Privacy & User Data

Last updated: May 2, 2026

Wanderpedia is an iPhone app, and it is built around a simple idea: you should be able to take a walk and hear a story about where you are without anyone — including us — building a profile of where you go. This page explains, in plain language, exactly what happens to your data when you use the app.

The short version. We do not have user accounts. We do not ask for your name, email, or any login. We never store your location tied to you. We do not use advertising or analytics trackers. The server briefly looks at your location to pick a nearby Wikipedia article, and then forgets that it was you who asked. We do remember a few things about your preferences — likes, dislikes, and articles you have already heard — but those live only on your iPhone, and never get attached to your identity on our servers.

What we store about you on your own device

To make the app work well, we save a small amount of information locally on your iPhone (in the app's own private storage, using standard iOS APIs). This data never leaves your device in a form that identifies you, and you can wipe it at any time by deleting the app or using the “Clear history” controls inside it.

Articles you have already heard, with the latitude and longitude where you heard them and a timestamp — so we can avoid replaying the same story and so old entries can be pruned after about six months.
Articles you have liked or disliked, so the player can show your reaction next time the article comes up.
A small bookkeeping record of which of those reactions have already been counted in our global tallies, so we don't double-count if you reload the page.

This is genuinely user-specific information — it reflects your listening history and your taste. The point is that it lives on your device, under your control, not in an account on our servers.

What we don't do

No accounts. There is nothing to sign up for. We have no username, no email, no password — there is no “you” in our database.
No tracking cookies. We do not set cookies or device identifiers to follow you across visits.
No advertising trackers. There are no third-party ad networks, pixels, or analytics SDKs embedded in the app.
No location history. We do not keep a log of the places you have been.
No selling data. There is no user data to sell, and we would not sell it if there were.

How your location is used

When you tap play, iOS asks for permission to share your location with the app (you can refuse — but the app needs a location to find a nearby story). Your latitude and longitude — plus, if you are moving fast enough, your speed and heading so we can look slightly ahead of you — are sent to our server in a single request.

The server uses that location for one thing: to ask Wikipedia what articles exist near that spot, score them by relevance and popularity, and pick one to narrate. Once an article is picked, your location is no longer needed and is not retained against any identifier for you.

Server logs do briefly record the coordinates of the request along with timing information, the same way most servers log requests. These logs are used to debug problems and measure performance, are not joined to any user identity, and roll off automatically.

The app continues to use your location while it is playing in the background (for example, while your iPhone is locked in your pocket during a walk or drive) so that the next story can be queued up at the right place. iOS will show a blue indicator in the status bar whenever this is happening. When you stop the tour, location access stops too.

What we do cache (and why it isn't about you)

To keep the app fast and to be polite to Wikipedia's servers, we keep two caches:

An article cache. When we look up a Wikipedia article, we save its title, a summary, image links, latitude/longitude, and how popular it is. This is information about the article, not about the person who looked it up.
A “searched areas” cache. We remember which geographic boxes we have already asked Wikipedia about, so the next person whose location falls inside one of those boxes does not trigger a redundant lookup. These are anonymous boxes on a map. They are not labeled with who searched them.

Neither cache contains a user ID, an IP address, a session ID, or any other way to trace an entry back to a specific person. If a thousand different people visit the same neighborhood, the cache looks identical to if one person visited it a thousand times — there is no “who.”

Sessions

Each time you ask for a new stop, the server creates a short-lived “session” identified by a random ID. That ID exists only to stream the narration back to your device while it is being generated, and it is automatically deleted about ten minutes after the stop is finished. The session ID is not linked to you, your browser, your device, or any previous session. Every stop you take starts a fresh, unrelated session.

Likes, dislikes, and visited stops

If you tap like or dislike on an article, or simply finish listening to one, that information is saved on your iPhone only, in the app's private on-device storage. It never leaves your device tied to you.

Two anonymous things are sent to the server based on this local data:

When asking for the next stop, your device sends a list of article IDs it has already played, so the server doesn't pick them again. The server doesn't remember this list after the request — it just uses it to filter the next pick.
When you like or dislike an article, your device increments a global counter on that article (so popular articles get picked slightly more often for everyone). The server stores the new total — for example, “this article has 42 likes” — but not who liked it.

If you delete the app or clear its history, your local likes, dislikes, and visited history are gone. There is no copy on the server to restore.

Network-level information

Like every connected app, our hosting provider (Cloudflare) sees the IP address that requests come from — that's how the internet routes responses back to you. We use that IP address for one narrow purpose: rate-limiting the like/dislike endpoint so a single source can't spam votes. We do not store IP addresses against your activity, and we do not use them to build a profile.

Subscriptions and the App Store

Wanderpedia may offer optional in-app subscriptions, processed entirely by Apple through the App Store. Apple — not Wanderpedia — handles your payment, and we never see your credit card number, billing address, or Apple ID. We receive only an anonymous receipt token from Apple confirming that the subscription is active.

You can view, manage, or cancel any active subscription from your iPhone at any time: Settings → [your name] → Subscriptions, or at apps.apple.com/account/subscriptions.

Changes to this policy

If we ever change how the app handles data, we will update this page and the “Last updated” date above. Because the privacy properties described here are baked into how the system is built — not into a promise we make at the policy layer — any change would require real engineering work, not just a wording tweak.

Contact

Questions about privacy or this policy? Email hello@wanderpedia.app.

← Back to Wanderpedia