Privacy Policy
Last updated: 2026-05-14
This policy explains what personal data Across collects, why, how long we keep it, and the rights you have over it under the GDPR (EU Regulation 2016/679).
1. Who's responsible
Across Roadtrips is operated by Benjamin Cherpas as a personal, non-commercial project hosted in the European Union (Fly.io Paris region + Cloudflare R2). Contact: [email protected]. For any privacy-related question or to exercise the rights listed below, write to that address — replies under 30 days, usually much faster.
2. What we collect
When you sign up: your email, your display name, and (optionally) a profile picture. Authentication uses email + password (hashed with scrypt) or Google OAuth (we receive your Google email, name, picture URL — no other Google data). When you use the app: the trips, points, notes, photos and comments you create. Photos carry their EXIF metadata (including GPS coordinates and capture date) which we use to auto-place them on the map; the original metadata is stripped from the file we re-encode and store. We also store like / view / follow signals tied to your account so the social surface works. When you enable notifications: a push subscription endpoint provided by your browser's push service (Google FCM, Mozilla autopush, or Apple APNs depending on your device). We don't see who you are at the push service — only an opaque endpoint identifier. Technical logs: standard server logs (IP, user agent, requested URL, response code) kept 30 days for security and abuse detection. Error reports captured by Sentry include a stack trace and a session anonymous id; no message bodies or photo content.
3. Why we collect it
Strictly to operate the service you signed up for: authenticate you, let you build and share trips, deliver notifications, fix bugs. We do NOT use your data for advertising, profiling, third-party sharing, training AI models, or any commercial purpose. There are no third-party trackers (no Google Analytics, no Facebook pixel, no ads SDK).
4. Legal basis (GDPR Art. 6)
Account data + content you upload: contract (Art. 6.1.b) — necessary to perform the service. Push notifications: consent (Art. 6.1.a) — you explicitly opt in via the in-app toggle. Revocable at any time. Security logs + Sentry: legitimate interest (Art. 6.1.f) — service integrity outweighs the minimal privacy impact of a 30-day request log.
5. How long we keep it
Active account: as long as it exists. Soft-deleted account: name, email and profile picture are anonymised immediately upon deletion; an audit row (with the user id only, no PII) is kept for 12 months for fraud / dispute resolution, then hard-deleted. Trips, points, photos and comments: deleted at the same time as the account. Server logs: 30 days. Sentry error reports: 90 days (Sentry default). Email delivery logs (Resend): 30 days.
6. Who we share it with
We share strictly necessary data with the infrastructure providers that make the service run, all GDPR-compliant: • Fly.io (Paris region) — application hosting + Postgres database. • Cloudflare (R2 + DNS + CDN) — photo storage and edge delivery. • Resend — transactional email delivery (password reset, email change verification). • Sentry — error monitoring (anonymised). • Google — only if you sign in with Google; only your Google email, name, picture URL is exchanged. We never sell, rent, license or trade your data.
7. Cookies & local storage
We use the absolute minimum: • A session cookie set by the authentication system (httpOnly, SameSite=Lax, Secure) — required to keep you signed in. • A small client-side preference (color mode, language) stored in localStorage — purely cosmetic. • The PWA service worker caches map tiles and photos you've viewed, for offline browsing. No advertising or analytics cookies.
8. Your rights
Under the GDPR you have the right to: • Access your data — visible in the app under Profile + Settings, or request a full export by email. • Correct your data — edit your name and email from the Profile page. • Delete your account — Settings → Danger zone → Delete my account. Everything except the 12-month audit row is wiped immediately. • Withdraw consent for notifications — disable from Settings → Notifications. • Port your data — request a JSON export by email; we respond within 30 days. • File a complaint with the CNIL (https://www.cnil.fr) if you think we've mishandled your data.
9. Security measures
Passwords are hashed with scrypt; never stored or logged in plain text. Connections are HTTPS-only with HSTS. The infrastructure uses encrypted-at-rest storage (Fly volumes + R2). Internal traffic between application and database is encrypted via Fly's private network. No employee has read access to your photos or notes.
10. Changes to this policy
We may update this page from time to time. The 'Last updated' date at the top reflects the most recent material change. We don't notify users for minor wording fixes; substantive changes (new data collected, new third party involved) will be flagged in-app or by email.
11. Contact
For any question, request or complaint: [email protected]. We reply within 30 days, usually much faster — this is a personal project, you're talking to the person who wrote the code.