Last updated: 18 April 2026
This privacy policy explains how the Murmure mobile app ("the app") collects, uses and protects user information. We adhere to the General Data Protection Regulation (GDPR, EU 2016/679).
1. Publisher
MURMURE (Google Play developer account travel.murmure.app)
Contact: contact@murmure.travel
Data Protection Officer: same contact.
2. Data collected and purposes
2.1 Geolocation
- When: only when you enable Walk Mode (Mode Balade) or open the "Nearby" screen. Collection stops as soon as you turn the mode off or leave the screen.
- Use: sent to our server as latitude/longitude to return nearby heritage places and display your position on the map.
- Storage: location is not stored on our servers after the request. It remains in your phone's memory only during the active session.
- Sharing: never shared with third parties.
2.2 User account (optional)
If you create an account to contribute audio memos:
- Data: email, display name, profile picture (optional).
- Use: authentication, contribution attribution.
- Storage: OVH servers (France), encrypted in transit (HTTPS) and at rest.
- Retention: as long as the account exists. Deleted on request.
2.3 Contributed audio memos (optional)
If you record an audio memo tied to a heritage place:
- Data: audio file, metadata (place, language, listening profile), author.
- Sharing: published memos are publicly accessible to other app users (Wikipedia-like audio contributive model). This is the app's core principle.
- Deletion: you can delete your own memos at any time.
2.4 Favorites
List of places you bookmark. Stored locally on your phone only (Android AsyncStorage), never transmitted to our servers. Removed on uninstall.
2.5 Server logs
Our server logs incoming API requests (IP address, timestamp, URL) for security and troubleshooting. These logs are automatically purged after 30 days and never cross-referenced with user accounts.
2.6 Notifications
The app sends local notifications when Walk Mode detects a nearby place. These notifications are generated on your phone only — no push from our servers, no notification-token collection via Google FCM.
3. No tracking, no advertising
Murmure contains no analytics SDK (Firebase Analytics, Google Analytics, Mixpanel, etc.), no advertising ID, no tracking cookies, no ads.
4. Third parties
The app uses the following third-party services:
| Service | Data sent | Purpose |
|---|---|---|
| OVH (France) | All API requests | Server hosting |
| OpenFreeMap / MapLibre | IP address (inherent to HTTP) | Map tiles |
| Wikidata, Wikipedia | None (server-side read) | Place enrichment |
None of these third parties receive your GPS location or account data.
5. Your rights (GDPR)
You have the right to:
- access your personal data
- rectify inaccurate data
- erasure ("right to be forgotten")
- portability (export of your data in a structured format)
- object to processing
- restrict processing
To exercise these rights: contact@murmure.travel. We respond within 30 days maximum.
You may also lodge a complaint with your national data protection authority (France: CNIL — www.cnil.fr).
6. Security
- TLS 1.2+ encryption for all transmission.
- Passwords hashed (bcrypt) server-side.
- No superfluous collection (GDPR minimisation principle).
7. Children
The app is intended for audiences aged 13 and older. It does not knowingly collect data from children under 13. If you believe a child under 13 has provided us data, contact us — we will delete it.
8. Changes to this policy
Substantial changes will be notified in the app or by email (existing accounts) at least 30 days before taking effect. The current version is always available at this URL.
9. Applicable law
This policy is governed by French law. Any dispute will be brought before the competent courts in France.