Privacy Policy
Last updated: June 15, 2026
Who we are
Campound is published by Zombo Software, LLC, based in the United States. Questions about this policy or your data: privacy@campound.com.
What the app collects
Things that stay on your device
By default, the following never leave your iPhone, iPad, or Apple Watch:
- Map tiles and offline data. Downloaded basemaps, trail data, and PMTiles archives are cached locally so the app works without a signal.
- Photos. Photos you take inside Campound, and the location they were taken at, are stored in the app's private storage on your device. Thumbnails go in local app storage; full-resolution originals go in the app's Filesystem area.
- Watch captures. Waypoints and tracks captured on Apple Watch are transferred to the phone over Apple's WatchConnectivity (it stays on-device) and then handled like any other capture.
- App preferences. Map layer toggles, basemap choice, and other settings.
Things synced to your account (only if you sign in)
Creating an account is optional. If you sign in, the following are synced to your account via Supabase so they're available on your other devices:
- Email address and password. Used to sign you in. Passwords are hashed by Supabase; we never see the plaintext.
- Favorites. Campsites, routes, and points you've saved, with any star rating you've given them.
- Custom features. Points and lines you've drawn on the map.
- Trips. Trip names, date ranges, and any notes you've added.
- Dictionary entries. Custom attributes you've added to map features.
- Profile. A minimal profile record tied to your account.
Photos are not synced to your account today. If that changes, this policy will be updated before sync ships.
Device permissions the app asks for
- Location (While Using and Always). Used to show your position on the map, navigate to destinations, and — for active navigation sessions — keep your position updated when the app is in the background or the screen is locked. Location is not sent to our servers. It is sent to Mapbox only when you actively request directions, and to Apple as part of standard location services.
- Camera. Used only when you tap to take a photo inside the app. Photos go straight into the app's private storage.
- Photo Library. Used only when you choose an existing photo to attach to the map.
- Local Network. Used in development builds to reach a local map data server on the same Wi-Fi network. You can deny this without losing app functionality on the App Store version.
Third-party services we use
Campound is built on top of a few external services. Each handles a specific job; none of them get a profile of you. Their privacy policies govern what they do with the data they receive:
- Supabase — hosts your account, your synced favorites/trips/custom features, and the authentication system. Only used if you create an account. supabase.com/privacy
- Mapbox — provides paved-road map tiles and turn-by-turn directions when you request them. Mapbox sees the bounding box of the area you're viewing and (for directions) your start/end coordinates. mapbox.com/legal/privacy
- Recreation.gov / RIDB — the U.S. government's public reservation data API, used to look up campsite availability. We send the facility you're looking at; they don't get your identity. recreation.gov/privacy-policy
- Open-Elevation — a free public elevation API used to build elevation profiles. We send coordinates along a route; nothing identifying.
- Apple — App Store delivery, sign-in (if you use Sign in with Apple in the future), CoreLocation, and Apple Watch connectivity all run through Apple's platform services. apple.com/legal/privacy
What we do not do
- We do not run analytics, A/B testing, or attribution SDKs.
- We do not run crash reporting that includes personal data.
- We do not run ads or advertising identifiers.
- We do not sell, rent, or share your data with data brokers.
- We do not track you across other apps or websites.
Children
Campound is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has signed up, email privacy@campound.com and we'll delete the account.
How long we keep your data
On-device data sticks around until you delete it or uninstall the app. Synced account data stays until you delete it or delete your account. You can delete individual items inside the app (favorites, trips, custom features, photos) at any time.
Your rights
You can:
- Access — export your captured points, lines, and photos from inside the app as a
.campoundarchive (GeoJSON plus original images). - Delete — delete individual items in the app, or email privacy@campound.com to request account deletion. Account deletion removes synced records associated with your account.
- Correct — edit your data directly inside the app.
If you're in the EU/UK (GDPR) or California (CCPA), you have additional rights to access, port, correct, delete, and object to processing of your personal data. Send the request to privacy@campound.com and we'll respond within 30 days. We don't sell personal information.
Security
Account data is transmitted over HTTPS and stored on Supabase's managed infrastructure with at-rest encryption. Passwords are hashed by Supabase; no one — including us — can read them. No system is perfect; if we ever learn of a breach affecting your account, we'll notify you.
International transfers
Campound is operated from the United States. If you use the app from outside the US and sign in, your synced data is processed and stored on Supabase's US infrastructure.
Changes to this policy
If this policy changes in a material way, we'll update the "Last updated" date at the top and — for material changes affecting signed-in users — notify you in the app before the change takes effect.
Contact
Questions, requests, or concerns: privacy@campound.com.