Privacy Policy

For Backseat Geologist
Last Updated: 2026-05-09

About this Policy

This Privacy Policy explains how Backseat Geologist ("the App") handles information when you use it.

The App is provided by Blake Morgan, an individual sole trader at 2212 Oakawana Dr NE, Atlanta, GA 30345, USA ("we," "our," "us"). For privacy questions, write to support@backseatgeologist.com.

This Policy applies to users worldwide. Sections marked "EU/UK" set out additional rules and rights for users in the European Economic Area, the United Kingdom, and Switzerland under the GDPR, UK GDPR, the Swiss Federal Act on Data Protection, and the ePrivacy Directive.

 The short version You don't create an account. We don't know who you are.
Your routes, preferences, and downloaded audio live on your device — not on our servers.
We send the geology around you (and the name of the area you're in, at town or county level) to our server so it can generate the audio narration. We don't store either with anything that identifies you.
We use Firebase Analytics to understand how the App is used. In the EU/UK we ask for your consent before turning it on.
You can delete everything by uninstalling the App.
 

1. Information stored on your device

The following is stored locally on your device in platform-managed secure storage (iOS Data Protection on iOS; Android File-Based Encryption on Android). We do not see it, and it is deleted when you uninstall the App:

Routes you create or download. Including the geological segments and audio files associated with them.
App preferences. Your selected voice, audience setting (kids / family / enthusiast), analysis interval, language, and similar settings.
Usage counters. The App tracks how much you've used certain features so it can enforce the limits of your subscription tier. These counters never leave your device.
Subscription state. Held by Apple's StoreKit (on iOS) or Google Play Billing (on Android) on your behalf. Apple or Google — not we — sees your payment information.
A widget snapshot. If you use the home-screen widget, the App caches your most recent location locally so the widget can show what's beneath you. This cache lives only on your device and updates roughly every five minutes when you have moved more than fifty meters.
Firebase Installation ID — only if you have consented to Firebase Analytics (see §3). You can revoke consent in App Settings, which clears the identifier.

2. Information we send to our server

Our backend (api.backseatgeologist.com, hosted on Cloudflare's global Workers platform) receives requests from the App when you use features that need processing the App can't do offline.

2.1 To generate geological narration

When you ask the App to describe an area, it sends to our server:

The geological unit identifiers for the area you are exploring or driving through
A human-readable name for that area at town or county granularity (e.g., "near Boulder, Colorado") — never your precise coordinates or street address
Your selected audience setting and language
Your subscription tier (so the appropriate model and length limits are applied)
Your client platform (iOS or Android)

Our server then forwards the prompt to Google's Gemini API. We use the paid Gemini API tier, which means your prompt is not used by Google to train its models.

2.2 To generate audio

When the App needs spoken audio, it sends our server the text to be spoken and your voice and speaking-rate selection. Our server forwards the request to Microsoft Azure, Google Cloud, or Cloudflare Workers AI depending on your selected voice. The audio comes back, gets cached on your device, and is played for you.

2.3 To browse the curated route gallery

The App fetches the catalog of available routes by route ID. No data about you is sent. Anonymous download counts are recorded so we can see which routes are popular.

2.4 What we do not send

No name, email, phone number, or other contact information (we don't ask for any).
No persistent identifier for your device or installation generated by us.
No precise coordinates beyond what the geology service needs to look up the formation directly under your location, at the moment of the request.
No payment information — Apple (iOS) or Google Play (Android) handles all billing.

3. Information collected by Firebase Analytics

The App uses Google's Firebase Analytics (which is built on Google Analytics 4) to understand how the App is used. We do not use Firebase Analytics for advertising, attribution, audience export, cross-device tracking, or to feed Google's other products.

3.1 Consent — EU/UK

If you are in the European Economic Area, the United Kingdom, or Switzerland, Firebase Analytics is not initialized when the App first launches. The App will ask whether you consent to its use. The lawful basis for this processing is your consent (GDPR Art. 6(1)(a) and ePrivacy Directive Art. 5(3) for the local identifier).

You can change your choice at any time in App Settings → Privacy → Manage Analytics Consent. Withdrawal does not affect any processing that took place before withdrawal.

3.2 What Firebase Analytics collects

If you opt in (or if you are outside the EU/UK):

Pseudonymous identifiers: a Firebase App Instance ID (created by Google's SDK on your device). On iOS, your Identifier for Vendors (IDFV) is also captured. On Android, the App Set ID (a vendor-scoped identifier) is captured. Neither identifier ties to your real-world identity.
Standard events fired automatically by Google's SDK: first launch, app updates, OS updates, in-app purchases, screen views, and session start/end.
Custom events we log: voice generation requests, route analyses, geology description requests, audio cache hits, exploration sessions, and subscription paywall views.
Device and app context: app version, OS version, device model, language, and broad geographic region.

3.3 How Google handles this data

Per Google's documentation for Google Analytics 4:

For users in the European Union, Google drops your IP address at the network edge before logging the event, then derives only your country.
For users outside the European Union, Google may use the IP address for finer geolocation.
We have set Firebase Analytics data retention to 14 months. Data is permanently deleted at the end of that window.
We have disabled Google Signals (cross-device modeling) in EU/UK regions.
We have disabled the use of our Firebase Analytics data to improve other Google products and services.

3.4 What Firebase does not collect

iOS: we do not request App Tracking Transparency permission, and we do not collect Apple's IDFA (advertising identifier). Android: we do not declare the AD_ID permission and we do not collect Google's Advertising ID.
We do not use Firebase Crashlytics, Performance Monitoring, In-App Messaging, Remote Config, Cloud Messaging, or Firebase Authentication.

4. Location data

4.1 Permissions

The App asks for foreground ("When in Use" on iOS / "While Using the App" on Android) location access for navigation and exploration. If you grant background location access ("Always" on iOS / "Allow all the time" on Android), the App can play geology narration while your phone is locked or showing a different app.

4.2 How location is used

Your current coordinates are sent to the public Macrostrat geological database (operated by the Wisconsin Geological and Natural History Survey at macrostrat.org) to identify the rock formations beneath you. Macrostrat does not require an account; only coordinates are sent.
Your coordinates are reverse-geocoded on your device by the platform geocoder (Apple Core Location on iOS; Android's Geocoder API on Android) into a town or county name (e.g., "Boulder, Colorado") which is then included in the prompt sent to our server (see §2.1).
Routes you create are stored locally on your device for analysis. They are not sent to our server.
The home-screen widget caches your most recent location locally; this cache lives only on your device.

4.3 Location is personal data

For users in the EU/UK, location data linked to a device is personal data under GDPR. We rely on the legal basis of contract performance (GDPR Art. 6(1)(b)) for the location processing strictly necessary to provide the narration service you have asked for. The granularity used in our server-side prompt (town or county) is the minimum necessary to give the LLM enough context to write a good description.

5. How we use the information

To run the App. Generate narration, deliver audio, identify formations, navigate routes.
To enforce subscription limits. Counters on your device compare your usage to your tier.
To improve the geological output. We retain the prompt sent to the LLM and the response it returned in our database for up to 24 months, with no user identifier attached, for quality monitoring and to publish aggregate metrics ("X geology descriptions delivered this year"). See §7.
To monitor backend health. Our backend host (Cloudflare) keeps short-lived request logs for up to 7 days.
To understand product usage via Firebase Analytics, where you have consented or are outside the EU/UK.

6. Companies that process information for us

The following companies process information on our behalf when you use the App. They act as our processors and are not permitted to use the data for their own purposes.

Cloudflare, Inc. — hosts our backend (Cloudflare Workers, R2 object storage, D1 database, Workers AI). Cloudflare briefly processes your IP address at the network edge to route requests; it is not retained for our use beyond the 7-day Workers log window.
Google LLC — provides Firebase Analytics (where applicable, see §3) and the Gemini large language model (paid tier; your prompts are not used to train Google's models). Google Cloud also provides text-to-speech for some voices and geographic services for elevation and routing lookups on our server.
Microsoft Corporation — provides Azure Cognitive Services Speech (text-to-speech) for premium voices.
Apple Inc. (iOS users) — provides StoreKit for in-app subscriptions and CoreLocation for on-device geocoding. Apple sees your purchase but we never receive your payment information or Apple ID.
Google LLC — Google Play (Android users) — provides Google Play Billing for in-app subscriptions and the Android Location/Geocoder APIs. Google sees your purchase but we never receive your payment information or Google account details. (Google's separate role as our Firebase Analytics and Gemini provider is described above.)
Macrostrat (Wisconsin Geological and Natural History Survey) — public scientific data service queried for geological formations. We send only coordinates; no identifier accompanies the request.

7. Quality monitoring of LLM prompts and responses

To improve the quality of the geology narration, we record each prompt sent to the language model and the response it returned in our backend database. Each record contains:

The prompt text — which includes the town or county name reverse-geocoded from your location, your audience setting, and the geological context — but no identifier for you
The response text
Quality metrics calculated from the response (length, geological term density, audience appropriateness, content depth)
The timestamp, audience setting, context (exploration / navigation / overlook), client platform, and subscription tier

No identifier in the record connects it to you, your device, or your installation. Records are not joined with backend request logs. We retain these records for up to 24 months and then permanently delete them.

EU/UK: The lawful basis for this processing is our legitimate interest (GDPR Art. 6(1)(f)) in maintaining and improving the quality of the App's geological output. We have weighed this interest against your privacy and consider it proportionate because: no user identifier is stored, the location granularity in the prompt is town- or county-level, and you can object as described in §10.

8. International data transfers

Our backend runs on Cloudflare's global edge network. The companies named in §6 are headquartered in the United States and may process data there.

For transfers from the EEA, UK, or Switzerland to the United States, we and our processors rely on the following safeguards:

Google LLC — certified under the EU-US Data Privacy Framework, the UK Extension to the DPF, and the Swiss-US DPF.
Microsoft Corporation — certified under the EU-US Data Privacy Framework and its UK and Swiss extensions.
Apple Inc. — certified under the EU-US Data Privacy Framework.
Cloudflare, Inc. — certified under the EU-US Data Privacy Framework. Where data does leave the EU, Cloudflare also offers Standard Contractual Clauses (Commission Decision 2021/914).
Macrostrat — public scientific service hosted in the United States. Only coordinates are shared, with no associated identifier.

You can request more detail on any specific transfer by writing to support@backseatgeologist.com.

9. Data retention

On your device — until you delete the route, clear the cache, reset the App, or uninstall.
Prompts and responses on our server — up to 24 months, then permanently deleted (§7).
Server request logs (Cloudflare) — 7 days.
Curated gallery routes on our server — until removed by us.
Anonymous gallery download counts — up to 24 months.
Firebase Analytics events at Google — 14 months (the maximum we configure for the standard GA4 tier).

10. Your rights

10.1 Available to all users

Delete any saved route or downloaded audio in the App.
Reset all preferences from App Settings.
Withdraw or grant Firebase Analytics consent at any time (EU/UK users see a prompt at first launch; users elsewhere can disable analytics in App Settings → Privacy).
Uninstall the App to remove everything stored on your device.
Email us at support@backseatgeologist.com with any privacy question or complaint.

10.2 Additional rights for users in the EU, UK, and Switzerland

Under the GDPR, UK GDPR, and the Swiss Federal Act on Data Protection, you have the rights to:

Access the personal data we hold about you (GDPR Art. 15)
Rectify inaccurate data (Art. 16)
Erase your data (Art. 17)
Restrict processing (Art. 18)
Data portability in a structured, machine-readable format (Art. 20)
Object to processing based on legitimate interest (Art. 21) — including the prompt-quality monitoring described in §7
Withdraw consent at any time, where consent is the basis (Art. 7(3))
Lodge a complaint with your supervisory authority (Art. 77). For EEA users, find your country's authority at edpb.europa.eu/about-edpb/about-edpb/members_en. For UK users, the Information Commissioner's Office is at ico.org.uk. For Swiss users, the FDPIC is at edoeb.admin.ch.

Because the App does not require an account and does not generate a persistent identifier we can search on, the practical effect of an access or erasure request is usually that we hold no records linked to you specifically. If you believe a paid gallery purchase is associated with you, please include enough context (purchase date, Apple receipt or Google Play order ID) for us to investigate. We will respond within 30 days of receiving a verifiable request.

EU representative. We have not yet appointed an Article 27 representative in the European Union or a UK GDPR representative. If you are an EU/UK user with a concern that this raises, please contact us at support@backseatgeologist.com and we will respond directly.

To exercise any of these rights, email support@backseatgeologist.com.

11. Children

Backseat Geologist is intended for users aged 16 and older. We do not knowingly collect information from children under 16.

The App's "kids" audience setting tailors the content style of the narration for an adult listener who wants to share simpler descriptions with children riding along — it is not a mode for use by children themselves.

If you believe a child under 16 has used the App and provided information, please contact us so we can investigate.

12. Security

All network requests use TLS (HTTPS). On-device data is held in platform-managed secure storage protected by hardware-backed encryption when the device is locked (iOS Data Protection on iOS; Android File-Based Encryption on Android). Our backend on Cloudflare benefits from Cloudflare's standard security controls (DDoS protection, web application firewall, encrypted-at-rest storage). No system is perfectly secure, and we cannot guarantee absolute protection of any data we do retain.

13. Changes to this Policy

We will update this Policy when our practices change. Material changes will be highlighted in the App on first launch after the change takes effect, and the "Last Updated" date at the top will reflect when the change was made.

EU/UK: Material changes that depend on consent will require fresh consent before the new processing begins.

14. Contact

For privacy questions, complaints, or to exercise any rights described above:

Blake Morgan
2212 Oakawana Dr NE
Atlanta, GA 30345, USA
Email: support@backseatgeologist.com
Website: https://backseatgeologist.com

This App is built around a privacy-by-design principle: keep personal data on your device, where it belongs. Where data does leave your device, send the minimum necessary, link it to no one, and delete it when it is no longer needed.