Privacy promise

Poueni is built around the assumption that raw location data should stay on devices and tenants you control. The defaults are on-prem deployment + opt-in cloud sync; the public hosted service exists for evaluation and small operators who explicitly choose convenience over residency.

What the Android app sends

• BSSIDs (MAC addresses of nearby WiFi access points)
• RSSI values for each BSSID
• Cell tower identifiers + signal strength
• GPS coordinates with accuracy radius (only fixes < 20 m)
• A SHA-256 hash of each SSID (for debug only; never the raw SSID)
• A per-install random UUID (the device_id)

What the Android app deliberately never sends

• Raw SSID strings
• Phone hardware identifiers (IMEI, serial number, etc.)
• Contact lists, call logs, photos, files
• Your Google or any other account on the phone
• Anything outside the contribution batches you explicitly start collecting

Right to erasure

Email privacy@poueni.dloizides.com with your device_id (visible in the app's Settings screen) to request deletion of all contributions from that device. The Poueni API exposes a DELETE /v1/users/data endpoint that hard-deletes the rows — the dashboard surfaces a one-click button for this in M4.

Self-hosted option

If your compliance posture forbids any data leaving your network, the same backend runs as a single docker compose bundle on hardware you control. No outbound calls. See the source repository.