Ridgeline ID

Privacy Policy

Last updated: 16 May 2026

Ridgeline ID ("we", "us") helps you identify UK fells and mountains from a photo. This page explains what data we collect, why, and your choices. We try to keep it short and human-readable.

1. What we collect

  • Photos you submit: Each photo is sent to our AI provider (Google Gemini, via the Lovable AI Gateway) for identification. The provider processes the image only to return a result and is contractually prohibited from using your photos to train its models. If you're signed in, the photo, the AI's suggestion and any alternatives are stored in your private history so you can find them later. If you're not signed in, nothing is retained server-side beyond short-lived diagnostic logs.
  • Location (optional): If you grant location permission, your approximate latitude/longitude is sent with the photo to improve accuracy and shown on your result. We do not track your location in the background.
  • Compass heading (optional): Used only on-device while you're taking a photo, to help orient the result.
  • Account data: Email address, plus your provider profile ID if you sign in with Google or Apple, so we can authenticate you and link your history.
  • Usage logs for rate-limiting: Each AI identification call is logged with your user ID and a timestamp so we can enforce per-user and global caps and prevent abuse. These rows are deleted after 7 days.
  • Feedback: If you tell us a result is wrong, we keep the original photo hash, the AI's suggestion and your correction so we can improve accuracy.
  • Analytics (opt-in only): If — and only if — you accept analytics in the cookie banner, we record anonymous, aggregated usage events (page views, button clicks) to understand which features are useful. No analytics events are sent before you opt in, and you can withdraw consent at any time via the cookie settings link in the footer.
  • Diagnostic logs: If something fails (an OAuth error, a crash, or you tap "Report a problem"), we store a short error log including the page path, your browser user-agent, and your user ID if you're signed in. These are used solely to fix bugs and are kept for a limited period.
  • Local storage: Guest history and your sign-in session are kept in your browser's local storage. We do not use third-party advertising cookies.

1a. How long we keep data

  • Identification history & photos: until you delete the entry, or until you delete your account (then within 30 days).
  • Rate-limit usage logs: 7 days.
  • Diagnostic / error logs: up to 90 days.
  • Account record: until you delete your account.

2. Camera access

Your browser will ask permission before the camera turns on. The video stream stays on your device until you tap Capture. You can revoke camera access at any time in your browser or system settings.

3. Location access

Location is optional. If you allow it, coordinates are attached to the identification request and saved with that history entry. Decline and Ridgeline ID still works — accuracy may just be slightly lower.

4. How we use your data

  • To run the identification (photo + optional location → AI model → result).
  • To show and sync your past identifications when you're signed in.
  • To secure your account (rate limits, abuse detection).
  • To diagnose and fix bugs, using the error logs above and (only with your consent) aggregated analytics.

We do not sell your data. We do not use it for advertising.

5. Third parties

  • Lovable Cloud hosts our backend, database and authentication.
  • AI model providers (via Lovable AI) process the submitted photo to produce an identification. They do not receive your account email.
  • Google only if you choose "Sign in with Google".
  • Apple only if you choose "Sign in with Apple". Apple's "Hide my email" relay address is supported.

6. Cookies & similar storage

We use storage that's strictly necessary by default: a session cookie/local-storage entry to keep you signed in, plus local storage for guest history and UI preferences. Analytics storage is only set if you accept it in the cookie banner. There are no advertising cookies.

7. Your rights & deleting your account

You can sign out, clear your local history from the History panel, or delete your account and all associated cloud data at any time from your account page. Account deletion removes your profile, identification history, and stored photos within 30 days. UK/EU users have rights under UK GDPR/GDPR including access, correction, deletion, and portability.

8. Children

Ridgeline ID is not directed at children under 13.

9. Contact

Questions or deletion requests: privacy@ridgeline.app.

Terms of Service →