Libelo — Privacy Policy

Effective date: April 25, 2026 

Last updated: April 29, 2026 

A note before the legal bit

We built Libelo because we love the natural world, and we think the best way to share it is to know you a little — what you're curious about, where you like to walk, what makes a route feel right for you. To do that, we look after some personal information about you.

We take that seriously. This Privacy Policy explains, honestly and in plain language, what we collect, why, what we do with it, who we share it with, and what you can ask of us. There is no hidden small print, and we have tried not to use weasel words.

If anything in here is unclear, write to us at info@libelo.app and we will explain.

1. Who looks after your information

The "data controller" — the company legally responsible for your personal data — is:

Libelo spółka z ograniczoną odpowiedzialnością ("Libelo sp. z o.o."), registered in the National Court Register (KRS) under number 0001225346 by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, with its registered office at ul. Władysława Pytlasińskiego 16/13, 00-777 Warszawa, Poland. NIP: 5214154016. REGON: 544044447. Share capital: PLN 125,000, paid in full.

Contact for privacy questions: info@libelo.app Postal mail: ul. Władysława Pytlasińskiego 16/13, 00-777 Warszawa, Poland

We are not currently required to appoint a Data Protection Officer under GDPR Art. 37, but we have an internal privacy lead reachable at the address above. If we appoint a DPO in the future, we'll publish their contact details here.

2. Who this policy is for

This policy applies to anyone who uses the Libelo app, our website at www.libelo.app, or contacts us. It applies whether you have an account or not.

You must be at least 16 years old to use Libelo. We don't knowingly collect personal data from people under 16. If you believe a younger person has signed up, please write to us and we'll close the account.

3. What we collect

We do our best to collect only what we need. Below is the full list — by category, with what's in it, where it comes from, and whether you have to give it.

3.1 Account and profile

Email address, display name, password (stored as a one-way hash, never in plain text).

Optional: profile photo, short bio, areas of interest (for example: "birds", "wildflowers", "long walks").

Language and region preferences.

You provide this directly. Email and password are required to have an account; the rest is optional.

3.2 Location

Precise location (GPS): when you tag an observation, plan a route, or use a feature that needs to know where you are.

Approximate location (from IP): to choose the right region, language, and content for you.

Precise location is collected only when you actively grant permission and only while you're using a feature that needs it (we do not track you in the background unless you turn on a feature that explicitly says we will, like a route in progress). You can revoke location permission at any time from your device settings.

3.3 Photos and other media you upload

Photos and any captions, notes, or tags you attach to them.

Image metadata (EXIF) embedded by your camera — this can include time and GPS coordinates. We strip GPS metadata from public sharing by default, but it's still associated with your private observation. You can choose to share, blur, or remove it.

3.4 What you do in the app (activity & preferences)

Observations you log, routes you save, places you bookmark, ratings you give.

Searches and filters you use.

Which screens, recommendations, and content you interact with — what you tap, scroll through, dismiss, or save. This is what feeds your personalised experience (more on that in § 5).

Reviews, comments, reports, and messages you send through the Service.

3.5 Device, technical, and diagnostics

Device type, OS version, app version, language, time zone, screen size, performance and crash logs.

Limited identifiers — for example, an installation identifier we generate, or the advertising identifier on your device (only if you've allowed it under Apple's App Tracking Transparency or Google's equivalent settings).

Network information — IP address, mobile carrier, connection type.

3.6 Payments, subscriptions, donations

When you buy something or donate:

Apple / Google / our payment processor handles the card details. We don't see them.

We receive a transaction record (amount, currency, date, plan, anonymous transaction reference) and your billing country for tax.

3.7 Communications with us

When you write to us, we keep your message and our reply, so we can help you and so the next person on our team has context.

3.8 Information we get from others

From the App Store and Google Play: install confirmations, anonymised analytics about installs and uninstalls.

From advertising and analytics partners listed in the Cookie and Tracker Notice: aggregated reports about how ads or features perform.

We do not buy personal data from data brokers and we don't enrich your profile from external sources.

4. Why we use your information, and on what legal basis

Under GDPR, we have to have a "legal basis" for every use of your data. Here is the full picture, in plain words:

What we do with itWhyOur legal basis

Create and run your account; let you sign in; sync your stuff between devices

We need this to give you the app you signed up for

Performance of the contract between us (Art. 6(1)(b) GDPR)

Show maps, routes, and observations near where you are

Same reason

Performance of the contract (Art. 6(1)(b))

Process payments, donations, refunds

Same reason

Performance of the contract (Art. 6(1)(b)) and legal obligation for tax & accounting (Art. 6(1)(c))

Personalise the experience (see § 5)

To make the app more useful to you specifically

Legitimate interests (Art. 6(1)(f)) — to provide a relevant, helpful product. You can object at any time

Improve the app, fix bugs, develop new features, run analytics

To make Libelo better for everyone

Legitimate interests (Art. 6(1)(f))

Show advertising, including personalised advertising where allowed

To support a free version of the Service

Consent (Art. 6(1)(a)) for personalised ads and tracking SDKs; legitimate interests (Art. 6(1)(f)) for non-personalised, contextual ads

Send you push notifications, emails about your activity, product news

To keep you informed about what you signed up for

Performance of the contract for transactional messages; consent (Art. 6(1)(a)) for marketing messages

Keep the Service safe — prevent fraud, abuse, illegal content

We have to, and we want to

Legitimate interests (Art. 6(1)(f)) and legal obligation under the Digital Services Act (Art. 6(1)(c))

Comply with law enforcement, tax authorities, or court orders

We have to

Legal obligation (Art. 6(1)(c))

Defend legal claims

To protect ourselves and our users

Legitimate interests (Art. 6(1)(f))

You can ask us at any time how we balanced our legitimate interests against your rights and freedoms — write to us at info@libelo.app.

5. Personalisation — the part you should read carefully

You asked us to know you. So here is exactly how that works.

5.1 What we mean by personalisation

Libelo learns from how you use the app — which routes you save, which species you log, which recommendations you accept or skip, what time of day and what kind of terrain you prefer. From these signals, we build a model of what kind of nature experience you seem to enjoy, and use it to suggest new routes, species, or places that may resonate with you.

5.2 Anonymous, pseudonymous, and what's actually true

We want to be honest with you. You may have seen us, or other apps, describe profiling as "anonymous". In our case, that's not quite the right word.

Your personalisation profile is pseudonymous: it is tied to an internal identifier rather than to your name or email, and engineers working on the recommendation system do not see your contact details. But it is still linked back to your account, because that's how it personalises your experience. Under GDPR, that makes it personal data, and we treat it as such.

What we do not do:

We don't sell your personalisation profile.

We don't share your raw activity with advertisers or data brokers.

We don't try to infer sensitive things about you (your health, religion, political views, sexuality, ethnicity). If you tell us those things in a comment or photo, we treat them with extra care, but we don't proactively guess them.

5.3 Automated decisions

The recommendations Libelo shows you are automated in the sense that a machine generates them — but they have no legal or similarly significant effect on you. They're suggestions, not decisions about you. So GDPR Article 22 (which restricts automated decisions with legal effect) does not apply.

Because these are suggestions, not authoritative answers, you should not rely on them for safety, identification of plants or animals, foraging, medical, navigational, or other decisions where being wrong could cause harm. The Terms of Use (§ 13.1) explain this in detail and set out important rules about what our recommendations are not — please read them. Never eat, handle, or medicate based on a recommendation from the app.

If we ever introduce a feature where an automated decision would have a significant effect (for example, an automated content-moderation decision that suspends your account), we'll tell you, give you a way to ask a human to review it, and explain the logic involved.

5.4 How to turn it off

You can:

pause personalisation in Settings → Privacy → Personalisation;

delete your activity history;

export your profile and observations;

close your account, which deletes the personalisation profile.

6. Who we share your data with

We share data only with parties who help us run the Service, and only with what they need.

6.1 Service providers (processors)

These are companies that process data on our instructions, under written agreements that meet GDPR Art. 28 requirements:

CategoryWhyExamples

Cloud hosting & databases

To run the app

[PLACEHOLDER: e.g. Amazon Web Services / Google Cloud / Hetzner]

Crash reporting & diagnostics

To find and fix bugs

[PLACEHOLDER: e.g. Sentry, Firebase Crashlytics]

Product analytics

To understand which features work

[PLACEHOLDER: e.g. Amplitude, PostHog]

Push notifications & email

To send you messages you've asked for

[PLACEHOLDER: e.g. Firebase Cloud Messaging, Postmark]

Customer support tooling

To respond when you contact us

[PLACEHOLDER]

Payments

To take and refund payments

Apple, Google, [PLACEHOLDER: e.g. Stripe]

Maps & geographic data

To show maps and routes

[PLACEHOLDER: e.g. Mapbox, OpenStreetMap]

Advertising (only where you have consented to ad personalisation)

To support free use of the app

[PLACEHOLDER: e.g. Google AdMob]

The current list of SDKs we embed is in the Cookie and Tracker Notice, which we keep up to date as we add or remove tools.

6.2 People who can see your shared content

If you choose to make an observation public, your username, photo, notes, and the (general) location are visible to other Libelo users and may be visible to anyone visiting our website. You can keep observations private; that's the default setting where the law requires it.

6.3 Authorities

We share data with public authorities only when we have to under law — for example, in response to a valid court order or a duly authorised law-enforcement request. We push back on overbroad requests, and we publish a transparency note if there are meaningful trends to report.

6.4 In the event of a corporate change

If the company is sold, merged, or restructured, your data may transfer to the buyer. We'll tell you in advance, and the buyer must respect this Privacy Policy — or give you a way to object before any change.

7. International transfers

We try to keep your data inside the European Economic Area (EEA). Some of our service providers, however, are based in the United States or other countries.

When personal data leaves the EEA, we rely on safeguards approved under GDPR Chapter V — most often:

the European Commission's Standard Contractual Clauses;

the EU-US Data Privacy Framework (where the US recipient is certified);

supplementary technical measures, such as encryption and pseudonymisation.

You can ask us for a copy of the safeguards by writing to info@libelo.app.

8. How long we keep your data

We keep data only as long as we need to. The exact period depends on the category and the legal basis. As a guide:

Account data — while your account is open, plus a short tail after closure (typically up to 30 days for backups to roll over).

Private observations and content you posted — until you delete them or close your account, then removed on the same timeline.

Public contributions to the Libelo Community record — see § 8.1 below.

Personalisation profile — refreshed continuously while you use the app; deleted when you close your account or pause personalisation.

Payment and tax records — at least 5 years from the end of the tax year, as required by Polish accounting law (Ustawa o rachunkowości).

Customer support correspondence — up to 3 years from your last message to us.

Logs and diagnostics — typically up to 90 days, anonymised after that.

Marketing consent records — until you withdraw consent.

When the period ends, we either delete the data or anonymise it irreversibly so it can no longer identify you.

8.1 Public contributions to the Libelo Community record

When you actively choose to make an observation, photo, or natural highlight public, your contribution becomes part of the Libelo Community record — a shared body of nature observations from across our community that helps people learn about and care for the natural world.

After you delete your account, we keep these public contributions, in anonymised form, as part of that community record. We do this on the basis of our legitimate interests under Art. 6(1)(f) GDPR, and we rely on the exceptions to the right to erasure in Art. 17(3)(a) and Art. 17(3)(d) GDPR — freedom of expression and information, and archiving in the public interest. Maintaining a community record of biodiversity observations is a recognised public-information purpose, and we have documented this assessment internally.

In practice, when you delete your account, for each public contribution we:

sever the database link between you and the contribution;

strip identifying metadata, including EXIF camera data and precise GPS coordinates, replacing the latter with a coarser location grid where appropriate;

where photos contain identifiable people, remove those photos or apply blurring;

attribute the contribution as "Anonymous contributor" or leave it without attribution — we do not credit Libelo as the author.

You can ask us to delete any specific public contribution at any time, before or after you delete your account, by writing to info@libelo.app or by using the in-app "Delete this contribution" option on the contribution itself. We honour these requests promptly. The legitimate-interest basis above does not override your right to ask us to remove a specific contribution.

If you keep an observation private (the default for content where we ask), it is treated like account data and is removed when you delete your account.

9. Your rights

Under GDPR, you have the following rights. We honour them all, free of charge, normally within one month of your request.

Right of access (Art. 15) — ask us what data we hold about you and get a copy.

Right to rectification (Art. 16) — fix data that's wrong or incomplete.

Right to erasure / "to be forgotten" (Art. 17) — ask us to delete your data, in the situations the law allows.

Right to restrict processing (Art. 18) — ask us to pause processing in certain circumstances.

Right to data portability (Art. 20) — get your data in a machine-readable format and have it sent to another service where technically feasible.

Right to object (Art. 21) — object to processing based on our legitimate interests, including personalisation. We'll stop unless we have an overriding lawful reason. You can object to direct marketing at any time, no questions asked.

Right not to be subject to a solely automated decision with legal or similarly significant effect (Art. 22) — see § 5.3.

Right to withdraw consent (Art. 7(3)) — where we rely on your consent, you can withdraw it at any time. This doesn't undo what was lawful before the withdrawal.

To use any of these rights, write to info@libelo.app or use the in-app Privacy screen. We may need to verify your identity before responding.

If you're unhappy with how we've handled your data, you can complain to:

the President of the Personal Data Protection Office in Poland (Prezes Urzędu Ochrony Danych Osobowych — UODO), https://uodo.gov.pl;

the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données), https://www.dataprotectionauthority.be;

the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), https://autoriteitpersoonsgegevens.nl;

or your local supervisory authority if you live elsewhere in the EEA.

We'd really appreciate the chance to fix things first, but it's your call.

10. How we keep your data safe

We protect data with measures appropriate to the risk, including:

encryption of data in transit (TLS) and at rest;

pseudonymisation of personalisation profiles;

access controls — only employees who need to see data can see it, and access is logged;

secure development practices and routine code review;

security testing of the app and infrastructure;

vendor due diligence and written data processing agreements;

a documented response plan if something goes wrong.

If a data breach happens that's likely to risk your rights or freedoms, we'll tell the Polish supervisory authority within 72 hours and tell you without undue delay, as GDPR requires.

No system is perfectly safe. Help us by using a strong, unique password and keeping your device secure.

11. Cookies, SDKs, and trackers

The Libelo app and website use a small number of cookies and SDKs — for things that are strictly necessary, for analytics, and (where you've consented) for advertising. These are described in detail in our Cookie and Tracker Notice, and you can manage your choices any time in Settings → Privacy → Ads & analytics or via the in-app consent banner.

12. Changes to this Privacy Policy

We update this policy when we change how we handle data, or when the law changes. Meaningful changes will be announced inside the app and by email at least 15 days before they take effect, with a clear explanation of what changed and why. The current version is always available at www.libelo.app/privacy.

13. How to reach us

For anything privacy-related:

Email: info@libelo.app

Postal mail: ul. Władysława Pytlasińskiego 16/13, 00-777 Warszawa, Poland

In-app: Settings → Privacy → Contact privacy team

We aim to reply within 7 working days, and always within 1 month for formal data-protection requests.

Thank you for trusting us with your time outdoors. We'll work to keep deserving it.

— The Libelo team