Privacy Policy

Last updated: January 2025

1. Data Controller

Trailsight acts as the data controller for the personal data collected through our Services. As the data controller, we determine the purposes and means of processing your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA"), and other applicable privacy legislation.

For any questions regarding data processing or to exercise your rights, please contact us at: contact@trailsight.app

2. Scope of Application

This Privacy Policy applies to all personal data collected through:

• Our mobile application available on iOS and Android platforms
• Our website at trailsight.app and all associated subdomains
• Any communication channels including email, contact forms, and customer support
• Third-party integrations and services connected to our platform
• Any other services or features we may offer from time to time

This Policy does not apply to third-party websites, applications, or services that may be linked from our Services. We encourage you to review the privacy policies of any third-party services before providing your personal information.

3. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, device identifiers, IP address, location data, and online identifiers
• "Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction
• "Data Subject" means any identified or identifiable natural person whose Personal Data is processed by us
• "Consent" means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they signify agreement to the processing of Personal Data
• "Third Party" means any natural or legal person, public authority, agency, or body other than the Data Subject, controller, processor, and persons who are authorized to process Personal Data under the direct authority of the controller or processor

4. Legal Basis for Processing

We process your Personal Data only when we have a valid legal basis to do so. The legal bases for our processing activities include:

• Consent (Article 6(1)(a) GDPR): Where you have given explicit consent to the processing of your Personal Data for one or more specific purposes. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Contractual Necessity (Article 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
• Legal Obligation (Article 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests (Article 6(1)(f) GDPR): Where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Our legitimate interests include improving our Services, ensuring security, preventing fraud, and conducting analytics.

5. Categories of Personal Data Collected

We may collect and process the following categories of Personal Data:

5.1 Information You Provide Directly

• Contact information: name, email address, and any other information you provide when contacting us
• Account information: if you create an account, login credentials and profile information
• Communication data: content of messages, feedback, reviews, and correspondence with us
• User-generated content: any data you voluntarily submit through our Services

5.2 Information Collected Automatically

• Device information: device type, model, manufacturer, operating system version, unique device identifiers (IDFA, GAID, IDFV), screen resolution, and language settings
• Usage data: interactions with the application, features accessed, pages viewed, session duration, navigation paths, and user preferences
• Technical data: IP address, browser type and version, time zone settings, browser plug-in types, and crash reports
• Location data: approximate geographic location based on IP address; precise location only if you grant explicit permission

5.3 Information from Third Parties

• Analytics data from Firebase Analytics and other analytics providers
• Information from app stores (Apple App Store, Google Play Store) regarding downloads and usage
• Publicly available information from trail event organizers and race databases

6. Purposes of Processing

We process your Personal Data for the following purposes:

• Service Provision: To provide, maintain, and improve our Services, including displaying trail events, GPX tracks, elevation profiles, and interactive maps
• User Experience: To personalize your experience, remember your preferences, and provide relevant content and recommendations
• Analytics and Research: To understand how users interact with our Services, identify trends, measure the effectiveness of features, and conduct research and development
• Technical Operations: To ensure the technical functionality, security, and stability of our Services, including debugging, error detection, and performance optimization
• Communication: To respond to your inquiries, provide customer support, send service-related notices, and communicate about updates or changes to our Services
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests
• Protection of Rights: To protect and defend our rights, property, and safety, as well as those of our users and third parties
• Fraud Prevention: To detect, prevent, and address fraud, security breaches, and other potentially prohibited or illegal activities

7. Cookies and Tracking Technologies

We and our third-party partners use cookies, web beacons, pixels, SDKs, and similar tracking technologies to collect information about your use of our Services.

7.1 Types of Technologies Used

• Essential Cookies: Necessary for the basic functionality of our Services and cannot be disabled
• Analytics Cookies: Help us understand how users interact with our Services by collecting anonymous usage data
• Preference Cookies: Remember your settings and preferences to enhance your experience
• Mobile SDKs: Software development kits integrated into our mobile application for analytics and functionality

7.2 Managing Your Preferences

You can manage cookie preferences through your browser settings or device settings. For mobile devices, you can reset your advertising identifier or opt out of personalized advertising through your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads). Please note that disabling certain cookies or tracking technologies may affect the functionality of our Services.

8. Third-Party Services and Data Sharing

We work with third-party service providers to help us operate, provide, and improve our Services. These providers may have access to your Personal Data only to perform specific tasks on our behalf and are obligated to protect your information.

8.1 Categories of Third Parties

• Firebase (Google LLC): Analytics, crash reporting, and performance monitoring. Firebase may collect device identifiers, usage data, and diagnostic information. Google's privacy policy: https://policies.google.com/privacy
• Hosting Providers: Our website and application infrastructure is hosted by OVH SAS (France), subject to European data protection standards
• App Store Providers: Apple Inc. and Google LLC process data related to app distribution, downloads, and in-app purchases according to their respective privacy policies
• Map Service Providers: We use mapping services to display routes and location information

8.2 Circumstances of Disclosure

We may disclose your Personal Data in the following circumstances:

• With your explicit consent or at your direction
• To comply with legal obligations, court orders, or lawful requests from public authorities
• To enforce our Terms of Use or other agreements
• To protect our rights, privacy, safety, property, or that of our users or others
• In connection with a merger, acquisition, reorganization, or sale of assets, where Personal Data may be transferred as a business asset
• To investigate, prevent, or take action regarding suspected illegal activities, fraud, or violations of our policies

We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes without your explicit consent.

9. International Data Transfers

Your Personal Data may be transferred to and processed in countries other than your country of residence, including the United States, where our third-party service providers operate. These countries may have data protection laws that differ from those of your jurisdiction.

When we transfer Personal Data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including: (i) transfers to countries deemed adequate by the European Commission; (ii) Standard Contractual Clauses approved by the European Commission; (iii) other legally recognized transfer mechanisms. By using our Services, you consent to the transfer of your information to countries outside your country of residence, including the United States.

10. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

• Usage and analytics data: retained for up to 26 months from collection, then anonymized or deleted
• Contact form submissions: retained for up to 3 years from the date of submission
• Technical logs and security data: retained for up to 12 months for security and debugging purposes
• Legal compliance data: retained as required by applicable law, which may exceed the above periods

When Personal Data is no longer required, we will securely delete or anonymize it. Anonymized data may be retained indefinitely for statistical and research purposes.

11. Data Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Secure storage of data on protected servers with access controls
• Regular security assessments and vulnerability testing
• Access restrictions limiting data access to authorized personnel only
• Employee training on data protection and security practices
• Incident response procedures for potential data breaches

While we take reasonable precautions to protect your Personal Data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security and are not responsible for any unauthorized access, hacking, data loss, or other breaches resulting from circumstances beyond our reasonable control.

12. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under applicable data protection laws:

• Right of Access (Article 15 GDPR): You have the right to obtain confirmation as to whether your Personal Data is being processed and, if so, to access such data along with information about the processing
• Right to Rectification (Article 16 GDPR): You have the right to request correction of inaccurate Personal Data and to have incomplete data completed
• Right to Erasure (Article 17 GDPR): You have the right to request deletion of your Personal Data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected
• Right to Restriction (Article 18 GDPR): You have the right to request restriction of processing of your Personal Data under certain circumstances
• Right to Data Portability (Article 20 GDPR): You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller
• Right to Object (Article 21 GDPR): You have the right to object to processing of your Personal Data based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement

To exercise any of these rights, please contact us at contact@trailsight.app. We will respond to your request within one month, subject to any extensions permitted by law. We may request verification of your identity before processing your request.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your information
• Right to Delete: You have the right to request deletion of your Personal Information, subject to certain exceptions
• Right to Opt-Out: You have the right to opt out of the "sale" of your Personal Information. We do not sell Personal Information as defined under the CCPA
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights

To exercise your California privacy rights, please contact us at contact@trailsight.app or submit a verifiable consumer request.

14. Children's Privacy

Our Services are not directed to children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect Personal Data from children. If you are a parent or guardian and believe that your child has provided us with Personal Data without your consent, please contact us immediately at contact@trailsight.app.

If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to delete that information from our servers as quickly as possible.

15. Links to Third-Party Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Trailsight. This includes links to trail event organizers, race registration platforms, and mapping services.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit. Your interactions with third-party services are governed solely by their respective privacy policies and terms of service.

16. Disclaimer and Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• We provide our Services and this Privacy Policy on an "as is" and "as available" basis without warranties of any kind, either express or implied
• We do not warrant that our data protection measures will prevent all unauthorized access or that your Personal Data will never be compromised
• We shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to any breach of this Privacy Policy or unauthorized access to your Personal Data
• Our total liability for any claims arising under this Privacy Policy shall not exceed the amount you paid us, if any, for use of our Services during the twelve (12) months preceding the claim
• Some jurisdictions do not allow the exclusion of certain warranties or limitation of liability, so the above limitations may not apply to you in full

17. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website and in our application
• Updating the "Last Updated" date at the top of this Policy
• Sending an email notification to users who have provided their email address (for significant changes)
• Displaying a prominent notice within the application (for significant changes)

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the revised Policy. We encourage you to review this Privacy Policy periodically for any updates. Material changes will not be applied retroactively without your consent.

18. Governing Law and Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of France, without regard to its conflict of law principles. Any disputes arising out of or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of France.

For users in the European Union, you have the right to lodge a complaint with your local data protection authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL): https://www.cnil.fr

19. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: contact@trailsight.app
• Subject Line: Privacy Policy Inquiry
• Response Time: We aim to respond to all inquiries within 30 days

For data protection inquiries specifically related to GDPR, please include "GDPR Request" in your email subject line.