Back Room
Strategies

Privacy Policy

Last updated: 2026-05-05

This Privacy Policy describes how Urban Gallery (“we,” “us,” “the app”), operated by Back Room Strategies Ltd, handles information when you use the app.

TL;DR:We collect as little as possible. We don’t sell data, and we don’t track you across other apps for our own purposes. You can use the app entirely without an account; signing in is optional and only used to save tours, verify a Patron purchase, and (for Patrons) submit pieces to the gallery. We show ads from Google AdMob to free-tier users — Patrons see no ads. We use a small number of third-party services (Mapbox, Supabase, Sentry, Google AdMob, Google Play Billing) that have their own privacy policies.

What we collect

Approximate location (only on the Near Me tab). When you open the Near Me tab, we request your foreground location to sort nearby artworks by distance. We do not store this location. It stays on your device and is discarded when you close the app. We never access your location in the background.

Email address (only if you sign in).Sign-in is optional. If you choose to sign in, we ask for your email address and send a one-tap “magic link.” We store your email in our authentication database (Supabase) so you can sign back in later. We never send marketing email and we never share your address. You can ask us to delete your account at any time.

Saved tours (only if you sign in).Tours you choose to save are stored against your account so they appear when you sign in on another device. Each saved tour is a small JSON document containing the route’s stops and your chosen options. We never look at the contents of an individual user’s saved tours.

Purchase records (only if you become a Patron). When you buy a Patron pass through Google Play, we receive a purchase token and order ID from Google so we can verify the purchase server-side and unlock Patron benefits on your account. We store: your user ID, the product purchased, the purchase token, the order ID, and the timestamp. We do not receive your name, billing address, or payment-card details — those stay with Google Play. You can read Google Play’s privacy policy here.

Submitted pieces (only if you’re a Patron and choose to submit). Patrons can add pieces to the gallery in the field. When you submit a piece, the following becomes part of the public gallery and visible to all users:

  • The photo you take with your phone’s camera at submit time. We require a fresh camera capture (not a gallery pick) and strip EXIF metadata from the image before storing it. The photo is uploaded to our storage and shown on the piece’s detail page.
  • Your phone’s GPS coordinates at the moment of submission, which become the piece’s location pin on the map.
  • The title and any optional details (artist, year, type) you type into the form.
  • Your “submission byline” — a name or handle you choose for crediting your contributions. You set it the first time you submit; you can change it any time in Settings → Preferences. You can choose “Anonymous Patron” if you’d rather not be named. Your byline is shown publicly under each piece you submit.

We also store, attached to your account but not shown publicly: the user ID of the submitter and the submission timestamp. These let us moderate (remove pieces that violate the Terms of Service) and let you delete submissions if needed. If you delete your account, the submission record’s link to your user ID is severed; the piece itself remains in the gallery as a public contribution unless you ask us to remove it.

Crash and error reports (via Sentry).If the app crashes or encounters an error, we collect the technical details of the crash: a stack trace, the app version, the device model (e.g. “Pixel 8”), and the OS version (e.g. “Android 14”). We have explicitly disabled the collection of IP addresses, cookies, and user identifiers. These reports help us fix bugs; they never identify you personally. Retention: 90 days.

Ad-related data (via Google AdMob, free tier only). We display banner ads from Google AdMob to users who are not Patrons. To serve those ads, AdMob collects:

  • Your device’s Advertising ID (a resettable identifier — you can reset or limit it any time in Android Settings → Privacy → Ads, or iOS Settings → Privacy & Security → Tracking).
  • General device information (model, OS version, language).
  • Coarse location derived from your IP address (country/region — not a precise location).

This information is used by Google to deliver ads, measure ad performance, and combat fraud. We do not see or store this data ourselves; it goes directly from the AdMob SDK to Google. Google’s use of this data is governed by Google’s privacy policy and the AdMob/Google Mobile Ads SDK terms. Patrons see no ads, and the AdMob SDK is not asked to load when a user is signed in as a Patron.

We do not:

  • Track which artworks you view, or where you walk.
  • Use third-party analytics SDKs to profile you across other apps or websites.
  • Access your microphone, contacts, photos library, or calendar.
  • Fingerprint your device.

A note on camera and location access. The app requests camera access only when a Patron chooses to submit a piece — we never access the camera otherwise. The app requests foreground location for the Near Me tab and again for piece submission. We never access your location in the background. You can decline both permissions and continue using the app without these features.

Third-party services

These services make the app work. Each has its own privacy policy, linked below.

  • Mapbox serves map tiles. When the app fetches a tile, Mapbox sees your IP address. We never see or store this.
  • Supabase hosts the artwork database, your account (if you sign in), your saved tours, and Patron purchase records. Connection metadata may be logged by Supabase; we do not associate that with individual users beyond what is required to authenticate sign-in.
  • Sentry receives the crash reports described above.
  • Google AdMob serves banner ads to non-Patron users (see above).
  • Google Play Billing processes Patron purchases. We receive only a purchase token and order ID — never your card details.
  • Resendis the email provider that delivers the sign-in “magic link.” Resend processes the email address solely to deliver that one message.

When you tap Directions, the app opens your device’s native maps application with a location query. When you tap See photos, it opens Google Image Search in your browser. These handoffs leave our app entirely; the receiving service’s privacy policy applies.

Photos shown on piece detail pages. Photos come from one of three sources:

  • Wikimedia Commons (via Wikidata). For pieces our pipeline has matched to a Wikidata record with a Commons photo, we cache a copy of the photo to our own storage so we can show it reliably and credit the photographer. Loading the photo from our storage means your IP is visible to Supabase (our hosting provider), not to Wikimedia. The photographer and license appear next to the photo, with links back to the Commons file.
  • A Patron’s submission.Photos that a Patron took at the piece, uploaded through the in-app submission flow. We host these in our storage. The submitter’s chosen byline appears next to the photo.
  • A city’s open-data portal.Some city-sourced pieces include a hot-linked image URL from the city’s own host. When you open such a piece, your device fetches the image directly from that host and your IP is visible to it as part of the HTTP request. We don’t host, see, or proxy these requests; treat them like any image embedded on a webpage.

We are not affiliated with Wikimedia, OpenStreetMap, the cities whose data we ingest, or any external image host. Each has its own privacy practices.

Your choices

  • Use the app without signing in. Most features (browse, map, near-me, tour-building, directions) work without an account.
  • Reset or limit your Advertising ID in your device settings (links above) to opt out of personalized ads in any app, including this one. You can also become a Patron to remove ads entirely.
  • Delete your account. Email seth@backroomstrategies.com with the address you signed in with and we’ll delete your account, your saved tours, and your purchase records (Patron status will be lost; Google Play handles refund eligibility separately under their refund policy).

How to contact us

Email seth@backroomstrategies.com for any privacy question or request, including:

  • Asking us to delete your account and the data associated with it.
  • Asking an artwork to be removed from the app (see the “Report this artwork” link on any piece).

Children

Urban Gallery is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have, please contact us and we will act promptly.

Changes

If we change this policy, we’ll update the “Last updated” date above and note what changed in the About tab. Material changes will be announced before taking effect.

Jurisdiction

Back Room Strategies Ltd is based in Colorado, United States. This policy is governed by Colorado law.