English · Русский

Privacy Policy

Last updated: April 20, 2026

1. Overview

TripTrack is an iOS application for recording personal car trips. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to the TripTrack mobile app and any server infrastructure we operate ("Service").

The developer of TripTrack ("we", "us") acts as the data controller for personal data processed through the Service. Contact: privacy@trip-track.app.

2. Two Usage Modes

TripTrack works in two distinct modes. The data we process depends on which mode you use.

2.1 Guest mode (offline, default)

If you do not sign in, TripTrack stores all your data — trips, GPS tracks, photos, vehicle profiles, preferences — exclusively on your device using Apple's CoreData framework. No data leaves the device. In this mode we do not process any personal data on our servers.

2.2 Signed-in mode (cloud sync)

If you sign in with Apple, your data can be synchronized with our server so it is available on your other devices. Cloud sync is opt-in and can be disabled at any time in the app (Profile → Cloud Sync).

3. Data We Process

3.1 Account data (signed-in mode only)

3.2 Trip and vehicle data (signed-in mode only, when cloud sync is on)

3.3 Technical data

3.4 Local-only data (never leaves your device)

4. Location Data — Detail

5. Purposes and Legal Bases (GDPR)

For users in the European Economic Area, the United Kingdom, and jurisdictions with similar rules, we process each data category on the following lawful bases (GDPR Art. 6):

DataPurposeLegal basis
Apple user ID, account UUID, device UUIDCreate and authenticate your accountContract — Art. 6(1)(b)
Email, display nameAccount identification, social features, account recoveryContract — Art. 6(1)(b)
GPS trips (uploaded on opt-in)Deliver the sync service you enabledContract — Art. 6(1)(b)
Photos (EXIF stripped)Deliver the sync serviceContract — Art. 6(1)(b)
Public profile, follows, reactions, trip sharesDeliver social features you enabledContract — Art. 6(1)(b)
Server access logs, IP addresses, abuse-report recordsSecurity, abuse prevention, accountabilityLegitimate interests — Art. 6(1)(f), Recital 49
Account-deletion audit record (timestamp + opaque hash only)Demonstrate compliance with Art. 17 requestsLegal obligation + legitimate interests — Art. 6(1)(c)+(f)

We do not rely on consent as a legal basis for the core service. Using a feature (tapping Record, enabling cloud sync, making your profile public) is your affirmative action to use that feature under Art. 6(1)(b). This is intentional — it means there is no ambiguous "consent withdrawal" question for core features; you simply disable the feature and processing stops.

Precise location and special category data. GPS coordinates are not special-category data under GDPR Art. 9 per se. We do not derive, infer, or cluster users by visited-place type (e.g., health, religion, sexuality). We do not run machine-learning inference on trip coordinates. If our practice changes, this policy will be updated in advance.

6. Sub-processors

When you use cloud sync, the following parties process data on our behalf or alongside us:

We do not sell or share your personal information. We do not use analytics SDKs, advertising networks, cross-app/site tracking, or any third-party trackers. We do not share data with advertisers. We do not use your content to train machine-learning models.

7. International Data Transfers

Our primary hosting is in the European Economic Area. Photo storage on Cloudflare R2 uses an EU-jurisdiction bucket; however, as a US-headquartered company, Cloudflare is subject to US law. We rely on Cloudflare's EU-US Data Privacy Framework certification and Standard Contractual Clauses as transfer mechanisms. Sign in with Apple authentication routes through Apple Inc. (United States) under the EU-US DPF. If you are in a jurisdiction with stricter cross-border rules, using cloud sync constitutes your informed consent to this transfer.

8. Data Retention

9. Your Rights

Depending on your jurisdiction, you have the following rights:

We respond to verified requests within 30 days.

10. Security

No system is perfectly secure. If you believe your account has been compromised, contact us immediately.

11. Children's Privacy

TripTrack is directed to adults and is not intended for children. The minimum age to use the App is 16 (matching the strictest GDPR Art. 8 threshold across EU member states). We do not knowingly collect personal data from children under 13 in the United States (COPPA), and will delete any account we learn belongs to a user under 13. If you believe a child has provided us with personal data, please contact us for prompt removal.

11a. US State-Specific Disclosures

California (CCPA/CPRA). We do not sell or share your personal information as defined by California law. We do not use personal information for cross-context behavioral advertising. If you are a California resident, you may contact us to exercise rights to know, delete, correct, or access your data. We will verify your identity via the email on file.

Nevada (SB 220). Nevada residents may opt out of any future sale of their covered personal information by emailing privacy@trip-track.app. We currently do not sell personal information.

Washington (My Health My Data Act). Precise location data collected by the App may, in some cases, incidentally reveal visits to health-related facilities (e.g., a medical office, gym). To the extent any such data is classified as "consumer health data" under Washington law: (a) we collect it only when you actively record a trip; (b) we do not sell it; (c) we do not share it with advertisers; (d) we do not geofence health-facility locations; (e) you can delete it at any time by deleting the relevant trip or your account. Before any material change to this practice, we will obtain your separate opt-in consent. To exercise rights under RCW 19.373, email privacy@trip-track.app.

Other US states (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, etc.). Residents of states with comprehensive privacy laws have rights similar to California's under their respective statutes. To exercise any such right, email privacy@trip-track.app.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in the app or by email. The "Last updated" date at the top always reflects the current version.

13. Contact

Questions, complaints, or data subject requests: