In a nutshell: Fra li Monti is designed with privacy by design principles. Your GPS tracks are stored locally on your device and then synced in anonymized form to our servers when network is available, so you can retrieve your track and ensure your group’s safety. Your photos remain exclusively on your device. We only collect the strict minimum necessary for the app to function.
1. Data Controller
The data controller responsible for the personal data collected through the Fra li Monti application is:
Only1Cent is the publisher of the Fra li Monti application, available on Android (Google Play) and iOS (App Store).
2. Data We Collect
We believe in transparency. Here is exactly what we collect and what we do not collect.
Data we collect
Collected Account data
Email address and first name provided during registration (or Google/Apple profile when using third-party sign-in).
Collected Crash reports
When the app crashes (release version only), Firebase Crashlytics collects technical information: device type, OS version, error trace. No personally identifiable data is included.
Collected Refuge and accommodation data
The app retrieves information about GR20 refuges, lodges, and shops from our Firebase Firestore database (server to app direction only).
Collected Minimal technical data
Firebase automatically collects certain technical data: IP address, Firebase installation ID, device type, app version. This data is necessary for Firebase services to function.
Collected Anonymized GPS tracks
Your hiking GPS tracks are first stored locally on your device (Hive storage), then synced in anonymized form to our servers (Firebase Firestore) when network is available. Anonymization removes any direct link to your identity. This allows you to retrieve your track from any device and ensures group safety.
Collected Group position sharing
If you enable the “Group Positions” feature, your real-time position is shared with your hiking group members via Firebase Firestore. This feature is optional and can be disabled at any time. It allows group members to locate each other for safety purposes.
Data we DO NOT collect
Not collected Photos
Photos taken or added to your trek journal remain locally on your device. We do not access or transfer them.
Not collected Analytics data
Fra li Monti does not integrate any analytics SDK (Firebase Analytics or other). No usage events are collected or sent.
Not collected Advertising / Tracking
No advertising SDK (AdMob or other). No marketing trackers. No behavioral profiling.
Not collected Push notifications
Fra li Monti does not integrate any push notification SDK (Firebase Messaging or other). No push notifications are sent to your device.
Not collected Health data
No integration with Apple Health, Google Health Connect, or any other health data service.
3. Purposes of Processing
We use your personal data exclusively for the following purposes:
Account management: creation, authentication, and login to the application.
Service delivery: access to refuge information, accommodations, and GR20 points of interest.
Stability improvement: identifying and fixing bugs through crash reports (Crashlytics).
GPS navigation: real-time location for trail guidance. GPS tracks are stored locally then synced in anonymized form to our servers when network is available, so you can retrieve your track.
Group safety: if you enable the “Group Positions” feature, your position is shared in real time with your group members for mutual location purposes.
Premium feature management: verifying your subscription status.
We do not use your data for advertising, profiling, resale to third parties, or marketing.
4. Legal Basis (Article 6 GDPR)
Each data processing activity relies on a legal basis:
Performance of a contract (Art. 6(1)(b) GDPR): account creation, authentication, access to the service and premium features.
Consent (Art. 6(1)(a) GDPR): access to your device’s GPS location (you can refuse or revoke this permission at any time in your phone settings); enabling position sharing with your hiking group (optional feature, can be disabled at any time).
Legitimate interest (Art. 6(1)(f) GDPR): collecting crash reports to ensure the stability and quality of the application.
5. Data Recipients
Your personal data is shared with the following technical sub-processors, exclusively for the purposes described above:
Google LLC (Firebase Authentication) — Authentication management (email/password, Google Sign-In, Sign in with Apple).
Google LLC (Firebase Crashlytics) — Crash report collection in release version.
Google LLC (Cloud Firestore) — Storage and delivery of refuge and accommodation data, synchronization of anonymized GPS tracks, and real-time position sharing between group members (optional feature).
Google LLC (Google Sign-In) — If you choose to sign in with your Google account.
Apple Inc. (Sign in with Apple) — If you choose to sign in with your Apple ID.
We do not sell, rent, or share your personal data with any third party for commercial or advertising purposes.
6. International Data Transfers
Google’s Firebase services may process data on servers located in the United States. These transfers are governed by:
The EU-US Data Privacy Framework (European Commission adequacy decision of July 10, 2023).
Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into Google Cloud / Firebase terms of service.
Account data (email, first name): retained for the lifetime of your account. Deleted immediately when you delete your account (available in the app under Profile > Danger Zone).
Crash reports (Crashlytics): retained for 90 days by Firebase, in accordance with Google’s retention policy.
Anonymized GPS tracks (Firestore): synced tracks are retained on our servers for the lifetime of your account. Deleted immediately when you delete your account, both from our servers (Firestore) and from your device (local storage).
Group positions: real-time position data is ephemeral and automatically deleted at the end of each hiking session.
Photos, journal: stored locally on your device. Their lifespan depends on you (manual deletion or uninstalling the app).
Firebase technical data (installation ID): retained in accordance with Firebase retention policy (180 days for installation IDs).
8. Your Rights
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
Right of access (Art. 15): obtain a copy of your personal data.
Right to rectification (Art. 16): correct inaccurate or incomplete data.
Right to erasure (Art. 17): request deletion of your personal data.
Right to restriction of processing (Art. 18): restrict processing in certain cases.
Right to data portability (Art. 20): receive your data in a structured, commonly used, and machine-readable format.
Right to object (Art. 21): object to processing based on legitimate interest.
Right to withdraw consent: withdraw your consent at any time (for example, disable location services in your phone settings).
Account deletion: you can delete your account directly from the app (Profile > Danger Zone > Delete My Account). Deletion is immediate and irreversible: your account data, GPS tracks on our servers, and local data are erased instantly.
To exercise any other right, contact us at contact@only1cent.com. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. For users in France: CNIL (Commission Nationale de l’Informatique et des Libertés) at www.cnil.fr. For users in other EU member states, please contact your local data protection authority.
9. Cookies and Trackers
Fra li Monti is a native mobile application. It does not use web cookies.
The application uses the following local storage mechanisms:
Hive: lightweight local database to store your GPS tracks, photos, and journal data. GPS tracks are then synced in anonymized form to our servers; photos and journal data remain exclusively on your device.
Flutter Secure Storage: encrypted storage (Keychain on iOS, EncryptedSharedPreferences on Android) for sensitive information: premium status and emergency contacts.
SharedPreferences: user preferences (app settings, gear customization).
No advertising trackers, tracking pixels, or third-party tracking tools are used in the application.
10. Security
We implement the following technical measures to protect your data:
Encryption in transit: all communications with Firebase servers are encrypted via HTTPS/TLS.
Encryption at rest: sensitive data (premium status, emergency contacts) is stored in your device’s encrypted secure storage (Keychain iOS / EncryptedSharedPreferences Android).
Secure authentication: Firebase Authentication manages passwords securely (hashing, salting). We never store your password in plain text.
GPS track anonymization: GPS tracks synced to our servers are anonymized, removing any direct link to your personal identity.
Local data: your photos and journal data are stored in the app’s private directory, accessible only by Fra li Monti.
11. Children’s Privacy
Fra li Monti is not intended for children under 16 years of age.
We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@only1cent.com so we can delete it.
Minors aged 16 and over may use the application with the consent of their legal guardian.
12. Changes to This Policy
We may update this privacy policy from time to time. In case of material changes, we will notify you through:
An in-app notification.
Updating the “Last updated” date at the top of this page.
We encourage you to review this page regularly. Continued use of the application after changes are published constitutes acceptance of the updated policy.
13. Contact
For any questions regarding this privacy policy or to exercise your rights: