Privacy Policy — Trazia
Effective: 2026-05-01 Scope: The mobile app "Trazia" for iOS and Android, plus the website trazia.app. Controller: Tim Hobrlant, Tim Hobrlant Vertrieb & Service, Döllstädtstraße 5, 99423 Weimar, Germany. Contact: info@trazia.app
⚠️ Note: This text was drafted in line with the GDPR and the Apple App Store / Google Play Store privacy requirements. Have it reviewed by a data-protection officer or IT lawyer before publishing. It does not substitute individual legal counsel.
1. Overview: which data we process
| Category | When collected | Where stored | Legal basis |
|---|---|---|---|
| Trip data (airports, dates, airlines, aircraft, cabin class) | When you enter it manually | Locally on your device; on Pro additionally encrypted on Supabase EU | Contract (Art. 6 (1) (b) GDPR) |
| Subscription status (Pro / Free) | When you buy a subscription | RevenueCat (USA, with SCCs) + local device | Contract (Art. 6 (1) (b) GDPR) |
| Advertising ID (IDFA / GAID) | Free tier only, only after explicit consent | Google AdMob | Consent (Art. 6 (1) (a) GDPR) |
| Email address (Pro subscribers, support requests) | Optional, on cloud-sync login or support email | Supabase EU + local mail provider | Contract / legitimate interest |
2. Data processing in detail
2.1 Trip data (default usage — no account required)
Trazia stores the trips you enter (e.g., "Frankfurt to New York on 2025-07-12 with Lufthansa") only locally on your device in an in-app database. This data does not leave your device unless you activate Trazia Pro and trigger cloud sync.
In practice:
- You don't need an account to use Trazia.
- If you delete the app, your trip data is gone too unless you've created a backup.
- We don't have access to your trip data, because it never reaches our servers.
2.2 Cloud sync (Trazia Pro only)
If you subscribe to Trazia Pro, you can optionally sync trips between your devices. We use Supabase (open-source backend provider) for this. All data is processed and stored exclusively on Supabase servers in the European Union (Frankfurt, Germany).
- Encryption: TLS 1.3 in transit, encrypted at rest.
- Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992, with EU data-processing agreement (Art. 28 GDPR).
- Categories: Trip data + email address used to identify your account.
- Deletion: When you delete your Pro account (in-app: Settings → Account → Delete), all synced data is deleted within 30 days.
Legal basis: Contract performance (Art. 6 (1) (b) GDPR).
2.3 Advertising (Trazia Free only)
The free tier shows ads via Google AdMob.
- Contextual by default: Until you explicitly consent, ads are non-personalised — no advertising ID (IDFA on iOS, GAID on Android) is transmitted, and there is no tracking of your device or behaviour.
- Personalised only after consent: On first launch we display the EU consent module (CMP). If you opt in, AdMob may use your advertising ID, approximate location (country/region), and app-usage signals to personalise ads. You can withdraw this consent any time in Settings.
- Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
- Third-country transfers: Google partly transmits data to the USA. Transfers occur on the basis of EU Standard Contractual Clauses and the EU–US Data Privacy Framework (as of May 2026).
Apple's App Tracking Transparency (ATT) on iOS and Google's UMP consent banner on Android are shown alongside our own CMP.
2.4 Subscription management (RevenueCat)
For managing your Trazia Pro subscription we use RevenueCat, an in-app subscription backend.
- Categories: Anonymous RevenueCat subscriber ID (random UUID), App Store receipt (Apple) or Play Billing token (Google), subscription status (active / expired / trialling).
- No personal data such as name, email or device ID is sent to RevenueCat.
- Provider: RevenueCat Inc., 660 4th Street #1106, San Francisco, CA 94107, USA.
- Third-country transfer: Transfers to the USA on the basis of EU Standard Contractual Clauses. A data-processing agreement with RevenueCat is in place.
- Legal basis: Contract performance (Art. 6 (1) (b) GDPR).
2.5 Error and crash reports
Trazia transmits no crash data to external servers. Apple and Google convey only their own anonymised, system-level crash reports to their respective stores' developer console — but only if you've enabled "Share Analytics" / "Send Diagnostics" in your device settings. That is an iOS/Android setting, not a Trazia feature.
If a dedicated crash-reporting service (e.g. Sentry or GlitchTip) is integrated later, this privacy policy will be updated at least 14 days before activation and an opt-out will be added to Settings.
2.6 Support requests by email
When you email support@trazia.app or feedback@trazia.app, we store your message and our reply with our mail provider (a German email-hosting provider with EU hosting). Requests are deleted after 24 months, or earlier on your request.
3. What we explicitly do NOT do
To remove any ambiguity — Trazia does not:
- ❌ Sell or rent your data to third parties. Ever.
- ❌ Track you across apps from other providers.
- ❌ Send your trip data to ad networks, data brokers, or analytics tools (Google Analytics, Facebook SDK, Mixpanel, etc.).
- ❌ Access your address book, photos, location (outside the AdMob CMP consent), microphone, or camera.
- ❌ Use any "cross-device tracking".
4. Your GDPR rights
As a user, you have the following rights:
- Access (Art. 15 GDPR): What data do we hold about you? Email us.
- Rectification (Art. 16): Have incorrect data corrected.
- Erasure (Art. 17 / "right to be forgotten"): Full deletion of your data.
- Restriction (Art. 18): Pause processing temporarily.
- Data portability (Art. 20): Export your trip data (Trazia offers this in Settings as a CSV export — no need to contact us).
- Object (Art. 21): Particularly to ad personalisation.
- Withdraw consent (Art. 7 (3)): Available any time in Settings.
- Lodge a complaint (Art. 77): Competent authority for Tim Hobrlant Vertrieb & Service is the Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit, Häßlerstraße 8, 99096 Erfurt, Germany.
Send requests to: info@trazia.app. We respond within 30 days.
5. Retention periods
- Trip data, locally: As long as you don't delete it yourself or uninstall the app.
- Trip data, in cloud sync (Pro): As long as your Pro subscription is active + 30 days after cancellation.
- Ad-tracking data: Not stored by us (see AdMob's privacy notice).
- Crash reports: Trazia stores no crash reports of its own. System-level reports from Apple/Google are outside our control (see their respective privacy policies).
- Support emails: 24 months.
6. Data security
- TLS 1.3 for all server communication.
- Encryption at rest on Supabase.
- Production data is accessible only by Tim Hobrlant.
- Regular backups, also encrypted.
7. Changes to this policy
We may update this policy as the app evolves (e.g., Phase 2 adding train journeys). We announce material changes via in-app notification at least 14 days before they take effect. The current version is always available in-app under Settings → Privacy and at trazia.app/privacy.
8. Contact
Privacy questions go to:
Tim Hobrlant Tim Hobrlant Vertrieb & Service Döllstädtstraße 5 99423 Weimar Germany Email: info@trazia.app
Effective: May 2026