BUCKUP. Download
LEGAL · LAST UPDATED 2026-05-21 · POLICY v1.1

Privacy Policy.

BuckUp is built privacy-first. Sign-in is optional, your sessions and photos stay on your iPhone unless you choose to sync, and your coordinates are never sold to advertisers.

BuckUp ("we", "us", "the app") is a mobile altimeter and session-logging app for iOS, built and published by Michael Leger. BuckUp keeps your sessions on your device. Sync is opt-in. This policy explains what we collect, why, and what we never do.

1. The short version

  • We do not sell your data. Not to advertisers, data brokers, aggregators, or anyone else.
  • We do not track you across other apps or websites.
  • Your location never leaves your device. Coordinates are used only to compute GPS altitude on the Gauge screen, in memory.
  • Your trip data stays on your iPhone. Saved peaks, your rig profile, and your session log live in local on-device storage.
  • Per-session photos save locally first. Even when signed out. Photos sync to your account on next launch if you choose to sign in.
  • Signing in is optional. An account ties your Apple ID, Google account, or email to a user identifier so you can restore your in-app purchases on a new device.
  • You can delete your account at any time from inside the app. Deletion is server-first and irreversible.

2. What we collect

Always (whether or not you sign in):

  • Barometric altitude readings from your iPhone's pressure sensor (CMAltimeter), used to compute vertical gain during a session. Stays on your device.
  • GPS location (when you grant permission), used to compute absolute altitude for the Gauge display. Never transmitted off-device.
  • Session data — altitude peaks, gain, duration, optional peak name, your registered rig — stored locally via Apple's SwiftData framework.
  • Per-session photos (Build 51 onward) — when you attach a photo to a Buck Log entry, it's stored locally first. Synced to your account on next launch only if you're signed in.
  • Diagnostics — Not Linked to You via Sentry crash reporting and Sentry Session Replay (50% sample on TestFlight, 5% post-launch, 100% on error). The Sentry SDK runs with sendDefaultPii = false (no IP capture) plus a beforeSend scrubber (strips user identifiers), and Session Replay runs with maskAllText = true + maskAllImages = true — replays carry only screen geometry and tap locations, never your photos, callsign, peak names, or any other on-screen text. Used solely for identifying and fixing bugs.

Only if you sign in:

  • Your email address (or Apple "Hide My Email" relay alias).
  • A user identifier (UUID) generated by Supabase.

Only if you make a purchase:

  • A transaction receipt from Apple's StoreKit. We never see your credit card number.

3. What we never collect

  • Contact list, microphone, camera (only PhotosPicker for the attach), HomeKit, Health data.
  • Your precise location stored on our servers.
  • Advertising identifiers (IDFA) or tracking identifiers of any kind.
  • Browsing history or behavior in other apps.

4. How we use it

  1. Running the app: computing altitude, saving your log, showing your history, driving the widget and Live Activity.
  2. Authenticating you across launches and devices so your purchase unlocks restore on a new phone.
  3. Fixing bugs and crashes via Sentry, with all text and all images masked in any captured Session Replay (no user identifiers, no IP, no on-screen text).

5. Where it lives

On your device: session data, saved peaks, rig profile, callsign, per-session photos, and Buck Shots.

On our authentication backend (only if you sign in): email, user identifier, federated identity link. Hosted on Supabase (US).

All transmission encrypted with TLS. We never store passwords.

6. Sharing

  • Supabase — authentication processor.
  • Sentry — crash reporting and Session Replay (all text + all images masked, no user identifiers attached).
  • Apple — purchase receipt verification.
  • Google — only if you choose Google Sign-In, only the OAuth handshake.
  • Legal compliance — only on valid court order.

7. Your rights

  • Export your data — Buck Log lives in local SwiftData. Use iCloud Backup, or contact us for a JSON copy.
  • Sign out from Settings. Local data stays intact.
  • Revoke location or motion permission — iOS Settings → BuckUp.

8. Account deletion

Delete your account anytime from Profile tab → gear icon → Account Actions → Delete Account. Type DELETE to confirm. The Edge Function verifies your token, best-effort revokes your Apple sign-in, deletes your server record, then BuckUp wipes local data on next launch. Server-first, irreversible.

9. Children

BuckUp is not directed at children under 13. We do not knowingly collect data from children under 13.

10. Changes

If we update this policy, we'll update the date at the top. Material changes are surfaced in-app before they take effect.

11. Contact

Privacy questions, data export requests, or account deletion issues:

admin@buckup.app