Privacy Policy
Effective date: 7 July 2026 · Last updated: 7 July 2026
The short version
Lapė is a free map app for discovering interesting places around the Baltics. We built it to be private by default:
- No account, no login, no sign-up. We don’t know who you are.
- No ads, no advertising IDs, no cross-app tracking. We don’t show the system tracking prompt because we don’t track you across other apps or the web.
- Your saved places, visited marks, settings, and last map position stay on your device. They are never uploaded to us and never linked to an identity.
- We don’t sell your data. Ever.
- The only things that leave your device are: anonymous usage statistics, anonymous crash diagnostics, and the map/search/place-name requests needed to draw the map and answer your searches.
The rest of this page explains exactly what those are.
1. Who we are
Lapė is operated by srauna (company code 308021501), a company established in Lithuania (European Union).
For any privacy question or request, contact us at [email protected].
For the purposes of the EU General Data Protection Regulation (GDPR), srauna is the data controller for the limited processing described below.
2. What we process, why, and on what legal basis
a) Your device location (GPS)
What: Your approximate or precise device location, if — and only if — you grant the location permission.
Why: To centre the map on where you are, show nearby places, bias search results to your surroundings, and (when you long-press to drop a pin) look up the nearest street or place name.
How it’s used:
- Your location is used on your device to position the map and detect which country you’re in.
- When you search or drop a pin, the relevant coordinates are sent to our
own geocoding service (
geo.lape.bluesoftas.lt, hosted in the EU) to turn coordinates into place names and to find matching places. These lookups are not stored against you and not linked to any identity or account.
Legal basis: Your consent (the operating-system location permission), which you can withdraw at any time in your device settings. The app works without location — you just lose the “centre on me” and nearby-biasing conveniences.
b) Approximate location from your IP address
What: Whenever the app fetches map tiles, images, or search results over the internet, the receiving server necessarily sees your IP address, which implies a coarse geographic area.
Why: This is an unavoidable technical property of any internet request and is used only to deliver content and to protect the service from abuse.
Legal basis: Legitimate interest in operating and securing the service.
c) Anonymous usage statistics
What: Aggregate, anonymous product-analytics events — for example “app opened”, “a filter was changed”, “a place was saved”, “search was used”, along with coarse context like the app language and platform (iOS/web).
What it never contains: No name, email, account, device identifier, advertising ID, precise location, or the text you type into search. Events carry coarse category labels, true/false flags, and at most a public identifier of the map content involved (for example the Wikidata ID of a place shown in a collection) — never anything that identifies you.
Who processes it: Aptabase, on their EU-region infrastructure.
Why: To understand which features are used so we can improve the app.
Legal basis: Legitimate interest in improving the app, balanced against the minimal, non-identifying nature of the data.
d) Anonymous crash and error diagnostics
What: Technical information about crashes and errors — error type, a stack trace, app version, and OS version.
What it never contains: We explicitly disable the collection of personal information in crash reports.
Who processes it: Sentry, on their EU-region infrastructure.
Why: To find and fix bugs and keep the app stable.
Legal basis: Legitimate interest in a reliable, secure app.
e) Content delivery (map, images, articles)
What: Requests for map tiles, map sprites, curated trails, and place photos are served through our content delivery network (Cloudflare) and our servers. Standard server logs may briefly record the request, timestamp, and IP address.
Why: To actually draw the map and show place information, and to defend the service against attacks.
Legal basis: Performance of the service and legitimate interest in security.
f) Data stored only on your device
What: Your saved lists and bookmarks, “visited” marks, filter and language settings, and your last map position.
Where it lives: only on your device, in the app’s local storage. It is never transmitted to us, never linked to an identity, and is removed when you delete the app. Because there is no account, this data does not sync between devices.
3. When you choose to leave the app
Some actions hand you off to a third-party service. When you tap them you leave Lapė, and that service’s own privacy policy applies:
- “Tell me more” (AI answer): Opens a Google search in your browser to get an AI-written description of the place. The search text we build includes the place name, its approximate coordinates, and your chosen answer language. Once the browser opens, you are on Google’s service under Google’s Privacy Policy.
- Navigation: Opens Apple Maps, Google Maps, or Waze (your choice) with a pin on the place’s coordinate.
- Feedback: Opens lape.featurebase.app, a third-party feedback board.
- Source links: A place card may link out to Wikipedia. The article text and photos you see inside the app are cached copies served from our own content network — Wikipedia/Wikimedia only receives a request from you if you tap through to the original source.
We don’t control these services and aren’t responsible for their processing.
4. Sub-processors and third parties
These parties may receive your requests (and therefore your IP address) as part of delivering the app:
| Service | Purpose | Region |
|---|---|---|
| Cloudflare | Map/content delivery, security (CDN, Workers, R2 storage) | EU jurisdiction |
| Hostinger | Hosting of our geocoding/search server | EU |
| Aptabase | Anonymous usage analytics | EU |
| Sentry | Anonymous crash diagnostics | EU |
We keep processing inside the EU wherever we control it.
Place articles and photos originate from Wikipedia / Wikimedia Commons but are served to the app as cached copies from our own content network, so Wikimedia does not receive your requests during normal browsing. The optional hand-offs in section 3 (Google, Apple, Waze, Featurebase) are operated by their respective providers and only receive data when you choose them.
5. What we do NOT do
- We do not require or offer an account, and we do not collect your name, email, or phone number.
- We do not use advertising, ad networks, or advertising identifiers, and we do not track you across other apps or websites (so the app does not show Apple’s App Tracking Transparency prompt).
- We do not build user profiles.
- We do not sell, rent, or trade personal data.
6. Data retention
- On-device data (bookmarks, settings, etc.): kept until you delete it or uninstall the app.
- Server/CDN logs: retained only briefly for operations and security, then rotated out.
- Analytics and crash data: anonymous and aggregate; retained per the processors’ standard retention, and not tied to you.
7. Your rights
Under the GDPR you have rights to access, correct, delete, restrict, and object to the processing of your personal data, and to lodge a complaint with a supervisory authority (in Lithuania, the State Data Protection Inspectorate, vdai.lrv.lt).
Because Lapė holds no account and no data that identifies you, in most cases there is nothing personal for us to look up or delete on our servers — the data about you lives on your own device and is under your control. If you believe we process anything relating to you, email [email protected] and we’ll help.
8. Children
Lapė is a general-audience travel and discovery app. It is not directed at children and does not knowingly collect personal data from anyone, of any age.
9. Security
We use encrypted connections (HTTPS/TLS) for all network traffic, restrict our servers to our content-delivery network, and minimise the data we collect so there is little to protect in the first place.
10. Changes to this policy
If we change how the app handles data, we will update this page and its “Last updated” date. Material changes will be highlighted in the app or on this page.
11. Contact
srauna
Email: [email protected]
Website: srauna.lt