Privacy Policy
Effective Date: February 22, 2026
App Version: 1.0.1
Bundle ID: com.autotriplog
Overview
AutoTripLog ("the app") is developed by AutoTripLog Inc. ("we", "us"). It is a vehicle mileage tracking and receipt capture app for iOS and Android. Privacy is a core design principle: all trip data, receipt data, vehicle data, and mileage records are stored locally on your device and are never transmitted to our servers (we operate no servers for user data).
This policy describes the limited technical data that does leave your device, how it is used, and your rights.
1. What Data We Collect
1.1 Data Stored Locally Only (Never Sent to Us)
The following data is created and stored exclusively on your device. It is never transmitted to our servers:
| Data Type | Examples | Purpose |
|---|---|---|
| Location / GPS | Trip routes (lat/lon coordinates), trip start/end points | Record vehicle trips for mileage logs |
| Trip records | Date, distance, duration, business purpose, classification | Mileage log for tax reporting |
| Receipt data | Vendor name, date, amount, address, expense type | Expense records and trip corroboration |
| Vehicle records | Make, model, year, odometer readings | Per-vehicle mileage tracking |
| Subscription status | Free/Pro tier, usage counters | Feature gating |
| App settings & preferences | Jurisdiction, fiscal year, notifications | Personalisation |
You control where backups of this data go (iCloud Drive, USB, AirDrop, etc.). AutoTripLog does not receive copies of your backups.
1.2 Crash Diagnostics (Sent to Google)
The app integrates Firebase Crashlytics (Google LLC) to capture anonymised crash reports when the app terminates unexpectedly.
What a crash report contains:
- Device model (e.g., "iPhone 15 Pro")
- Operating system version (e.g., "iOS 18.3")
- App version (e.g., "1.0.1")
- Crash stack trace (technical code location of the error)
- Timestamp of crash
What a crash report does NOT contain:
- Trip routes, locations, or GPS coordinates
- Receipt contents, vendor names, or amounts
- Vehicle information
- Your name or identity
- Any user-entered data whatsoever
Crash reports are used solely to identify and fix software bugs. They are processed by Google LLC under Google's data processing terms. See firebase.google.com/support/privacy for Google's practices.
You cannot currently opt out of crash reporting. If this is a concern, you should not use the app. We may add an opt-out setting in a future release.
1.3 Third-Party Services Used During Active App Features
These services are contacted when you use specific features. They receive only the minimum data needed to fulfil the request and do not receive your trip history or receipt data.
| Service | Provider | When Used | Data Sent |
|---|---|---|---|
| Geoapify Geocoding | Geoapify GmbH | Converting GPS coordinates to addresses; receipt address lookup | GPS coordinates or address text |
| Geoapify Routing | Geoapify GmbH | Calculating road distance between two points | Two coordinate pairs |
| Geoapify Map Tiles | Geoapify GmbH | Displaying maps in the app | Tile coordinates (map region being viewed) |
Geoapify's privacy policy: geoapify.com/privacy-policy
Where this data is processed: Crash diagnostic data is transmitted to and processed by Google LLC on servers located in the United States. Geocoding and routing data is processed by Geoapify GmbH, headquartered in Germany (EU). All other data remains on your device.
These services are contacted only when the relevant feature is used and only when your device has an internet connection. The app is fully functional offline except for address resolution and map display.
2. How We Use Data
| Data | Purpose |
|---|---|
| Crash diagnostics (via Crashlytics) | Identify and fix software defects |
| GPS coordinates (local) | Record trip distance and route |
| Receipt OCR output (local) | Populate expense records and suggest trip data |
We do not use your data for advertising, profiling, or any purpose other than operating the app's stated functions.
Legal basis for processing (GDPR / UK GDPR users): The limited data that leaves your device is processed on the following legal bases under Article 6 of the GDPR: crash diagnostic data is processed on the basis of legitimate interests (identifying and fixing software defects to maintain a functional app); geocoding and routing requests are processed on the basis of contract performance (these requests are necessary to deliver the specific app feature you have actively invoked). No other processing of personal data occurs.
3. Data We Do Not Collect
- We do not collect your name, email address, or any identifier
- We do not require account registration
- We do not track app usage analytics or behavioural data
- We do not build user profiles
- We do not sell, rent, or share your data with any third party for marketing purposes
- We do not use your location data for any purpose other than recording trips you initiate within the app
4. Data Retention
Local data: Stored on your device indefinitely until you delete it or uninstall the app. You can export and delete your data at any time via the Backup & Restore screen.
Crash reports: Retained by Google/Firebase according to their standard retention policies (typically 90 days in the Crashlytics console). We do not have separate control over Google's retention schedules.
Geocoding cache: Resolved addresses are cached locally on your device for up to 7 days to reduce repeated network requests. This cache is part of your local database and is deleted when you clear app data.
5. Data Sharing
We do not sell your data.
We share data only with the service providers described in Section 1 (Google/Firebase for crash diagnostics; Geoapify for maps and geocoding), strictly for the technical purposes described, and with no permission to use the data for their own purposes beyond service delivery.
When you export a mileage report or backup and share it with a third party (employer, accountant, tax authority, cloud storage), that data is outside our control. You are responsible for sharing reports only with parties who handle the data appropriately.
International data transfers: Crash diagnostic data is transferred to the United States (Google LLC). Google LLC participates in the EU–US Data Privacy Framework and provides Standard Contractual Clauses (SCCs) for transfers from the EEA, UK, and Switzerland. See firebase.google.com/support/privacy for details. Geoapify GmbH is headquartered in Germany and operates as an EU-based service provider subject to GDPR. Their privacy policy governs how they handle requests made through the app. See geoapify.com/privacy-policy for details.
6. Your Rights
Depending on where you are located, you may have the following rights:
All users:
- Access: Export all your app data at any time via Drawer → Backup & Restore → Export
- Deletion: Delete individual trips, receipts, and vehicles within the app; uninstalling the app removes all locally stored data
European Economic Area, UK, Switzerland (GDPR / UK GDPR):
- Right to access, rectify, erase, restrict processing, and data portability
- Right to object to processing
- Right to lodge a complaint with your local supervisory authority. EU supervisory authorities are listed at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.
Canada (PIPEDA / provincial privacy laws):
- Right to access your personal information
- Right to challenge the accuracy of your personal information
California (CCPA / CPRA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt out of sale (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
Australia (Privacy Act 1988):
- Right to access and correct personal information held about you
Other US states: If you are a resident of any US state with applicable privacy legislation (including Virginia, Colorado, Connecticut, Texas, Utah, and others), you have the same rights as described for California above, to the extent required by your state's law.
To exercise any right, contact us at: legal@autotriplog.com
Because all meaningful user data is stored locally on your device, the primary way to access, export, or delete your data is through the app itself.
7. Children's Privacy
AutoTripLog is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.
If you are under 13 years old, do not use this app. If you are a parent or guardian and believe a child under 13 has used AutoTripLog or submitted personal data, please contact us at legal@autotriplog.com and we will take appropriate steps.
8. Security
Your data is stored in a local SQLite database on your device, protected by your device's own security (device passcode, Face ID / Touch ID, disk encryption). We do not have access to your device or its data.
For iCloud backups: files are encrypted in transit and at rest by Apple's iCloud infrastructure.
For crash diagnostics: data is transmitted over HTTPS to Firebase and stored in Google's secured infrastructure.
9. Changes to This Policy
We may update this policy when the app's features or legal requirements change. When we do, we will update the Effective Date at the top of this document and post the updated version at the same URL. Continued use of the app after a policy update constitutes acceptance of the revised policy.
For significant changes we will add a notice within the app.
10. Contact
Developer / Data Controller:
AutoTripLog Inc.
1750 The Queensway Suite 529-3
Etobicoke ON M9C 5H5
Email: legal@autotriplog.com
Website: https://autotriplog.com
For privacy questions, data access requests, or to report a concern, email us at the address above. We aim to respond within 30 days.
This policy applies to the AutoTripLog iOS and Android apps (bundle ID: com.autotriplog). It does not apply to any third-party websites or services linked from within the app.