Privacy Policy

1. Who We Are

Controller: OpenRoad LLC, 5941 39th Ave SW, Seattle, WA 98136, USA. Contact: openroadsup@gmail.com.

EU Representative (GDPR Art. 27): Prighter Group, Schellinggasse 3/10, 1010 Vienna, Austria — contact form at prighter.com/q/#openroad.

UK Representative (UK GDPR Art. 27): Prighter Ltd., 6 Mitre Passage, London SE10 0ER, United Kingdom — same contact form.

2. Data We Collect

2.1 Local Drive Data

Data stored locally on device (Core Data on iOS; Room database on Android) and optionally synced to private iCloud (iOS) via CloudKit or Firebase (Android) via Firestore:

• Location data: GPS coordinates recorded during drive sessions for routes, distance, speed, and map/heatmap rendering.
• Motion data (if enabled): Accelerometer and gyroscope data for acceleration and driving dynamics estimation.
• Drive metadata: Start/end times, duration, and user-assigned labels or notes.

Drive route data is not transmitted to Open Road servers; however, social feature usage may send related data (presence, shared speed objects) to servers.

2.2 Social Features Data (Server-Stored)

If using social features, data processed on Firebase backend includes:

• Account identifier: Stable identifier from Sign in with Apple / Google (email not received unless user shares).
• Friends list: User identifiers of connected people.
• Convoy membership: Data about convoy groups joined or created.
• Live presence (optional): Real-time location shared with friends during active sessions.
• Markers/zones: Location data for reported markers/zones shared with friends.
• Push notification tokens: Device tokens stored in Firebase Cloud Messaging (FCM).
• Shared drive routes: When a user shares a drive to their feed, routes are automatically privacy-trimmed. On iOS, approximately 1.0–1.7 miles are removed from both ends using a stable per-drive hash. On all platforms, any segments within user-defined privacy zones (e.g., near home or work) are fully removed.
• Presence data: Has a 90-second TTL and is auto-deleted. Location is quantized to a 100m grid for non-convoy members.

2.3 Photos and Camera

The App may request access to your device camera and photo library for profile photos and vehicle photos. These images are stored locally and, if you use social features, uploaded to Firebase Storage. Photos are deleted when the associated profile or vehicle is deleted, or when the account is deleted.

2.4 Voice Chat

Voice chat is facilitated via LiveKit with authentication tokens issued for calls. Audio streams are transmitted peer-to-peer or via LiveKit servers in real-time. Voice calls are not recorded or stored.

2.5 Markers and Zones

Markers and zones are in-app driving challenges (similar to Forza speed traps) — they are not related to law enforcement detection.

• Stored with creator ID for ownership and editing purposes.
• Shared with friends only — not publicly visible.
• Deleted when the creator's account is deleted.

3. Purposes and Legal Bases

4. Recipients and Processors

Third-party service providers (processors):

• Google / Firebase: Firestore (database), Cloud Functions (server logic), Cloud Storage (file storage), Firebase Cloud Messaging (push notifications), Firebase Analytics (anonymous usage data). Data processed on Google Cloud infrastructure.
• Apple: Sign in with Apple (authentication), App Store (subscription/purchase processing), iCloud/CloudKit (optional drive data sync). Payment card details not received from Apple.
• Google Play: Google Play Billing (subscription/purchase processing on Android). Payment card details not received from Google.
• LiveKit: Real-time voice transport for voice chat. Receives authentication tokens and routes audio streams; calls not recorded.
• PostHog: Product analytics service. Receives anonymous usage events (screen views, feature usage, onboarding steps). Session replay is enabled on Android with all text inputs masked. No location, route, or driving data is sent to PostHog. PostHog is disabled in debug builds.

Personal data is not sold, rented, licensed, or provided to third parties for commercial purposes, including advertisers, data brokers, insurance companies, or government agencies. No third-party advertising or ad tracking services are used.

5. Law Enforcement and Government Requests

• We will not voluntarily provide user data to law enforcement, government agencies, or any other authority.
• We do not cooperate with informal requests, voluntary disclosure programs, or non-binding inquiries.
• We will only provide user data if compelled by a legally binding court order — not a subpoena, not an informal ask.
• Even when legally compelled, we provide the minimum data required and notify the affected user where legally permitted.
• As of the date of this policy, we have never received a national security letter or FISA court order.
• Drive data stays on-device unless the user explicitly shares it via social features — we cannot provide data we do not have.

6. Analytics and Crash Reporting

We use Firebase Analytics and PostHog for anonymous usage data (app launches, screen views, feature usage). Analytics never includes location, routes, addresses, or driving data.

• Technical blocklists are in place to prevent location, route, and address data from reaching any analytics service.
• Firebase Remote Config is used for feature flags only.
• Firebase Crashlytics is used for crash reporting in release builds only. Crash reports include stack traces, app version, device model, and a truncated (non-identifying) user ID. No location or driving data is included in crash reports.
• PostHog collects anonymous usage events. On Android, session replay is enabled with all text inputs masked. PostHog is disabled in debug builds.
• We do not use Sentry, ad SDKs, tracking pixels, IDFA, Mixpanel, Amplitude, Segment, or Facebook SDK.
• Analytics properties collected: app version, build number, subscription status, and permission states. No usernames, emails, or device IDs are collected.

7. International Data Transfers

OpenRoad is based in the United States. If you use the Service from outside the U.S., your data is transferred to and processed in the U.S. For EU/EEA, UK, and Swiss data subjects, we rely on:

• The EU-US Data Privacy Framework adequacy decision (Commission Decision (EU) 2023/1795);
• The UK Extension and Swiss-US Data Privacy Framework;
• The EU Standard Contractual Clauses (Commission Decision (EU) 2021/914) and UK International Data Transfer Addendum as fallback where DPF does not apply.

For Brazil, we rely on ANPD-approved Standard Contractual Clauses. Service providers including Google/Firebase, PostHog, and LiveKit maintain transfer compliance documentation.

8. Data Retention

• Local drive data: Retained on device and cloud until user deletion or account deletion.
• Live presence data: Expires after 90 seconds; server cleanup runs every 2 minutes to remove stale entries.
• Push notification tokens: Retained until notification permissions revoked, notifications disabled in-app, or account deleted.
• Marker/zone objects: Retained until hidden/removed in-app or account deleted. Note: shared items may persist for other users.
• Friends list and convoy data: Retained until relationship removed or account deleted.
• Account deletion records: Retained for 30 days to confirm deletion and prevent abuse, then auto-deleted.
• Drive feed entries: Retained until the user deletes them, changes visibility, or deletes their account.
• Voice chat: No retention; audio transmitted in real-time only.

9. Your Rights

Under GDPR and applicable US privacy laws, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of data ("right to be forgotten").
• Restriction: Request processing restriction in certain circumstances.
• Portability: Request data in a portable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw consent where processing is based on consent (live presence, push notifications, microphone access).

How to Exercise Your Rights

• Email: Contact openroadsup@gmail.com with your request. Identity verification may be required.
• In-app deletion: Delete your account directly in the app via Profile → Settings → Delete Account. Removes server data and local data.

Response aim: 30 days or as required by applicable law.

10. Account Deletion

Delete your account anytime from the app:

Profile → Settings → Delete Account

Account deletion removes data from all Firestore collections including:

• Profile, drives, feed entries, friends (both directions), markers/zones, convoys, presence, push tokens, notification settings, and all subcollections.
• Cloud Storage files (avatars, vehicle photos, user uploads) are deleted.
• Apple Sign-In tokens are revoked (iOS). Google authentication credentials are removed (Android).
• Local device data is removed. On iOS, iCloud/CloudKit data (if sync was enabled) is also deleted.
• On iOS, deletion is processed server-side via Firebase Cloud Functions. On Android, deletion is performed client-side with cascading Firestore and Storage cleanup followed by Firebase Auth account removal.

Moderation reports are redacted (personally identifiable information removed) but not deleted, to maintain platform safety records.

Deletion is permanent and irreversible.

11. Supervisory Authority (EU/EEA/UK Users)

You have the right to lodge a complaint with your supervisory authority if you believe your data protection rights have been violated:

• EU/EEA: Your local data protection authority
• UK: Information Commissioner's Office (ICO) — ico.org.uk
• Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch

We encourage contacting us first at openroadsup@gmail.com to resolve concerns.

12. California Notice (CCPA/CPRA)

Although OpenRoad is below CCPA/CPRA applicability thresholds, we voluntarily extend these rights to California residents:

• Right to Know: Request a copy of the personal information we collect about you.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate information.
• Right to Opt Out of Sale/Sharing: We do not sell or share PI for cross-context behavioral advertising. We honor Global Privacy Control signals.
• Right to Limit Sensitive Personal Information: You can limit use of precise geolocation and other sensitive data.
• Right to Non-Discrimination: No discrimination for exercising CCPA/CPRA rights.
• Automatic Renewal Law: Subscription disclosures provided prior to purchase and in renewal reminders.

To exercise rights: Settings → Privacy & Data, or email openroadsup@gmail.com. We respond within 45 days.

13. Other U.S. State Rights

Residents of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Tennessee, Indiana, Kentucky, Rhode Island, New Jersey, New Hampshire, Minnesota, Maryland, Nebraska, and Nevada have similar rights to access, delete, correct, port, and opt out of profiling. We provide these rights on the same basis as California. Nevada and Connecticut residents: our Consumer Health Data Privacy Policy applies to drive data.

14. EU/EEA, UK, and Swiss Rights (GDPR / UK GDPR)

You have the following rights under GDPR / UK GDPR:

• Access (Art. 15): Obtain a copy of your personal data.
• Rectification (Art. 16): Correct inaccurate data.
• Erasure (Art. 17): Request deletion ("right to be forgotten").
• Restriction (Art. 18): Restrict processing in certain circumstances.
• Portability (Art. 20): Receive data in a portable format.
• Objection (Art. 21): Object to processing based on legitimate interests.
• Not to be subject to automated decision-making (Art. 22): Receive human review for decisions with legal or similarly significant effects.
• Withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting prior lawfulness.

Exercise rights in-app (Settings → Privacy & Data) or email openroadsup@gmail.com. Response time: 30 days.

15. Other Jurisdictions

Canada (PIPEDA / Quebec Law 25): Right to access, correct, withdraw consent, and complain to the Office of the Privacy Commissioner (priv.gc.ca) or your provincial authority.

Brazil (LGPD): Rights include confirmation, access, correction, deletion, portability, and withdrawal of consent. Contact our DPO at openroadsup@gmail.com (subject: "LGPD"). Complaints: ANPD at gov.br/anpd.

Japan (APPI): Request disclosure, correction, suspension of use, and suspension of third-party provision. Contact openroadsup@gmail.com (subject: "APPI").

16. Security Measures

Technical and organizational measures implemented to protect personal data:

• Encryption of data in transit (TLS/HTTPS).
• Encryption at rest applied by service providers (Firebase, iCloud) as part of standard infrastructure.
• Authentication via Sign in with Apple / Google with secure token handling.
• Firebase Security Rules restricting data access.
• Regular access control and security practice review.
• Analytics blocklist prevents location, route, and address data from reaching any analytics service.
• Live presence uses 100m grid quantization to reduce location precision for non-convoy members.
• Privacy zone offsets are randomized (200–800m) to prevent triangulation of home/work locations.
• On iOS, route trimming uses per-drive jitter seeded by device keychain salt (SHA-256) for consistent but unpredictable privacy offsets (1.0–1.7 miles removed from each end). On Android, route trimming is based on user-defined privacy zones.

17. Children and Minors

Open Road is not intended for children under 13 (or the applicable minimum age in your jurisdiction, such as 16 in parts of the EU). We do not knowingly collect personal data from children below these ages. If a child under the applicable age has created an account or provided personal data, contact openroadsup@gmail.com and the data will be deleted as soon as reasonably practicable.

18. Purchases

Subscriptions and in-app purchases are processed by Apple via the App Store (iOS) or Google via Google Play (Android). Payment card details are not received or stored by Open Road. Purchase history is managed by Apple / Google under their respective privacy policies.

19. Changes to This Policy

We will notify you of material changes via in-app notice and email at least 15 days before they take effect. Continued use after the effective date constitutes acceptance of the revised policy.

20. Contact

For questions, requests, or concerns about this Privacy Policy or your personal data:

openroadsup@gmail.com