Privacy Policy
Last updated: May 2, 2026 Effective date: May 2, 2026
This Privacy Policy explains what information the Strata mobile application ("Strata," the "App," "we," "us," or "our") collects, how we use it, and the choices you have. Strata is operated by Yibin Yang, 1400 N Lake Shore Dr, Chicago, IL 60610.
We have designed Strata to be account-free and data-minimizing by default. Strata does not require you to create an account, and we do not ask for your name, email address, phone number, or payment information.
If you have questions, contact us at yang.yibinn@gmail.com.
1. Summary
In plain language:
- Strata is a hiking and terrain-visualization app for U.S. coverage.
- We do not have user accounts, and we do not ask for personally identifying information.
- We generate a random anonymous device identifier on first launch so the backend can apply per-device rate limits and abuse protection.
- If you grant location permission, your device's location is used to center the map, show your live-location puck, and compute elevation. Strata does not request background location and does not transmit continuous location tracking to our backend, but location-related map and search requests may be sent to Mapbox as described below.
- When you generate terrain, the coordinates of the area you select, your anonymous device ID, and your IP address are sent to our backend so we can return elevation data and build offline imagery packs.
- We use third-party services (including Mapbox, Esri, USGS / The National Map, and Amazon Web Services) to provide maps, imagery, elevation data, and hosting.
- We do not sell or rent personal information.
2. Information We Collect
2.1 Anonymous Device Identifier
On first launch, Strata generates a random alphanumeric anonymous device ID and stores it locally on the device. This ID is sent to our backend as the X-Strata-Device-Id request header on requests to:
- The terrain elevation endpoint
- The imagery pack job creation, status, and cancellation endpoints
This ID is not derived from any hardware identifier (such as IDFA, IDFV, Android Advertising ID, IMEI, MAC address, or serial number). It exists for the sole purpose of applying per-device rate limits and abuse controls.
You can reset this ID by clearing the App's data or uninstalling and reinstalling the App.
2.2 Location Information
If you grant location permission, Strata uses your device's location to:
- Frame the starter map on first load
- Render the live-location puck on the map
- Compute the elevation reading shown in the elevation status pill
- Determine whether you are inside loaded terrain (used to gate the immersive locate feature)
Strata requests foreground location only while the App is in use. Coordinates are not continuously transmitted to our servers, and Strata does not request background location. Location or location-derived map viewport information may be sent to Mapbox when Mapbox renders map content or when Strata uses the current map view to bias searches you perform (see Section 4).
You can revoke location permission at any time in your device settings; the App will still work, with reduced location-aware functionality.
2.3 Selected Region Coordinates
When you choose an area of terrain to download, the bounding-box coordinates of that selection (and a small expanded "seam" buffer) are sent to our backend so we can:
- Validate the selection against U.S. terrain coverage
- Return elevation data for that area
- Create an offline imagery pack for that area
We do not associate these coordinates with your real-world identity, because we do not have your real-world identity.
2.4 Search Queries
Searches you type into the starter search bar are sent to Mapbox Search Box (a Mapbox service) so that matching results can be returned. Search text is sanitized and length-capped before being transmitted. Mapbox's handling of these queries is governed by Mapbox's privacy practices (see Section 4).
2.5 IP Address and Network Information
When the App communicates with our backend, the underlying HTTPS connection conveys your IP address. We use IP and a derived network range (/24 for IPv4, /64 for IPv6) only for abuse protection and rate limiting. We do not store raw IP addresses or raw device IDs; we store only SHA-256 hashes of these values, with a time-to-live (TTL) so they automatically expire.
2.6 Diagnostic and Operational Logs
Our backend may log request metadata (such as the time of the request, the endpoint, response status, hashed identifiers, and error categories) to operate the service, diagnose problems, and monitor abuse. These logs do not include raw device IDs, raw IP addresses, or content of search queries.
2.7 Information We Do Not Collect
We do not collect:
- Your name, email address, phone number, or postal address
- Account credentials (because there are no accounts)
- Payment information
- Photos, contacts, microphone, camera, calendar, or health data
- Continuous location tracking
- Advertising identifiers or any data used for cross-app tracking
- Biometric identifiers
Strata does not include third-party advertising SDKs and does not deliver targeted advertising.
3. How We Use Information
We use the limited information described above to:
- Provide the core App experience: render maps, return elevation, build offline imagery packs, and display your live location.
- Enforce per-device, per-IP, and global rate limits to protect the service against abuse and runaway clients.
- De-duplicate identical in-flight imagery jobs.
- Diagnose problems and maintain operational health.
- Comply with legal obligations and respond to lawful requests.
We do not use this information for behavioral advertising or to build profiles about you.
4. Third-Party Services
Strata depends on several third-party services. Some providers process data for hosting or service delivery on our behalf; others, such as map/search providers contacted directly from the App, may process requests under their own terms and privacy practices.
| Provider | Purpose | Data the provider may receive |
|---|---|---|
| Mapbox, Inc. | Base maps, vector tiles, search (Mapbox Search Box) | IP address, map viewport/camera information, search query text, tile requests, and location-derived viewport information when you use location-aware map/search features |
| Esri (Environmental Systems Research Institute) | World Imagery aerial/satellite tiles for offline imagery packs (server-side fetched by us) | Tile coordinates or selected-region-derived imagery requests we make on your behalf |
| U.S. Geological Survey (USGS) / The National Map (TNM) | Authoritative U.S. elevation data, accessed by our backend as a fallback when terrain is not in cache | Tile, dataset, or selected-region-derived elevation requests we make on your behalf |
| Amazon Web Services (AWS) | Hosting (compute, storage, queueing, logging) in us-east-1 | Backend traffic and operational records, including selected region coordinates and anonymous device ID headers while requests are processed |
| Apple App Store / Google Play | App distribution and crash reporting where opted in at the platform level | As described by Apple and Google |
For the most part, our backend—not your device—communicates with Esri and USGS. Mapbox is contacted directly from your device.
You can review these providers' policies on their websites.
5. How Information Is Stored and Retained
5.1 On Your Device
The App stores the following locally on your device:
- The anonymous device ID
- Your library of saved terrain regions (terrain meshes, base imagery, offline imagery packs, and metadata)
- The download queue state
- Group organization metadata
This data remains on your device until you delete saved regions in the App or uninstall the App.
5.2 On Our Backend
- Transient processing artifacts (e.g., terrain binaries, imagery job manifests, staged imagery packs) are stored in a "results" bucket with a short lifecycle, currently intended to expire after approximately one day.
- Durable cache artifacts (canonical elevation tiles, region manifests, coverage indexes) are stored without expiration so we can return them efficiently to other users requesting overlapping coverage. These contain map and terrain data and are not intended to identify users.
- Quota records (hashed device ID, hashed IP, hashed network range, and rolling-window event counters) are stored in a database with TTL and expire automatically.
- Operational logs are retained for a limited period, currently 14 days for the Strata backend Lambda log groups, for security and diagnostics.
We do not maintain a long-term account or user-profile database.
6. Security
We employ commercially reasonable safeguards including encryption in transit (HTTPS/TLS), least-privilege access on cloud resources, hashed-only storage of identifiers and IP addresses, hard server-side input validation, server-side rate limiting, and short-lived signed URLs for imagery downloads. No system is perfectly secure, and we cannot guarantee absolute security.
7. Children's Privacy
Strata is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information that we have access to, please contact us at yang.yibinn@gmail.com so we can investigate and, where applicable, delete it.
8. Your Choices and Rights
Because Strata does not maintain accounts or directly identifying user profiles, we typically cannot link the limited data we hold to a specific person. The following choices are available to you:
- Location permission. Toggle in your device's system settings.
- Local data. Delete saved regions inside the App, clear app data in your device settings, or uninstall the App.
- Reset anonymous ID. Clearing app data or reinstalling the App generates a new anonymous device ID.
- Network-level requests. You can request that we delete operational records associated with your IP address by contacting us; note that hashed quota records expire automatically via TTL.
8.1 California Residents (CCPA / CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know, delete, correct, and limit certain uses of personal information, and the right not to be discriminated against for exercising those rights. Because we do not maintain accounts or sell personal information and do not engage in cross-context behavioral advertising, the practical scope of these rights as applied to Strata is limited. You can submit a request by contacting yang.yibinn@gmail.com. We will not be able to verify a request without sufficient information to associate the request with the limited data we hold (such as the anonymous device ID stored in the App).
8.2 Other U.S. State Privacy Laws
Residents of states with comprehensive consumer privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and others) may have similar rights under those laws. To exercise any such right, contact yang.yibinn@gmail.com.
8.3 Users Outside the United States
Strata's terrain coverage is currently limited to the United States, and our backend operates in AWS us-east-1 (in the United States). If you access the App from outside the United States, your information will be processed in the United States, which may have different data-protection rules from your country of residence. The App is not currently directed at users in the European Economic Area, the United Kingdom, or other regions with comprehensive data-protection laws, and we have not implemented the contractual or representative arrangements those laws may require.
9. Do Not Track and Global Privacy Control
Strata does not currently respond to "Do Not Track" browser signals because the App is not a website. We do not engage in cross-context behavioral advertising and do not "sell" or "share" personal information as defined under California law.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. Material changes will be communicated through the App or on our website at https://strataterrain.com/privacy.html. Your continued use of the App after the effective date of the updated policy constitutes acceptance of the updated terms.
11. Contact Us
Yibin Yang 1400 N Lake Shore Dr Chicago, IL 60610 Email: yang.yibinn@gmail.com