That's fine, but as GP said, the browser geolocation API asks for location data from the device, and this is what it gives you back. Every app and website that has a "use my location" button will provide your latitude and longitude as accurately as possible, which is usually high enough to know not only your address, but also that you are currently in your downstairs bathroom. I'm also a bit surprised that you are technically savvy enough to maintain strict opsec but you didn't know how geolocation services work on a smartphone. Regardless, the developer of the website does not deserve your ire for using a common browser API. The app could be improved by offering a UI for entering a zip code, but they didn't set out to steal your PII.