Privacy Policy
Effective Date: March 30, 2026
1. Data Controller
KronTrek is operated by Andrew Eickhoff.
2. What We Collect
- Location Data (Anonymized): GPS coordinates logged during trail navigation. Anonymized after 90 days.
- Usage Analytics: App interactions, features accessed, session duration, device type, OS version.
- Trail Photos: Only with explicit user consent. Metadata (EXIF) included for location context.
- Account Information (if registered): Name, email, optional profile photo, preferences.
- Device Information: Model, OS, app version for compatibility and crash reporting.
3. What We Do NOT Collect
- No advertising tracking cookies or pixels
- No third-party data sharing or selling
- No financial information (we do not process payments)
- No behavioral profiling across other apps or websites
- No biometric data beyond device-level sensor access (for trail orientation)
4. Legal Basis (GDPR Article 6)
Why we process your data:
- Legitimate Interest: Safety features (trail tracking, emergency bailout points, weather alerts)
- Consent: Trail photos, analytics optional features
- Contract: Account creation and premium features (if registered)
- Legal Obligation: Emergency response coordination with local authorities
5. Data Retention
- Location Data: Purged after 90 days (or on request)
- Trail Photos: Retained until user deletion; backup retained 30 days after deletion
- Account Data: Retained while account is active; 30 days after account deletion for compliance
- Analytics: Aggregated (anonymized) data retained for 365 days; individual events purged after 90 days
- Crash Logs: Retained for 7 days only
6. Your Rights (GDPR & CCPA)
- Right to Access (Article 15): Request all data we hold about you
- Right to Rectification (Article 16): Correct or update inaccurate data
- Right to Erasure (Article 17): Request complete data deletion ("Right to Be Forgotten")
- Right to Restrict Processing (Article 18): Pause processing without deletion
- Right to Data Portability (Article 20): Export all your data in portable format (JSON)
- Right to Object (Article 21): Opt out of specific processing (analytics, emails)
- Rights Related to Automated Decision Making: We do not use automated profiling
To exercise these rights: Email [email protected] with your request. We will respond within 30 days (GDPR) or 45 days (CCPA).
7. Data Transfers & International Compliance
- Cloudflare R2: Cloud storage in US region. Transfers subject to Standard Contractual Clauses (SCCs) per EU adequacy decision.
- Ollama (Local): AI model runs on-device (Mac Mini, Japan). No data leaves your device for AI processing.
- PostgreSQL (Japan): Primary database on Mini (192.168.1.18). Backup to R2 encrypted.
8. Cookie & Session Policy
- No Tracking Cookies: We do not use third-party analytics cookies or Facebook Pixel
- Functional Cookies: Session tokens only (encrypted, 24-hour expiration)
- No Ads: No ad-related cookies or tracking
- Your Choice: You can delete cookies at any time via browser settings; limited features may not work without session cookies
9. Children & Minors
KronTrek is designed for adults (18+) and families hiking trails. We do not knowingly collect data from children under 13 without parental consent. Parents may request deletion of minors' data at [email protected].
10. Security
- HTTPS/TLS encryption for all data in transit
- PostgreSQL encryption at rest (dm-crypt)
- Access logs and audit trails for all data modifications
- Regular security patches and dependency updates
- No hardcoded API keys or credentials in code
11. Third-Party Services
- Cloudflare: CDN, DNS, DDoS protection. Privacy: Cloudflare Privacy Policy
- Apple App Store / Google Play: App distribution. Standard privacy terms apply.
- No Social Media Integration: We do not embed Facebook, Google, or Twitter pixels
12. Contact & Complaints
Data Protection Officer (DPO): [email protected]
EU Users - Right to Lodge Complaint: If you believe we have violated GDPR, you have the right to file a complaint with your national supervisory authority:
13. California Privacy (CCPA)
No Sale of Personal Information: KronTrek does not sell, rent, or trade personal information. Our business model is subscription-based (free trail maps + premium features), not data monetization.
California Residents' Rights: Same as GDPR (access, deletion, portability). Request at [email protected].
14. Policy Updates
We may update this policy. Material changes will be announced via in-app notification or email. Continued use of KronTrek after updates constitutes acceptance.
15. Effective Date & Version
Version 1.0 — Effective March 30, 2026