Nothing can be seen through the access point from another iPhone, there are no such functions there.
On this topic.
Open his contact in the phone, check the "share geolocation" option.
Check the same in all messengers.
Tnlega, vk, viber, watsap.
Also in the settings, go to Apple ID, check if there is family access, if yes - turn off the transfer of geolocation
Also check - settings, privacy, geolocation - the option to share geolocation. Disable unnecessary people/contacts there.
You can also track it using the “find iPhone” function, knowing your apple id and password. It can be TIME!!! Disable this feature. Well, or temporarily cut off geolocation, for a week, for example.
And stop posting any photos on the social network (and let your friends also not post photos with you), everything is fired at them once or twice

a person doesn’t know how to exit and enter
, he just takes it on a show,
but if there wasn’t an iPhone there ... it’s
all the same - exit and enter itunes account from everywhere

The access point cannot be responsible for coordinates, except just in the vicinity of a few meters, i.e. within the limits of wifi, and then rather only in the form of a distance (which means using a series of measurements at different points, you can triangulate by signal strength)
But, it is possible that the access point was with the ability to hack traffic (I’m not sure if there is a ready-made toolchain for rooted iPhones, and a non-rooted one will definitely not allow this), and you used an unencrypted connection or website at the time of using the access point, this data managed to count or even fake, and then 100,500 attack options, like stealing web application cookies, where it is possible to determine your location before uploading a malicious application to you by substitution (for an iPhone, you yourself would first have to root your phone), in general, it is difficult , unlikely, etc.
Solution - go through all the services, applications, chats, websites that you used using this access point, and 'clear the security token' this can be a password change, a special item in the security menu (for example, telegram allows you to see the list of sessions from which you are logged in , though the telegram itself encrypts communications and it’s impossible to do anything with it through the access point, it was just an example), etc.
There are also paid provider services that allow you to monitor your phone with an accuracy of several meters at base stations, this is solved by studying your personal account or going to their support (you can usually turn this on with only physical access to the phone).
Also delete all the applications that you installed at the suggestion of this person or that he could install with physical access to your smartphone, in a simple way - arrange a factory reset, by itself copying everything useful to your computer.