Privacy Policy for TrustLog

Introduction

TrustLog ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this privacy policy carefully.

Information We Collect

1. Personal Information

When you create an account, we collect:

• Email address - Used for authentication and account recovery
• Password - Stored securely (hashed) for account access
• User ID - Automatically generated unique identifier

2. Location Data

TrustLog collects and uses your device location to provide core features:

• GPS Coordinates - To show nearby National Trust sites
• Location Permissions - We request ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION
• Usage - Location data is only collected when you actively use the app's map or "nearby sites" features
• Storage - Your current location is temporarily stored on your device and not sent to our servers unless you create a visit record

3. Visit and Activity Data

We store the following information when you use the app:

• Visit records - Sites you've visited, visit dates, and optional notes
• Favorites - National Trust sites you've marked as favorites
• Visit notes - Text notes you add to your visit records (maximum 200 words)

4. Device and Usage Information

We automatically collect:

• Device information - Device model, operating system version
• App usage data - Features you use, crash reports
• Network status - To enable offline functionality

5. Third-Party Services Data

TrustLog integrates with the following third-party services:

Google Services

• Google Maps API - For displaying maps and site locations
• Google OAuth - For optional sign-in with Google (requires your email and basic profile)
• Google Maps Static API - For displaying address preview images

Supabase (Backend Infrastructure)

• Authentication - User credentials and session management
• Database - Secure storage of your visit records and favorites
• Server location - United States

National Trust API

• Site Data - We fetch publicly available National Trust site information
• Emergency Notices - Real-time alerts about site closures or maintenance

How We Use Your Information

We use collected information to:

1. Provide core functionality - Enable visit tracking, favorites, and site discovery
2. Personalize your experience - Show nearby sites based on your location
3. Enable family sharing - Allow you to share visits and favorites with household members
4. Improve the app - Analyze usage patterns to fix bugs and add features
5. Send notifications - Emergency alerts about sites you've favorited (future feature)
6. Provide customer support - Respond to your inquiries and resolve issues

Data Sharing and Disclosure

Family/Household Sharing

When you join a household group:

• Your visit records and favorites become visible to all group members
• Group members can see visit dates, notes, and favorited sites
• You can leave a group at any time from the Profile screen

Third-Party Service Providers

We share your data with:

• Supabase - For secure cloud storage and authentication
• Google - For maps, OAuth authentication, and static map images
• National Trust - To fetch publicly available site information

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

Data Retention

• Active accounts - We retain your data for as long as your account is active
• Deleted accounts - When you delete your account, all personal data is permanently removed within 30 days
• Visit history - Retained indefinitely unless you manually delete individual visits or your entire account
• Cached site data - Stored locally on your device for 24 hours, then refreshed

Your Data Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the right to:

1. Access - Request a copy of your personal data
2. Correction - Update or correct inaccurate information
3. Deletion - Delete your account and all associated data via the "Delete My Data" button in Profile settings
4. Portability - Export your visit data (contact support@trustlog.app)
5. Withdraw consent - Revoke location permissions at any time through device settings
6. Object to processing - Opt out of non-essential data collection

To exercise these rights, contact us at privacy@trustlog.app

Children's Privacy (COPPA Compliance)

TrustLog is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Data Security

We implement security measures to protect your information:

• Encryption - All data transmitted between the app and servers uses HTTPS/TLS
• Password hashing - Passwords are hashed using industry-standard algorithms
• Row-level security (RLS) - Database policies ensure users can only access their own data
• No backup exposure - Android backup is disabled to prevent credential extraction
• Secure storage - Authentication tokens stored securely on your device

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Offline Functionality

TrustLog works offline:

• Local caching - Site data is cached on your device for 24 hours
• Offline queue - Actions performed offline are queued and synced when you reconnect
• Data persistence - Your favorites and visits are stored locally and synced to the cloud

Permissions We Request

Required Permissions

• INTERNET - To fetch site data and sync your visits
• ACCESS_FINE_LOCATION - To show nearby National Trust sites
• ACCESS_COARSE_LOCATION - For approximate location when GPS is unavailable

Optional Permissions

• READ_EXTERNAL_STORAGE - To select photos for visit records (if enabled)
• WRITE_EXTERNAL_STORAGE - To cache site data for offline use

Permissions We Do NOT Request

• RECORD_AUDIO - We do not access your microphone
• CAMERA - Not used (future feature for visit photos)
• CONTACTS - We do not access your contacts

Cookies and Tracking

TrustLog does not use cookies or third-party analytics trackers. We use:

• AsyncStorage - Local device storage for app state (favorites, cached sites)
• Session tokens - To maintain your login session

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying an in-app notification (for major changes)
• Sending an email to your registered email address (for material changes)

Your continued use of the app after changes indicates acceptance of the updated policy.

Your Choices

You can control your privacy:

1. Disable location - Turn off location permissions in device settings (nearby sites will not work)
2. Delete data - Use "Delete My Data" button in Profile → Account Settings
3. Leave household - Unlink from family sharing groups at any time
4. Logout - Sign out to stop syncing data
5. Uninstall - Remove the app to delete local data (cloud data remains until you delete your account)

Legal Information

• Service Provider: TrustLog is operated by MidPulse Labs
• Jurisdiction: United Kingdom
• Governing Law: This Privacy Policy is governed by the laws of the United Kingdom

Third-Party Links

The app may contain links to external sites (National Trust website, Google Maps). We are not responsible for the privacy practices of these third-party sites. Please review their privacy policies independently.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours via email and an in-app notification.

International Data Transfers

Your information may be transferred to and stored on servers located in the United States. By using TrustLog, you consent to this transfer. We ensure adequate safeguards are in place as required by GDPR.

---