Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect information through our authentication provider, Clerk. This includes your name, email address, and profile picture. If you sign in through a third-party provider (such as Google or Apple), we receive the information you authorize that provider to share.

Trip Content

We collect photos, videos, and associated metadata (such as file names, timestamps, and file sizes) that you upload to your trips. Media is uploaded directly from your device to Cloudinary, our cloud media storage provider. We also store trip names, descriptions, member lists, and other organizational data you create within the Service.

Usage Data

We automatically collect certain information when you access the Service, including your device type, operating system, browser type, IP address, general usage patterns, and interaction data. This data helps us maintain, improve, and secure the Service.

Cookies (Web Only)

Our web application uses cookies and similar technologies to maintain your session, remember your preferences, and ensure the security of your account. We do not use cookies for advertising or cross-site tracking.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain the Service: enabling you to create trips, upload media, invite members, and share memories.
• Process and store your media: uploading, transforming, and delivering your photos and videos through Cloudinary.
• Authenticate and secure your account: verifying your identity and protecting against unauthorized access via Clerk.
• Send service-related communications: account verification, security alerts, trip invitations, and important updates about the Service.
• Improve the Service: analyzing aggregate usage patterns to enhance performance, reliability, and user experience.

3. How We Store Your Data

Your data is distributed across trusted, industry-standard service providers:

• Media storage: Photos and videos are stored and delivered via Cloudinary, a third-party cloud media platform with enterprise-grade security.
• Account data: Authentication credentials and profile information are managed by Clerk, a dedicated authentication provider.
• Application data: Trip details, member relationships, favorites, and other app data are stored via Convex, a backend-as-a-service platform.

All data transmitted between your device and our services is encrypted using HTTPS/TLS. We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

4. Third-Party Services

We rely on the following third-party services to operate OurTrail. Each service receives only the data necessary for its function:

Each third-party service operates under its own privacy policy. We encourage you to review their respective policies for details on how they handle your data.

5. Your Rights

For EU Users (GDPR)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data.
• Right to data portability: receive your data in a structured, commonly used format.
• Right to restrict processing: request that we limit how we use your data.
• Right to object: object to the processing of your personal data in certain circumstances.

For California Users (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: request deletion of your personal information.
• Right to opt-out: opt out of the sale of your personal information. Note: we do not sell personal information.
• Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

Exercising Your Rights

To exercise any of the rights described above, please contact us at info@syntaxlabtechnology.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

6. Data Retention

• Active accounts: your data is retained for as long as your account remains active and you continue to use the Service.
• Soft-deleted media: when you delete photos or videos, they are moved to a trash folder and can be restored for up to 30 days. After 30 days, they are permanently and irreversibly deleted from all systems.
• Account deletion:if you request deletion of your account, all associated data -- including trips, media, and profile information -- will be permanently removed within 30 days. Backup copies may take up to an additional 30 days to be purged from our third-party providers' systems.

7. Children's Privacy

OurTrail is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at info@syntaxlabtechnology.com, and we will promptly delete such information from our systems.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email or through an in-app notification and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically for the latest information on our privacy practices.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: