Lleno — Privacy Policy

Effective date: 2026-04-09
Last updated: 2026-04-09

This privacy policy describes how the Lleno mobile application ("Lleno", "we", "us") handles information when you use the app. Lleno is currently in alpha testing.

1. Summary

Lleno helps you see how busy a place is before you go. To make this work we collect anonymous, low-precision presence records from your device when the app is running. We do not collect your name, email address, phone number, contacts, photos, or any information that personally identifies you.

If you stop using Lleno, you can clear the app from your device at any time and any local data is removed.

2. Data we collect

When you use Lleno, the following data is sent to our servers:

Anonymous device identifier. A random UUID generated on first launch and stored locally on your device. It is not linked to your Google account, phone number, advertising ID, or any other identifier. Clearing app data or reinstalling the app generates a new identifier.
Approximate location, processed ephemerally. Your latitude and longitude are sent to our server so we can determine which public venue (park, mall, transit hub, etc.) you are inside. The raw coordinates are not stored. The server resolves them to a venue identifier within a single request and immediately discards the precise position. Only the resulting venue ID, timestamp, and anonymous device identifier are persisted.
Timestamp of when each presence record was created.
Accuracy radius. A single number describing how confident your device is about its position fix. This is a quality signal, not a coordinate, and contains no location content on its own.

We do not collect:

Your name, email address, phone number, or contacts
Photos, files, microphone, or camera input
Browsing history, advertising ID, or device fingerprints
Payment or financial information
Health, fitness, or biometric data

3. How we use the data

We use presence records only to:

Show you crowd density in nearby venues in real time.
Compute aggregated, anonymous historical patterns (e.g., "this venue is usually busy on Friday evenings"). Aggregates are stored at the venue level, not at the device level.

We do not:

Sell your data to anyone, ever.
Use your data for advertising.
Build user profiles.
Track you across apps or websites.

4. Data retention

Individual presence records (anonymous device ID + venue ID + timestamp, no coordinates) are kept for up to 30 days, then automatically deleted.
Aggregated venue statistics (counts and averages by hour, no device identifiers) are kept indefinitely so the app can show typical patterns over time.
Anonymous device identifiers are stored alongside presence records during the 30-day window. After that, only aggregate counts remain.

5. Third parties

Lleno relies on a small number of third-party services. Each one only receives the data necessary for its function:

Google Maps SDK (Google LLC) — used to display the map. Google may collect device and usage data as described in the Google Maps Platform Terms of Service and Google Privacy Policy.
OpenStreetMap / Overpass API / Nominatim (OpenStreetMap Foundation) — used to fetch venue boundaries and search for places. They receive geographic queries (latitude/longitude bounding boxes and venue names) but no device identifier.
Sentry (Functional Software, Inc.) — used to record application crashes so we can fix bugs. When the app crashes, Sentry receives a stack trace, device model, operating system version, and the anonymous device identifier. Sentry does not receive your location data.
Amazon Web Services (Amazon.com, Inc.) — Lleno's backend runs on AWS in the United States. Your location data is transmitted to and processed on AWS servers.

We do not share your data with any party other than these processors, and we do not allow any of them to use the data for their own commercial purposes beyond what is required to operate their services.

6. Where data is processed

Lleno's servers are located in the United States (AWS us-east-1 region). By using Lleno, you consent to the transfer of your data to and processing in the United States.

7. Security

All communication between the app and our servers is encrypted in transit using HTTPS / TLS 1.2 or higher.
Data at rest is stored on managed AWS services with encryption enabled.
Access to production data is restricted to a small number of authorized maintainers.

No system is perfectly secure. If you become aware of a vulnerability, please contact us at the address below.

8. Your choices

Stop sharing location. You can revoke Lleno's location permission at any time in your device settings (Settings → Apps → Lleno → Permissions). The app will continue to work for browsing venues, but real-time density will not be available for your current location.
Stop background collection. Revoke "background" or "all the time" location permission in the same settings menu. Lleno will then only collect location while the app is open.
Delete your data. Because Lleno never collects information that identifies you personally, we cannot look up "your" data on request. However, if you uninstall the app and clear its storage, the local device identifier is permanently lost. The presence records tied to that identifier will continue to age out and be deleted within 30 days.

9. Children

Lleno is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable age). We do not knowingly collect data from children. If you believe a child has used Lleno, please contact us and we will take appropriate steps.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the app and reflected in the "Last updated" date at the top of this page. Continuing to use Lleno after a change constitutes acceptance of the updated policy.

11. Contact

Questions, concerns, or requests about this policy can be sent to:

privacy@lleno.app

Lleno is operated independently from Guatemala. A Spanish version of this policy is available at privacy.lleno.app/es.