Tourist Lens
English · Español · Français · Italiano · Deutsch · Português · 中文 · 日本語

Privacy Policy

This privacy policy applies to the Tourist Lens app (hereby referred to as "Application") for mobile devices that was created by xaxo (hereby referred to as "Service Provider") as a Freemium service. This service is intended for use "AS IS".

Information Collection and Use

The Application collects information when you download and use it. This information may include information such as

  • Your device's Internet Protocol address (e.g. IP address)
  • The pages of the Application that you visit, the time and date of your visit, the time spent on those pages
  • The time spent on the Application
  • The operating system you use on your mobile device

The Application collects your device's location, which helps the Service Provider determine your approximate geographical location and make use of in below ways:

  • Geolocation Services: The Service Provider utilizes location data (via Google Maps Platform) to provide features such as personalized content, relevant recommendations, and location-based navigation services.
  • Sensor Fusion: To determine exactly which landmark you are viewing, the Application processes magnetometer (compass) and accelerometer data in conjunction with GPS coordinates.
  • Analytics and Improvements: Aggregated and anonymized location and sensor data helps the Service Provider to analyze user behavior, identify trends, and improve the overall performance and functionality of the Application.
  • Third-Party Services: Periodically, the Service Provider may transmit anonymized location data to external services (such as Google Analytics). These services assist them in enhancing the Application and optimizing their offerings.

The Application utilizes your device's camera for the visual identification of monuments and landmarks.

  • Edge AI Filtering: Before any image leaves your device, a local on-device model (Google ML Kit Image Labeling) evaluates it. Low-quality captures (blurry or dark) and obvious non-tourism content (such as screenshots) are filtered out locally. Tourism-relevant images are then transmitted over encrypted channels to our cloud Vision AI partners, where an additional Google SafeSearch filter screens for sensitive content before processing. Images are used solely to identify landmarks and subjects of interest, not to identify individuals.
  • Cloud Processing: Images processed for identification purposes are transmitted via encrypted channels to our Vision AI partners. If you choose to save or share specific content, these images may be stored on the Service Provider's servers (Firebase Storage) with strict access controls.

The Application uses Artificial Intelligence (AI) technologies, specifically Google Gemini, to provide conversational context, historical narrations, and personalized recommendations. Your chat interactions and inputs are processed by Google's generative AI services. By using these features, you acknowledge that your data will be processed by third-party AI models to provide the service. All AI processing is performed in accordance with this privacy policy and applicable laws.

Privacy by Design & Advanced Security

The Service Provider implements high-level security standards to protect your data.

  • Client-Side Encryption: Sensitive personal information, including your email address, chat messages, and the names of locations discovered, are protected using client-side AES-256-GCM encryption. The cryptographic keys required to read this data are stored exclusively in your device's secure enclave (Keychain/EncryptedSharedPreferences) and are never accessible to the Service Provider or any third party.
  • PII Sanitization: All telemetry and debug logs are automatically sanitized on your device before transmission. Any potential Personal Identifiable Information (PII) is replaced by generic identifiers to ensure your anonymity while allowing us to improve technical performance.
  • Certificate Pinning: To prevent "Man-in-the-Middle" attacks, the Application utilizes SSL/TLS Certificate Pinning for all communications with our AI backends. This ensures that your data only reaches our verified servers.
  • Device Anchor & Session Integrity: To prevent unauthorized use and ensure session consistency, the Application uses a one-way hashed hardware identifier (Device Anchor) and Schrödinger's Account Protection (session integrity checks). This protects your account from being hijacked during an active session and ensures that rewards and discoveries are attributed correctly.
  • App Check: We integrate Firebase App Check to verify that all requests originate from an unmodified version of the official Tourist Lens application on a trusted device.

For a better experience, while using the Application, the Service Provider may require you to provide us with certain personally identifiable information, such as your email address and profile information during the registration process (via Firebase Auth). If you start as a Guest, your scan history and discoveries are stored anonymously; upon registration, this data is securely migrated to your new account via Firebase account linking to ensure continuity.

Third Party Access

Only aggregated, anonymized data is periodically transmitted to external services to aid the Service Provider in improving the Application and their service. The Service Provider may share your information with third parties in the ways that are described in this privacy statement.

Please note that the Application utilizes third-party services that have their own Privacy Policy about handling data. Below are the links to the Privacy Policy of the third-party service providers used by the Application:

  • Google Play Services
  • Google Analytics for Firebase
  • Firebase Crashlytics
  • RevenueCat
  • Google Gemini API
  • Google Cloud Vision AI

The Service Provider may disclose User Provided and Automatically Collected Information:

  • as required by law, such as to comply with a subpoena, or similar legal process;
  • when they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • with their trusted services providers who work on their behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.

Opt-Out Rights

You can stop all collection of information by the Application easily by uninstalling it. Additionally, you have the right to opt-out of sharing anonymous session telemetry data (logs regarding feature usage and performance). This choice is presented during the initial guest setup and can be adjusted within the Application's settings.

Data Retention & Account Deletion Policy

The Service Provider will retain User Provided data for as long as you use the Application and for a reasonable time thereafter.

How to Request Account Deletion:

You have the right to delete your account and all associated data at any time. You can do this in two ways:

  1. In-App: Go to Settings > Profile > Delete Account. This will immediately trigger the permanent deletion of your profile, stamps, and encrypted data.
  2. Via Email: If you can no longer access the Application, or wish to request deletion externally, please contact us at tourist.ai.guide@gmail.com. Your request will be processed within a reasonable time (typically less than 7 days).

Upon deletion, all personally identifiable information and encrypted travel plans will be permanently removed from our production servers.

Children

The Service Provider does not use the Application to knowingly solicit data from or market to children under the age of 13.

The Application does not address anyone under the age of 13. The Service Provider does not knowingly collect personally identifiable information from children under 13 years of age. In the case the Service Provider discover that a child under 13 has provided personal information, the Service Provider will immediately delete this from their servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact the Service Provider (tourist.ai.guide@gmail.com) so that they will be able to take the necessary actions.

Security

The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect information the Service Provider processes and maintains.

Changes

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes to the Privacy Policy by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

This privacy policy is effective as of 2026-06-07

Your Consent

By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by us.

Contact Us

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider via email at tourist.ai.guide@gmail.com.


© 2026 Tourist Lens · tourist.ai.guide@gmail.com