Contact: support@thenerolabs.com
App: MapNero — Professional GIS Mapping for iOS
MapNero is a professional GIS mapping application for field operations. This policy explains exactly what data we collect, why we need it, and your rights over it.
1. Data We Collect
1.1 Anonymous Device Identifiers
APNs token — used solely to deliver push notifications for team events. Contains no personal information. Stored in our Supabase backend to route notifications to the correct device.
MapNero does not require an account or email address.
1.2 Map Library & Project Data (Local Only)
All maps, tracks, waypoints, layers, and PDF/GeoTIFF files are stored locally on your device using Apple SwiftData. This data never leaves your device unless you explicitly share it.
1.3 GPS and Location Data
MapNero uses your GPS to display position, record tracks, and enforce geofences. Location data is processed entirely on-device. We do not transmit your GPS coordinates to our servers.
1.4 Team Collaboration Data (Optional)
If you join or host a Team Session, the following data is synced to our Supabase backend:
- Display name — the name you enter when joining (you choose what to share).
- Live GPS position — transmitted while a session is active. Hide anytime from the session panel.
- Shared layer features — map annotations you publish to a session.
- Team chat messages — encrypted with AES-GCM. The server stores only ciphertext.
- Session metadata — session code, team name, join/leave timestamps.
All team session data is automatically purged 24 hours after the session expires.
1.5 Subscription Status
MapNero uses RevenueCat to verify subscription entitlements. We store only your tier label locally. We never see your payment method, Apple ID, or billing information.
1.6 Crash & Diagnostic Data
iOS may send anonymised crash reports to Apple under your device privacy settings. MapNero does not use any third-party crash SDK.
2. Data We Do Not Collect
3. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Backend for team sessions, real-time sync, push routing | Team session data, APNs token. Singapore region (ap-southeast-1). |
| Apple APNs | Push notification delivery | Device token + notification payload only. |
| RevenueCat | Subscription entitlement verification | App Store receipt, anonymous user ID. No payment data. |
| Apple StoreKit | In-app purchase processing | All payment data stays with Apple. We never see it. |
| MapLibre / OpenFreeMap | Base map tile rendering | Standard tile requests (lat/lon bounding box, zoom level). |
We do not sell your data to any third party, ever.
4. Subscriptions and Payments
MapNero offers Core, Pro, and Team Solo subscriptions processed entirely by Apple via StoreKit 2.
- We never see your credit card, bank account, or Apple ID.
- We store only a tier label locally — no financial data.
- Cancel anytime via iOS Settings → Apple ID → Subscriptions.
5. Location Permissions
- When In Use — required to show your position and record tracks while the app is open.
- Always (optional) — requested only if you create a geofence requiring background monitoring.
Revoke anytime in iOS Settings → MapNero → Location.
6. Data Retention
| Data | Where Stored | Retention |
|---|---|---|
| Maps, tracks, waypoints, layers | Device (SwiftData) | Until deleted or app uninstalled. |
| Team session data | Supabase backend | Auto-deleted 24 hours after session expiry. |
| APNs device token | Supabase backend | Deleted when Apple reports token invalid. |
| Subscription tier cache | Device (SwiftData) | Until app uninstalled or subscription lapses. |
7. Your Rights
- Access: Email support@thenerolabs.com for server-side data tied to your session codes or APNs token.
- Deletion: Uninstall to erase local data. Email us with session codes to delete server records before automatic purge.
- No account to delete: MapNero has no user accounts.
- Data portability: Export maps and tracks as GeoTIFF, GeoPDF, or Shapefile from within the app.
8. Children's Privacy
MapNero is designed for professional field use and is not directed at children under 13.
9. Security
- All network traffic uses HTTPS / TLS 1.3.
- Supabase backend uses Row-Level Security (RLS) policies.
- Team chat messages are encrypted client-side with AES-GCM before transmission.
- API keys are stored server-side only, never in the app binary.
10. International Data Transfers
The Nero Labs LLC operates from Kuwait. Supabase runs in Singapore (AWS ap-southeast-1). RevenueCat operates from the United States. By using MapNero you consent to transferring the limited data described above to these jurisdictions.
11. Changes to this Policy
Material changes will be notified via an in-app banner. The "Last updated" date always reflects the most recent revision.