Privacy Policy

Last updated: March 5, 2026

Summary

  • What Open Road does: Drive logging app with optional social features (friends, convoys, live presence, speed trap sharing, voice chat).
  • Local data: Drive logs stored on-device and optionally synced to private iCloud (iOS) or Firebase (Android).
  • Server data: Social features use Firebase (Firestore, Cloud Functions, Storage, FCM). Voice chat uses LiveKit for real-time audio (not recorded).
  • Account: Sign in with Apple (iOS) or Google / email (Android); stable identifier only received.
  • No selling: Personal data is never sold to advertisers, data brokers, insurance companies, or government agencies. No ad tracking or tracking pixels.
  • Analytics: Firebase Analytics collects anonymous usage data only (app launches, screen views, feature usage) — never location, routes, or driving data.
  • Privacy trimming: Shared drive routes are automatically privacy-trimmed (start/end removed, privacy zones stripped).
  • Deletion: Delete account in-app to remove all server data from 50+ Firestore collections, Cloud Storage, and local data. Permanent and irreversible.
  • Contact: openroadsup@gmail.com

1. Data Controller

Open Road is the data controller for personal data processed through the App.

Contact: openroadsup@gmail.com

2. Data We Collect

2.1 Local Drive Data

Data stored locally on device and optionally synced to private iCloud (iOS) or Firebase (Android) via CloudKit / Firestore:

  • Location data: GPS coordinates recorded during drive sessions for routes, distance, speed, and map/heatmap rendering.
  • Motion data (if enabled): Accelerometer and gyroscope data for acceleration and driving dynamics estimation.
  • Drive metadata: Start/end times, duration, and user-assigned labels or notes.

Drive route data is not transmitted to Open Road servers; however, social feature usage may send related data (presence, shared speed objects) to servers.

2.2 Social Features Data (Server-Stored)

If using social features, data processed on Firebase backend includes:

  • Account identifier: Stable identifier from Sign in with Apple / Google (email not received unless user shares).
  • Friends list: User identifiers of connected people.
  • Convoy membership: Data about convoy groups joined or created.
  • Live presence (optional): Real-time location shared with friends during active sessions.
  • Speed traps/zones: Location data for reported speed traps/zones shared with friends.
  • Push notification tokens: Device tokens stored in Firebase Cloud Messaging (FCM).
  • Shared drive routes: When a user shares a drive to their feed, routes are automatically privacy-trimmed — approximately 1.35 miles removed from both ends, plus any segments within user-defined privacy zones (e.g., near home or work) are fully removed.
  • Presence data: Has a 90-second TTL and is auto-deleted. Location is quantized to a 100m grid for non-convoy members.

2.3 Voice Chat

Voice chat is facilitated via LiveKit with authentication tokens issued for calls. Audio streams are transmitted peer-to-peer or via LiveKit servers in real-time. Voice calls are not recorded or stored.

2.4 Speed Traps and Speed Zones

Speed traps and speed zones are in-app driving challenges (similar to Forza speed traps) — they are not related to law enforcement detection.

  • Stored with creator ID for ownership and editing purposes.
  • Shared with friends only — not publicly visible.
  • Deleted when the creator's account is deleted.

3. Purposes and Legal Bases

PurposeLegal Basis (GDPR)
Provide core drive logging functionalityContract necessity (Art. 6(1)(b))
Sync drive data to iCloud / FirebaseContract necessity (Art. 6(1)(b))
Enable social features (friends, convoys, speed traps)Contract necessity (Art. 6(1)(b))
Share live presence with friendsConsent (Art. 6(1)(a))
Access microphone for voice chatConsent (Art. 6(1)(a))
Send push notificationsConsent (Art. 6(1)(a))
Facilitate voice chat connectionsContract necessity (Art. 6(1)(b))
Process in-app purchasesContract necessity (Art. 6(1)(b))
Anonymous usage analytics (Firebase Analytics)Legitimate interests (Art. 6(1)(f))
Security monitoring and abuse preventionLegitimate interests (Art. 6(1)(f))
Comply with legal obligationsLegal obligation (Art. 6(1)(c))

4. Recipients and Processors

Third-party service providers (processors):

  • Google / Firebase: Firestore (database), Cloud Functions (server logic), Cloud Storage (file storage), Firebase Cloud Messaging (push notifications), Firebase Analytics (anonymous usage data). Data processed on Google Cloud infrastructure.
  • Apple: Sign in with Apple (authentication), App Store (subscription/purchase processing), iCloud/CloudKit (optional drive data sync). Payment card details not received from Apple.
  • Google Play: Google Play Billing (subscription/purchase processing on Android). Payment card details not received from Google.
  • LiveKit: Real-time voice transport for voice chat. Receives authentication tokens and routes audio streams; calls not recorded.

Personal data is not sold, rented, licensed, or provided to third parties for commercial purposes, including advertisers, data brokers, insurance companies, or government agencies. No third-party advertising or ad tracking services are used.

5. Law Enforcement and Government Requests

  • We will not voluntarily provide user data to law enforcement, government agencies, or any other authority.
  • We do not cooperate with informal requests, voluntary disclosure programs, or non-binding inquiries.
  • We will only provide user data if compelled by a legally binding court order — not a subpoena, not an informal ask.
  • Even when legally compelled, we provide the minimum data required and notify the affected user where legally permitted.
  • As of the date of this policy, we have never received a national security letter or FISA court order.
  • Drive data stays on-device unless the user explicitly shares it via social features — we cannot provide data we do not have.

6. Analytics

We use Firebase Analytics for anonymous usage data (app launches, screen views, feature usage). Analytics never includes location, routes, addresses, or driving data.

  • Technical blocklists are in place to prevent location, route, and address data from reaching any analytics service.
  • Firebase Remote Config is used for feature flags only.
  • We do not use Crashlytics, Sentry, ad SDKs, tracking pixels, IDFA, Mixpanel, Amplitude, Segment, or Facebook SDK.
  • Analytics properties collected: app version, subscription status, drive count, and total distance (rounded). No usernames, emails, or device IDs are collected.

7. International Data Transfers

Data may be transferred to and processed in countries outside your residence, including the United States, where service providers operate data centers.

For EEA, United Kingdom, or Switzerland users: recognized transfer mechanisms (such as Standard Contractual Clauses) used by service providers facilitate lawful data transfers to countries without adequacy decisions.

8. Data Retention

  • Local drive data: Retained on device and cloud until user deletion or account deletion.
  • Live presence data: Expires after 90 seconds; server cleanup runs every 2 minutes to remove stale entries.
  • Push notification tokens: Retained until notification permissions revoked, notifications disabled in-app, or account deleted.
  • Speed trap/zone objects: Retained until hidden/removed in-app or account deleted. Note: shared items may persist for other users.
  • Friends list and convoy data: Retained until relationship removed or account deleted.
  • Account deletion records: Retained for 30 days to confirm deletion and prevent abuse, then auto-deleted.
  • Drive feed entries: Retained until the user deletes them, changes visibility, or deletes their account.
  • Voice chat: No retention; audio transmitted in real-time only.

9. Your Rights

Under GDPR and applicable US privacy laws, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of data ("right to be forgotten").
  • Restriction: Request processing restriction in certain circumstances.
  • Portability: Request data in a portable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Withdraw consent where processing is based on consent (live presence, push notifications, microphone access).

How to Exercise Your Rights

  • Email: Contact openroadsup@gmail.com with your request. Identity verification may be required.
  • In-app deletion: Delete your account directly in the app via Profile → Settings → Delete Account. Removes server data and local data.

Response aim: 30 days or as required by applicable law.

10. Account Deletion

Delete your account anytime from the app:

Profile → Settings → Delete Account

Account deletion removes data from 50+ Firestore collections including:

  • Profile, drives, feed entries, friends (both directions), speed traps, convoys, presence, push tokens, events, and all subcollections.
  • Cloud Storage avatars are deleted.
  • Apple Sign-In tokens are revoked.
  • Local device data and iCloud/CloudKit data (if iCloud sync was enabled on iOS) are removed.

Moderation reports are redacted (personally identifiable information removed) but not deleted, to maintain platform safety records.

Deletion is permanent and irreversible.

11. Supervisory Authority (EU Users)

EEA, United Kingdom, or Switzerland users who believe their data protection rights have been violated may lodge a complaint with their local supervisory authority (data protection authority). We encourage contacting us first to resolve concerns.

12. Security Measures

Technical and organizational measures implemented to protect personal data:

  • Encryption of data in transit (TLS/HTTPS).
  • Encryption at rest applied by service providers (Firebase, iCloud) as part of standard infrastructure.
  • Authentication via Sign in with Apple / Google with secure token handling.
  • Firebase Security Rules restricting data access.
  • Regular access control and security practice review.
  • Analytics blocklist prevents location, route, and address data from reaching any analytics service.
  • Live presence uses 100m grid quantization to reduce location precision for non-convoy members.
  • Privacy zone offsets are randomized (200–800m) to prevent triangulation of home/work locations.
  • Route trimming uses per-drive jitter seeded by device keychain salt for consistent but unpredictable privacy offsets.

13. Children and Minors

Open Road is not intended for children under 13 (or the applicable minimum age in your jurisdiction, such as 16 in parts of the EU). We do not knowingly collect personal data from children below these ages. If a child under the applicable age has created an account or provided personal data, contact openroadsup@gmail.com and the data will be deleted as soon as reasonably practicable.

14. California Notice

Personal information is not sold or shared for cross-context behavioral advertising under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

15. Purchases

Subscriptions and in-app purchases are processed by Apple via the App Store (iOS) or Google via Google Play (Android). Payment card details are not received or stored by Open Road. Purchase history is managed by Apple / Google under their respective privacy policies.

16. Changes to This Policy

This Privacy Policy may be updated periodically. Material changes will be notified by updating the "Last updated" date at the top. Continued use of the app after changes constitutes acceptance of the revised policy.

17. Contact

For questions, requests, or concerns about this Privacy Policy or your personal data:

openroadsup@gmail.com