Travelog — Privacy Policy

Effective date: 1 June 2026

1. Who we are

Travelog ("we," "us," "our") is a personal travel tracking app published by Berna Ozer. This Privacy Policy explains what data the Travelog iOS app collects, how we use it, who we share it with, and the choices you have. It applies to the Travelog mobile application and related services (the "Service").

2. What we collect

2.1 Account data (only if you sign in)

Travelog can be used without an account. If you choose to sign in (so that your travels sync across devices and friends can find you), we collect:

• Email address (via Sign in with Apple or Google Sign-In)
• Display name and username
• Profile photo (optional, if you upload one)
• Home country (auto-detected from device locale; you can change it)

2.2 Travel content you create

• Check-ins: country code, optional city name, latitude/longitude, timestamp, and a verification flag
• Photos you import: we read the GPS metadata (EXIF) embedded in the photos you choose, to detect the country/city of the photo. Photo files themselves are NOT uploaded to our servers — only the resolved country/city + date are stored.
• Achievements, streaks, score: derived from your check-ins
• Travel "DNA" archetype: derived from your check-in mix (coastal / mountain / urban / etc.)

2.3 Friends and social

• The list of users you choose to follow ("following")
• Friend requests you send or receive
• Aggregated comparison data shown when you use Compare with Friends

2.4 Purchase data

If you subscribe to Travelog Premium or buy the lifetime tier, Apple's StoreKit handles payment. We do not see your credit card details. We receive only:

• The product identifier (monthly / yearly / lifetime)
• The transaction status and expiry date, server-verified via Apple's App Store Server API
• Whether you are in a free trial

2.5 Notifications

If you grant push permission, your device's FCM (Firebase Cloud Messaging) push token is stored against your account so we can send the following push types — each of which you can disable individually in Profile → Notifications:

• Streak reminders (daily, 20:00 local)
• Day-1 welcome-back push (next morning after onboarding)
• Weekly Sunday recap
• Achievement-proximity nudges
• Friend activity ("X just checked in to Y") — backend-triggered, 6h per-sender cooldown
• Throwback / "on this day" memories
• Trial-end reminder (24 hours before your free trial bills)

2.6 Analytics & diagnostics

We use Google Analytics for Firebase (GA4) to understand how the app is used, so we can fix bugs and improve features. Events are tied to a Firebase anonymous installation ID, not to your personal name. Examples of events: app open, screen view, paywall shown, purchase started/completed, streak rescued, memory shared.

We do not use the iOS Advertising Identifier (IDFA) and we do not show third-party ads.

2.7 Device data

Standard technical information: device model, iOS version, app version, language, time zone, and (only if you grant location permission and tap "Check in here") your current approximate location.

3. How we use it

• To render your map, passport, statistics, and Travel DNA
• To compute the global, regional, and friends leaderboards
• To deliver the social features you opt into (friend requests, friend activity push, compare)
• To process purchases and grant/revoke premium features
• To send the local and push notifications listed in §2.5, only of the types you have left enabled
• To debug crashes and improve product decisions through aggregated analytics

We do not sell your data. We do not use your data to train AI models. We do not run targeted advertising.

4. Third parties

The Service is built on the following processors, who handle limited categories of data on our behalf under their own privacy commitments:

• Google Firebase (Authentication, Firestore, Cloud Functions, Cloud Messaging, Analytics) — account, check-in, friend, and analytics data. See firebase.google.com/support/privacy.
• Apple (App Store, StoreKit, Push Notification Service, Sign in with Apple) — purchase verification and push delivery. See apple.com/legal/privacy.
• Google Sign-In — if you choose Google as your sign-in method.

We may disclose data when required to comply with a valid legal request, to protect the rights and safety of users, or in connection with a corporate transaction (merger, acquisition, transfer of assets) — in which case we will give notice through the Service before any change of control of your data.

5. Legal bases (EU/UK users — GDPR/UK GDPR)

• Contract: to provide the Service you requested (rendering your map, syncing your travels, processing purchases)
• Legitimate interest: to improve and secure the Service via diagnostic analytics
• Consent: for push notifications, location access, and access to your photo library — each requested at the OS level and revocable at any time in iOS Settings

6. Retention

• Account, profile, and travel content: kept while your account is active. Deleted on request (see §7) or 24 months after the account becomes inactive.
• Purchase verification records: kept for the duration of the subscription / lifetime entitlement plus 7 years for tax and accounting purposes.
• Push tokens: kept while you have notifications enabled. Removed when iOS reports the token as invalidated.
• Analytics events: retained for up to 14 months as per the default GA4 retention setting.

7. Your rights

Regardless of where you live, you can:

• Access a copy of the data we hold about you
• Correct inaccurate data (display name, username, home country via the in-app Profile editor)
• Delete your account and all associated data
• Withdraw consent for any optional processing (notifications, location, photos) at any time in iOS Settings
• Object to processing based on legitimate interest (analytics) by uninstalling the app
• Lodge a complaint with your local data protection authority (EU/UK residents)

To exercise any of these rights, contact us at the address in §11. We aim to respond within 30 days.

7.1 Deleting your account

From within the app, go to Profile → Settings → Delete Account. This will:

• Remove your profile, check-ins, achievements, and friend list from our servers
• Cancel any pending push tokens
• Anonymize remaining records that we must retain for legal reasons (e.g. purchase receipts)

Note: deleting the app from your device does not delete your server-side account. Use the in-app delete to do that.

8. Security

Data in transit is protected by TLS. Data at rest is stored on Google Firebase infrastructure subject to Google's security controls. Access by us to user records is limited to debugging and abuse-prevention purposes and is logged. We do not store passwords (authentication is delegated to Apple or Google).

No system is impenetrable — please use a strong unique password on your Apple/Google account, since that is what gates access to your Travelog account.

9. Children

Travelog is not directed at children under 13. The App Store age rating is 4+ but the social and content-sharing features require a real Apple ID, which Apple already gates for users under 13 via Family Sharing. If you believe a child under 13 has provided us personal data without parental consent, contact us and we will delete it.

10. Changes

We may update this policy from time to time. When we do, we will revise the "Effective date" at the top. Material changes will be surfaced in-app on next launch. Continued use of the Service after a change constitutes acceptance of the new policy.

11. Contact

For privacy questions, deletion requests, or any of the rights listed in §7:

• Email: brna.ozer@gmail.com

© 2026 Berna Ozer. Travelog is operated under the laws of the State of Delaware, USA.