Skip to content

Legal

Privacy Policy

Last updated: June 2026

This policy applies to Paths Labs Ltd, a company registered in England and Wales (Company No. 17175677). Paths is a mobile app for iPhone and Android; this website is where you learn about Paths and read our policies.

Paths is designed to be simple and private.

What we collect

  • Movement data — GPS coordinates (latitude and longitude), timestamps, distance, and route geometry that you record, draw, upload, import from a route link (Google Maps, Komoot), or generate using the route tools
  • Activity and step data — when you record a walk or hike, Paths reads your step count from your device's built-in motion sensor (pedometer) only while a recording is in progress. The step total is shown to you live and saved with that movement for your own reference. We never use this data for advertising, and we never share it with third parties
  • Strava activity data — when you connect your Strava account, we import GPS coordinates, speed/velocity, altitude/elevation, grade, distance, and time data from activities you choose to import. We store the minimum data needed to render your visual and do not store raw Strava activity files
  • Titles, notes and descriptions — the text you add to a movement, including written Notes
  • Photos — if you attach a photo to a movement, the image is stored securely and encrypted in private storage, kept with your account so we can display it to you and include it when you choose to share or gift that movement. Photos are private by default — never public, never sold, never used for advertising. Only you, and the people you share or gift a movement with, can see them. You can remove an attached photo at any time, which deletes it
  • Account information — your email address, used for authentication. Passwords are never stored by Paths; authentication is handled by Supabase Auth using either a magic link sent to your email or a securely hashed credential. We do not have access to your password in any form
  • Profile data — display name and profile photo, if you choose to add them
  • Access data — your access status, used to manage what your account can do
  • Usage data — interaction data (such as which features you use) collected via PostHog to help us understand and improve the product. This is linked to your account so we can understand how the product is used over time. We never use it for advertising and never sell it, and we do not track you across other apps or websites
  • Crash and diagnostic data — when the app encounters an error, we collect technical diagnostic information (such as the error and device/app state at the time) via Sentry, so we can find and fix problems. This is used only to keep the app working reliably, never for advertising

How we use it

  • Authenticate your account and maintain your session
  • Generate and display your visual movement artwork
  • Save your movements, photos, Notes and Series to your account
  • Show live recording metrics — including step count for walks and hikes — and save them with the movement
  • Manage what your account can access
  • Improve the product and user experience

Strava integration

If you connect your Strava account, we request read-only access to your activities (activity:read_all scope). We access only the specific activities you choose to import. We do not read your full activity history automatically, access private messages, or store information about followers or connections.

Speed, elevation, and GPS data from imported activities are used solely to generate your artwork and are stored only for as long as your movement remains saved in your account. You can disconnect Strava at any time from your Profile page, which removes your stored access credentials immediately. Disconnecting does not delete movements you have already saved.

Your use of Strava remains subject to Strava’s own privacy policy.

AI-generated content

Paths uses an AI service (Claude, provided by Anthropic) to suggest movement titles and notes. To do this, a sample of your route’s coordinates is sent to Anthropic’s API along with any context you choose to provide. This data is used solely to generate the suggestion and is not retained by Anthropic or used to train their models. You are not required to use AI suggestions — you can name your movement manually at any time.

Payments

Paths is currently free to use, so we do not collect any payment information from you today. If paid features are introduced in future, payment would be handled through the Apple App Store or Google Play, depending on your device — meaning payment is processed entirely by Apple or Google, subject to their respective privacy policies, and we would never see or store your card details. We would store only your access status, for the purpose of managing what your account can do.

Who we share data with

We do not sell your data, and we do not share it with third parties for their own purposes or for advertising. We use a small number of service providers to run Paths, who process data only on our instructions: Supabase (secure database, authentication and file storage), PostHog (product usage analytics) and Sentry (crash and error diagnostics). If you choose to connect Strava, we also access the specific activities you import (see above). When you choose to share or gift a movement, only the people you send it to can see that movement.

Data security

We use appropriate technical and organisational measures to protect your data. Data is encrypted in transit, and photos are held in private, encrypted storage accessible only to you and anyone you choose to share or gift a movement with.

Your rights

You have the right to access, correct, or delete your personal data. You can delete your account at any time from inside the app: open Profile and tap Delete account. Your account is deactivated immediately, and your movements, Series, photos and profile are permanently deleted after 30 days. Within those 30 days you can email support@paths.today to restore your account; after that, the deletion is permanent and cannot be undone. To access or correct your data, or if you cannot reach the app, email support@paths.today at any time.

Cookies

We use minimal cookies to keep the website functioning and understand basic usage. You can control cookies through your browser settings.

Data protection laws

We process personal data in accordance with applicable data protection laws, including the UK GDPR.

Contact

hello@paths.today

Paths Labs Ltd
Registered in England and Wales (Company No. 17175677)
Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom