data is necessary to provide the Service or a feature you request:
- Core technical identifiers, app metadata, and request metadata are needed to operate, secure, and troubleshoot the Service.
- Location data is needed for Phone GPS fallback for Assisted GNSS, live tracking, maps, route progress, route alerts, SOS, Mayday, group, nearby, field notes, configured automations, background service continuity where enabled, and sharing features.
- Contact details are needed only if you configure SMS, email, emergency contacts, subscribers, or followers.
- Microphone, media, route files, watch telemetry, Suunto data, broadcast settings, automation payloads, and purchase data are needed only for the corresponding optional features.
If you do not provide required data or permissions for a feature, that feature may be unavailable, incomplete, or unreliable. You can still use other parts of the Service where they do not depend on that data.
6. Data Sharing and Third Parties
We do not sell personal data. We share data only as needed to provide the Service, with providers you choose, with recipients you configure, or where legally required.
6.1 Infrastructure and Service Providers
The Service may use:
- DigitalOcean for hosting, object storage, database, CDN-style file delivery, and related infrastructure
- Google Firebase / FCM for push notifications
- Twilio for cloud SMS notifications
- Email delivery providers, including Proton SMTP or other configured providers, for email notifications
- Sentry for crash reporting, error monitoring, breadcrumbs, traces, and diagnostics
- PostHog for product analytics and, where enabled, session replay or interaction diagnostics
- Better Stack or similar services for server-side logging and monitoring where configured
- Map and tile providers, including OpenFreeMap, DigitalOcean Spaces, or related map infrastructure
- Real-time media or gateway services for push-to-talk, audio, broadcast, or related live features where enabled
6.2 Integrations and User-Selected Recipients
We may share relevant data with:
- Suunto / Amer Sports Digital Services, when you link your Suunto account
- Zapier, Make, n8n, IFTTT, or other automation providers when you connect or configure them
- Dodo Payments, Google Play, Apple App Store, or related billing services for purchases and entitlement verification
- Emergency contacts, subscribers, group members, nearby recipients, public link viewers, story link destinations, voice recipients, or broadcast destinations that you configure or enable
6.3 Legal, Safety, and Abuse Cases
We may disclose data:
- To comply with lawful requests, court orders, or legal obligations
- To protect the rights, safety, and security of users, the Service, or others
- To investigate abuse, fraud, security incidents, or prohibited use
7. Public Sharing, Groups, Voice, Stories, and Broadcasts
Some features are designed to share information with other people:
- Public activity links may be accessible to anyone who has the link
- @username permalinks may make current or historical public activity pages easier to find
- Group and nearby features may show live location, activity, SOS, Mayday, voice/PTT state, or status information to group members or selected recipients
- Field notes may be visible according to the note visibility and sharing settings
- Push-to-talk audio may be transmitted to participants or recipients connected to the active feature
- Broadcast features may transmit stream configuration or activity data to configured broadcast destinations
- Stories may contain external links, sponsored content, and partner content
Use these features only when you understand who can access the shared information.
8. Data Storage, Locations, and International Transfers
Core Service infrastructure is primarily operated in the European Union where configured. Some providers may process data in other regions, including the United States or other countries, depending on provider configuration, feature usage, and infrastructure routing.
When data is transferred outside the EEA or another protected jurisdiction, we rely on appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses, data processing agreements, provider security commitments, or other legally recognized mechanisms. You may contact us to request information about the safeguards used for a relevant transfer.
9. Retention
We keep personal data only as long as needed for the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Current intended retention periods include:
- Active session data: until session completion plus a short cleanup period
- Historical tracks and activity data: up to 6 months unless deleted earlier or retained by user configuration
- SOS and safety events: up to 3 months for safety, abuse prevention, and troubleshooting
- Notification contacts and subscriber data: until removed, unsubscribed, device/account unlinking, or deletion request
- Suunto link data: until unlinking, deletion request, or account cleanup
- Route cache, story cache, and offline map cache: until cleared by the user, app, operating system, cache lifecycle, or updated server content
- Field notes and media: until deleted, session/account cleanup, unlinking, or deletion request
- Push-to-talk voice data: transient transmission data is processed during active operation; diagnostic metadata may be retained with logs
- Purchase and entitlement records: as long as needed to provide subscriptions, verify transactions, resolve disputes, prevent abuse, and comply with legal obligations
- Crash reports and diagnostics: according to provider retention settings
- Analytics data: according to provider retention settings and app configuration
- Security logs: as long as needed for security, abuse prevention, troubleshooting, and legal compliance
10. Permissions and Device Access
The app may request platform permissions, including:
- Location, including background location where allowed by the operating system, for Phone GPS fallback for Assisted GNSS, live tracking, route, route alerts, map, SOS/Mayday, group, nearby, field notes, configured automations, and activity features
- Bluetooth, for watch connectivity, sensor forwarding, and audio routing where supported
- Notifications, for push and service status notifications
- Contacts, for selecting emergency contacts or notification recipients
- Camera, microphone, and photo/video access, for field notes, audio notes, push-to-talk, or broadcast-related features
- SMS permission in builds that support sending SMS directly from the device
- Background execution permissions, where required for tracking, Bluetooth, audio, notifications, or service continuity
- Storage or media access, where required for local media, route files, offline maps, exports, or cache management
You can manage permissions in your device settings. Some features may not work without the relevant permissions.
11. Your Rights
Depending on your location and applicable law, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete your data
- Restrict processing
- Object to processing based on legitimate interests
- Withdraw consent
- Request data portability
- Lodge a complaint with a supervisory authority, including the Serbian Commissioner for Information of Public Importance and Personal Data Protection or your local EEA data protection authority where applicable
To submit a request, contact [email protected] and include your device identifier, linked username if applicable, and the nature of your request. We may need to verify your identity before fulfilling a request.
12. Automated Decision-Making
We do not use solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significant effects within the meaning of GDPR Article 22.
We may use automated checks to operate the Service, such as phone number validation, service availability checks, session timeout handling, abuse prevention, purchase entitlement verification, feature-limit checks, and notification routing. These checks are used to provide, secure, or limit Service features and do not make legally significant decisions about you.
13. Managing Your Data and Choices
You can manage certain data and choices directly in the app:
- Remove email or SMS subscribers
- Disable push notifications in app or device settings
- Unlink your Suunto account
- Unlink your device or linked account where available
- Disable public permalink features where available
- Clear synced routes, story cache, or offline map caches where available
- Delete field notes and media where available
- Disable watch metrics, push-to-talk, background audio, or optional lab/nearby features where available
- Disconnect automation providers
- Stop using broadcast settings or remove broadcast credentials
- Stop using tracking or uninstall the app
Unlinking an integration, Suunto account, device, or linked account stops future use of that link but may not delete all historical data. To request deletion of personal data associated with your device identifier or linked username, contact [email protected] as described above.
14. Children's Privacy
The Service is not intended for persons under 16 years of age. If we learn that we have collected personal data from a child under the applicable age without proper consent, we will delete it.
15. Security
We use technical and organizational measures designed to protect personal data, including TLS for data in transit, access controls, monitoring, and limited operational access. No system is completely secure, and the Service may be affected by network, platform, provider, or software failures.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes may be communicated through the app, website, email, or another reasonable channel. The updated version will state its effective or last updated date.
17. Contact
For questions about this Privacy Policy or privacy requests:
Nikolai Simonov
Belgrade, Serbia
Email: [email protected]