Privacy Policy

Last updated: June 2026

Trazia is a local-first travel-tracking app. The following sections describe which data is processed, for which purpose, and which third parties (if any) receive it.

Local processing

All travel data you enter (routes, photos, tags, notes) is stored exclusively on your device in a SQLite database. There is no server sync, no account, and no central cloud database. Local data only leaves your device when you trigger a data export yourself.

Processed data and third parties

Trazia integrates the third-party services below. You can control the relevant data streams under Profile → Settings.

Crash reports

Trazia currently sends no crash reports to third parties. The in-app setting "Send crash reports" controls a future integration: should we later add GDPR-compliant crash reporting with EU hosting, we will announce it at least 14 days before the update in the release notes. You can turn the toggle off already — your preference will be respected as soon as the integration goes live.

PostHog — anonymous usage analytics

• Purpose: aggregated, anonymous usage metrics (e.g. "how many users open the stats tab per week?") to guide product decisions.
• Data categories: event name, timestamp, app version. No personally identifying information and no journey contents.
• Hosting: PostHog EU (Frankfurt).
• Control: disabled by default (opt-in). You have to enable it manually under "Profile → Settings → Anonymous usage analytics".

Google AdMob — ads

Trazia displays ads through Google AdMob. Before the first ad we ask for your consent via the consent sheet (Google UMP). Without consent, only non-personalized ads are served. Premium users never see any ads.

On iOS, Trazia currently does not invoke the App Tracking Transparency (ATT) sheet — we use no IDFA and no cross-app tracking. Should that change, the ATT prompt will be requested before any such ad is shown.

Photon / OpenStreetMap — place autocomplete

For the from/to fields of non-flight journeys (e.g. hiking, other), Trazia offers a place and address search with suggestions. This is the only outbound network call the app makes.

• Purpose: type-ahead suggestions (autocomplete) for start and destination.
• Data categories: only your typed search text is transmitted — starting at three characters, debounced, and only while you type. No journey contents, no device location data, and no identifiers.
• Recipient: Photon (komoot GmbH, Germany), an OpenStreetMap-based search API (photon.komoot.io).
• Nothing is transmitted when a journey is saved. Without an internet connection (or on errors) you simply see no suggestions — places can always be entered as free text.

Camera & boarding-pass import

Trazia can optionally import flights from a boarding pass — either by scanning the barcode with the camera or by importing a Wallet file (.pkpass).

• Purpose: read the boarding pass's standardized barcode (IATA BCBP) to automatically pre-fill flight number, date, and departure/arrival airports into the entry form.
• Processing happens entirely offline on your device. No camera images, photos, or boarding-pass data are transmitted to any server or third party.
• Personal details contained in the barcode such as your name and booking reference (PNR) are discarded and not stored — only the flight data (flight number, date, route) is used for pre-filling.
• The camera is used solely for this scan; no audio or video is recorded. Access happens only when you actively start a scan and can be revoked at any time in iOS Settings.
• The .pkpass import uses the system file picker; the file is read locally and not uploaded.

In-app purchases (Apple App Store)

Premium subscriptions are handled directly through Apple's App Store (StoreKit). Purchase processing and payment data stay entirely with Apple; Trazia receives no personal data and merely checks the signed purchase status locally.

Access, deletion, and objection

• You can export all of your data as JSON at any time via Profile → Settings → Data export.
• You can delete all data irreversibly at any time via Profile → Settings → Delete all data.
• You can disable the PostHog stream at any time in Settings — events already sent are anonymized and not traceable back to you.
• A subject-access or deletion request against a Trazia server is not applicable, because apart from the third-party streams listed above no data is stored centrally.

Contact

For questions about this privacy policy, please contact the data controller at info@trazia.app.