The data controller for the personal data collected through the Wake mobile application (the "App", "Service") is Ruggiero Spera, operating under the brand "Wake Mobile", based in Italia. For any request please write to ruggierospera@icloud.com.
Wake is a mobile application for creating, sharing and discovering travel itineraries. It also offers subscriptions to the premium "Wake Pro" plan and one-off purchases of signature itineraries published by verified creators. This Privacy Policy describes what data we collect, why, how long we keep it, and what rights you have.
| Purpose | Legal basis | Retention |
|---|---|---|
| Service delivery (account, itineraries sync, authentication, operational notifications) | Performance of a contract (Art. 6.1.b GDPR) | Life of the account + 30 days after deletion |
| Wake Pro subscriptions and premium itinerary purchases | Performance of a contract (Art. 6.1.b GDPR) + tax obligations | 10 years (Italian tax law) |
| Creator payouts via Stripe Connect | Performance of a contract (Art. 6.1.b GDPR) + legal obligation (Art. 6.1.c) | 10 years for accounting records |
| Sending push notifications | Consent (Art. 6.1.a GDPR), revocable at any time | Until account is active |
| Security and abuse prevention | Legitimate interest (Art. 6.1.f GDPR) | 90 days for security logs |
| Diagnostics and bug fixing | Legitimate interest (Art. 6.1.f GDPR) | 90 days |
| Compliance with authorities' requests | Legal obligation (Art. 6.1.c GDPR) | As required by law |
Wake relies on the following third-party services to deliver the Service. Each processor handles personal data according to its own privacy policy, which we encourage you to read.
| Service | Purpose | Location | Privacy Policy |
|---|---|---|---|
| Supabase Inc. | Database hosting, authentication, backups, edge functions | USA (EU servers, eu-central-1) | supabase.com/privacy |
| Apple Inc. | Sign in with Apple, App Store In-App Purchase, Apple Push Notifications, App Store distribution | USA, EU | apple.com/legal/privacy |
| Google LLC | Sign in with Google (OAuth) | USA, EU | policies.google.com/privacy |
| RevenueCat, Inc. | Subscription and IAP management, receipts | USA | revenuecat.com/privacy |
| Stripe, Inc. / Stripe Payments Europe Ltd. | Creator onboarding and payouts (Stripe Connect Express) | USA, Ireland | stripe.com/privacy |
| Mapbox, Inc. | Maps, tiles, geocoding | USA | mapbox.com/legal/privacy |
| Expo / 650 Industries, Inc. | Push notification delivery (APNs gateway) | USA | expo.dev/privacy |
Transfers of personal data outside the European Economic Area are covered, where applicable, by Standard Contractual Clauses adopted by the European Commission and/or adequacy decisions in force.
To exercise your rights, write to ruggierospera@icloud.com. We respond within 30 days. Account deletion is also available in-app: Settings → Delete account.
The Service is not intended for users under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has signed up, contact us and we will delete the account.
We adopt reasonable technical and organisational measures to protect personal data: TLS 1.2+ in transit, encryption at rest on Supabase databases, Row Level Security to isolate user data, JWT-based access control, continuous monitoring. In the event of a breach we will notify users as required by GDPR Art. 34.
The App uses local storage only for session tokens and user preferences. No third-party cookies or cross-app advertising tracking. The NSPrivacyTracking property in our privacy manifest is set to false.
We may update this Policy. The "Last updated" date at the top reflects the most recent change. Material updates will be communicated via in-app notification or email.