Last updated: April 3, 2026
IsoMaps ("we", "us", or "our") operates the website https://www.iso-maps.com and the IsoMaps mobile applications for iOS and Android (collectively, the "Service").
This Privacy Policy explains what data we collect, how we use it, and what rights you have. We designed IsoMaps with privacy as a core principle: no ads, no third-party trackers, no sale of your data. For a detailed, auditable breakdown of every service we use, visit our Transparency page.
When you create an account, we collect your name and email address. You may also optionally provide a public display name, date of birth, phone number, and profile picture. If you sign in via Apple or Google, we receive only the information you authorize (typically name and email).
When you create or import traces, we store the GPS track, distance, elevation, duration, and any associated metadata (activity type, name, heart rate if available). This data is yours — we use it solely to provide the Service.
Our mobile apps send basic device information (operating system, app version, language preference) so we can provide technical support and monitor app compatibility. We do not collect hardware identifiers or advertising IDs.
Web: We use Matomo, a self-hosted, open-source analytics tool hosted on our own infrastructure (stats.iso-maps.com). Your data never leaves our servers. Matomo is loaded only with your consent via our cookie manager (Tarteaucitron.js).
Mobile apps: We use TelemetryDeck, a privacy-first analytics service that collects anonymous, aggregated usage signals. No personal data or IP addresses are transmitted.
Payments are processed by Stripe (web) and Apple StoreKit (iOS). We never see or store your payment card details. These processors are PCI-DSS compliant.
When you connect a third-party fitness service to your IsoMaps account, we import activity data (GPS tracks, distance, duration, heart rate) solely to display it within our Service.
This data is not shared with, transmitted to, processed by, or otherwise made available to any third party, including but not limited to:
This restriction applies to all data obtained via third-party fitness APIs, whether raw, derived, aggregated, or transformed, and regardless of whether the data is stored persistently or processed transiently.
You may disconnect a third-party fitness service at any time from your account settings. Upon disconnection, we stop importing new data. You may also request deletion of previously imported data by contacting us.
We use your data exclusively to:
We do not use your data for advertising, profiling, behavioral targeting, or training AI models.
We do not sell, rent, or trade your personal data. We share data only with:
Apart from the natural-language search described in section 4bis (which sends only a short query and an approximate location to Anthropic, never linked to your identity), none of these providers receive your GPS data, traces, or fitness data.
Our optional search bar lets you type or speak a request in plain language (for example "weather in Chamonix tomorrow" or "my last bike rides"). To understand your request, we send the text of your query to Anthropic (Claude), an AI provider based in the United States, and, when available, an approximate location rounded to about 1 km. The approximate location is sent only so the assistant can understand relative requests such as "weather around me" or "rides near here" without you having to name a place; the precise location is never sent (it stays on our servers to compute the actual results). No identifier is attached (no name, email, account ID, traces, or fitness data), so the request cannot be linked to your identity. Anthropic does not use this data to train its models and retains it for at most 30 days for abuse monitoring.
If you use voice input, the audio is sent to our own self-hosted transcription server (in Switzerland), never to a third party such as Apple or OpenAI, where it is converted to text and immediately discarded (the recording is not stored). Your current location is sent with it so the server can better recognise nearby place names (summits, villages, passes); it is used only for that, on our own server, and is not stored. The resulting text is then processed as described above. If that server is unavailable (for example when you are offline), the app falls back to on-device transcription, and the audio never leaves your phone. Your search queries are also stored on our own servers in France for up to 90 days to monitor and improve the feature, then automatically deleted. Your imported fitness data and traces are never sent to any AI service (see section 2).
We use a strict minimum of cookies:
We do not use third-party cookies. Matomo analytics is loaded only with your explicit consent. You can manage your preferences at any time by clicking the cookie banner.
Your data is stored on dedicated servers hosted by OVH in France. We do not use AWS, Google Cloud, or Azure. All connections are encrypted via TLS (Let's Encrypt certificates). Sensitive fields (phone numbers, date of birth, OAuth tokens) are encrypted at rest in the database.
We do not use any external error tracking services (no Sentry, Bugsnag, etc.). Logs stay on our servers.
We retain your data for as long as your account is active. If you delete your account, we delete your personal data and traces. Some anonymized, aggregated data may be retained for statistical purposes.
We build a community heatmap that shows where IsoMaps users go, displayed as a togglable layer on the map. The heatmap is delivered as pre-rendered raster image tiles (WebP): no raw GPS coordinates are ever sent to the browser, only the rendered pixels of the aggregated density.
Protections built into the pipeline:
Note on activity visibility: the visibility setting of an activity (Public / Friends / Private) controls who can see it in your profile and social feed. By default, new activities (including those imported automatically from a connected service such as Garmin, Suunto, Polar, Strava or Wahoo) are set to "Friends", meaning they are visible only to the users you have explicitly added as friends in iso-maps. You can change this default at any time from your Privacy settings, and override the visibility of any individual activity from its edit page. The default applies to activities created or imported after this setting is in effect; activities created earlier keep the visibility they had at creation time. The visibility setting does not automatically exclude the activity from the anonymized community heatmap, since the heatmap aggregation never reveals individual identity. To exclude an activity from the heatmap, use the dedicated heatmap opt-out at the user level (Privacy settings) or at the activity level (activity edit page).
The aggregated heatmap tiles are rebuilt weekly on Sundays. They do not contain user identifiers, timestamps, or any link back to individual activities or users.
Under GDPR and applicable law, you have the right to:
You can exercise most of these rights directly from your account settings. For requests we cannot handle automatically, contact us and we will respond within 30 days.
The Service is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. The "Last updated" date at the top of this page indicates when the policy was last revised.
If you have any questions about this Privacy Policy or want to exercise your rights, contact us at help@iso-maps.com.
For a complete, auditable list of every tool, service, and technology used by IsoMaps, see our Transparency page.
Try Iso Maps free for 7 days. Available on iOS and Android.
