Privacy Policy
Last updated: 16 July 2026
This Privacy Policy explains how Muld ("we", "us", "our") collects, uses, and protects personal data when you use the Muld mobile app ("the app").
1. Data controller
Muld is an independent app operated from Denmark. For any privacy inquiry — including to identify the data controller — contact hello@muld.dev.
2. What data we collect
We collect only what is necessary to operate the app.
2.1 Account data
- Email address — to create and sign you in to your account.
- Authentication tokens — managed by Supabase Auth (our auth processor) to keep you signed in.
- Subscription status — managed by RevenueCat to track whether you have a Muld+ subscription.
2.2 Location data
-
Precise GPS location — used in two ways:
- In-app while you have the app open — to centre the map on your position and to attach coordinates to finds you log.
- In the background, only while a detecting session is active — to record the path you walked. Background tracking stops the moment you end the session. We never run background location outside an active session.
- Location is stored on your device only (in the local SQLite database). It leaves your device only when you choose to send it out yourself — by submitting a find to DIME (see 2.5) or exporting a file — and is never uploaded to our servers.
2.3 Find data
Each find you log stores:
- Coordinates (GPS)
- Date and time
- Photos you attach
- Notes, depth, category, and other fields you fill in
This data — including the photos you attach — is stored locally on your device in SQLite. It is not uploaded to our servers. A find leaves your device only when you choose to send it out yourself — by submitting it to DIME (see 2.5) or exporting it as a file you share.
2.4 Protected zone data
The app displays protected archaeological zones (fortidsminder, kulturarvsarealer, beskyttede sten- og jorddiger) on the map using public data from SLKS (Slots- og Kulturstyrelsen) and the §3 nature register from Miljøportalen. Map data is fetched from these public services as you pan and zoom; no personal data or location is sent to them.
2.5 DIME submission (optional)
If you choose to submit a find to DIME (the Danish national metal-detecting register), the find data — coordinates, photos, description, finder identity — is sent to DIME's servers under their terms. This is opt-in per find; we do not submit automatically.
DIME is a non-commercial portal owned by Aarhus University (the data controller) and operated together with Moesgård Museum. By accepting DIME's terms during account creation, you agree to the following — these are DIME's terms, not ours, but you should know them before submitting:
- Find locations are shared with the responsible local museum at the time of submission. Sharing can exceptionally be postponed, but after 3 days the museum can access the exact find site if needed.
- Find images and descriptions are published on DIME under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 (CC BY-NC-SA 4.0) licence. GPS coordinates and personal data are NOT public — only approved museum staff, researchers with special access, and system administrators can see them.
- You can exceptionally hide a find from the public view for up to 6 months.
- If you delete your DIME account, your find data is anonymised — not deleted.
See metaldetektorfund.dk for DIME's full terms and privacy policy.
2.6 What we do NOT collect
- No advertising identifiers
- No advertising or product-analytics SDKs (no Google Analytics, Firebase, Mixpanel, etc.). We use crash diagnostics only — see 2.8.
- No third-party SDK trackers
- No contacts, calendar, or other personal data outside what's listed above
2.7 Launch-notify list (muld.dev website)
If you enter your email address in the "notify me at launch" form on
muld.dev, we store only that email address
(together with the date, which site language you used, and which country
you connected from) for a single purpose: to send you one
email when the Muld app becomes publicly available.
- The country comes from our network provider at the moment you submit the form. We do not store your IP address, and we use the country only to tell real sign-ups apart from automated spam.
- No newsletter, no marketing, no sharing. We do not add you to any other list, and we never pass the address to a third party.
- Legal basis: your consent (GDPR Art. 6(1)(a)), given when you submit the form — an explicit request for that one notification, not a marketing sign-up.
- Retention: we delete your address within 30 days of sending the launch email, or immediately if you ask us to sooner.
- Withdraw any time: email hello@muld.dev and we will delete your address.
- The form submits to
muld.devonly; the address is then stored in our Supabase database (EU region). No analytics or trackers are involved.
2.8 Crash and error diagnostics (Sentry)
To keep the app stable, we use Sentry to collect crash and error reports. When the app crashes, Sentry receives the error and technical state (device model, OS version, app version, and a random anonymous install identifier). Your precise GPS location, find locations, notes, and photos are removed from crash reports before they leave your device.
Because a crash report is sent over the internet, Sentry derives an approximate, city-level location from your IP address (your region or city — not your GPS position or find sites). This coarse IP-based inference is standard for any internet service, is used only to diagnose crashes, and is never linked to your finds or movements. Crash data is processed in Sentry's EU data region.
3. Why we collect this data (legal basis under GDPR)
| Data | Purpose | Legal basis |
|---|---|---|
| Email + auth | Account creation, sign-in | Contract (Art. 6(1)(b)) |
| Email (launch-notify list) | One launch notification (website waitlist) | Consent (Art. 6(1)(a)) |
| Location (foreground) | Map centring, find geotagging | Contract |
| Location (background, session) | Session path recording | Explicit consent (you start the session) |
| Photos + find data | Core app functionality | Contract |
| Subscription status | Muld+ feature access | Contract |
| DIME submission | Voluntary national reporting | Explicit consent (per submission) |
| Crash diagnostics | App stability & debugging | Legitimate interest (Art. 6(1)(f)) |
4. Who we share data with (sub-processors)
- Supabase (EU region) — account authentication and the website launch-notify list. See Supabase's privacy policy.
- RevenueCat — subscription management. See RevenueCat's privacy policy.
- DIME / Moesgaard Museum — only when you explicitly submit a find. Their privacy policy applies to submitted data.
- Sentry (crash diagnostics, EU data region) — receives crash reports if the app crashes. Sentry Inc. is US-based; data is stored in the EU and any US access is covered by SCCs. See Sentry's privacy policy.
We do not share data with advertisers, analytics providers, or data brokers. We do not sell your data.
5. International transfers
Supabase data is stored in EU regions, and Sentry crash data is stored in Sentry's EU region. RevenueCat — and any US access to Sentry data by Sentry Inc. — may process data in the US under Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Retention
- Account data — kept while your account is active. Deleted on request (see Your Rights below) or 12 months after sustained inactivity.
- Find data and photos on your device — kept until you delete the find or uninstall the app.
- Subscription records — retained for as long as legally required (accounting, tax — typically 5 years in Denmark).
- DIME submissions — once submitted, data is held under DIME's terms, not ours.
7. Your rights (GDPR)
You have the right to:
- Access your data — request a copy.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten"). Erasing your account removes your authentication data on our servers. Your finds, photos and tracks live only on your device — delete them in-app or by uninstalling.
- Restrict processing of your data.
- Object to processing.
- Data portability — receive your data in a machine-readable format.
- Withdraw consent at any time for background tracking and DIME submissions (the data already shared with DIME is governed by DIME's policy).
- Lodge a complaint with the Danish Data Protection Authority (Datatilsynet, datatilsynet.dk).
To exercise any of these rights, email hello@muld.dev. We respond within 30 days.
8. Security
- All network traffic uses HTTPS / TLS.
- Auth tokens stored in the device's secure storage.
- Supabase encrypts data at rest.
- We do not store passwords ourselves; Supabase Auth manages hashing.
9. Children
The app is not intended for users under 13. We do not knowingly collect data from children. If you believe a child has used the app, contact us and we will delete the data.
10. Changes to this policy
We may update this policy. The "Last updated" date at the top reflects the most recent change. Material changes will be announced in-app on the next launch after the change.