Draft. This policy has not yet completed legal review. Bracketed [items] must be filled in and the document reviewed by a privacy lawyer before publication.
1. About this policy
This Privacy Policy explains how [CARAVANGO ENTITY NAME] (“Caravango,” “we,” “us”) handles information when you use the Caravango iOS app. It applies to the app, related services, and any data we collect through them. It does not cover third-party services that integrate with Caravango — those are governed by their own policies.
By using Caravango, you agree to the practices described here. If you do not agree, please do not use the app.
2. Who we are
Caravango is operated by [LEGAL ENTITY NAME], registered at [ADDRESS]. For data-protection inquiries, contact us at privacy@caravango.app.
If you are in the European Union or United Kingdom, [LEGAL ENTITY NAME] is the data controller for personal data processed through Caravango.
3. Information we collect
We collect only the information needed to make Caravango work. Caravango does not require an account to use, and we do not collect demographic information, contacts, photos, advertising identifiers, or any data unrelated to coordinating your trips.
Information you provide
- Display name — the name you choose to show your group during a trip (free text, up to 50 characters)
- Vehicle name — the name you give your vehicle for the trip (free text)
- Vehicle type and color — chosen from a fixed list (e.g., Sedan, SUV, Van; Black, White, Red, etc.)
- Number of travelers — a number you supply
- Trip notes and participant notes — free text you optionally add to a trip or your participant entry
- Deviation messages — free text you optionally add when you send an update during a trip (e.g., “Stopped for gas”)
- Destination, meetup point, and starting location — addresses or map points you select
- Trip timing preferences — target arrival time, departure model, and similar coordination settings
Information we collect automatically
- Device identifier — a randomly-generated identifier we create on first launch. It identifies your device for trip membership and cannot be used to identify you outside the app.
- Push notification token — provided by Apple’s Push Notification service; lets us deliver notifications to your device
- Location data — your device’s coordinates, when you choose to share them with a trip:
- Your starting location (when you create or join a trip)
- Your live location (when you enable live-location sharing for a specific trip)
- Your arrival at the destination (detected via geofence when you enable background location sharing)
- Diagnostic data — anonymized analytics events (e.g., “trip_created”); these do not include your name, location coordinates, or any free-text content
- App and device technical info — iOS version, app version, and limited environment flags used to keep the app working correctly
Information we do NOT collect
- We do not collect your email address, phone number, or other identifying contact information (unless you choose to sign in with Apple in a future version, in which case Apple may share an email relay address with us).
- We do not collect your real name, demographic information, photos, contacts, or calendar.
- We do not collect advertising identifiers or use them.
- We do not track you across other apps or websites.
4. How we use your information
We use the information described above only to operate the Caravango app:
- To coordinate your trips — share trip information with the participants of your trip, calculate your route and ETA, and notify participants of important events
- To authenticate you on a trip — verify that requests from your device are coming from a trip member who has been approved to participate
- To send notifications — deliver push notifications about trip events, departure reminders, and emergencies
- To detect arrival — automatically mark you as arrived when your device enters the geofence around your destination (only if you enabled background location sharing)
- To improve the app — aggregated, anonymized analytics help us understand which features are useful and where we have problems
- To respond to support requests — diagnose issues you report
- To prevent abuse and fraud — verify requests come from a genuine Caravango install on a real Apple device (using Apple’s App Attest)
- To meet legal obligations — respond to lawful requests from authorities
We do NOT:
- Sell your information to anyone
- Share your location with advertisers, data brokers, or third parties
- Use your information for advertising
- Build profiles about you across other apps
- Share your information with other app users beyond what you actively share within a trip
5. Legal basis for processing (GDPR-applicable users)
If you are in the European Union, the United Kingdom, or another jurisdiction with similar laws, we rely on the following legal bases:
- Performance of a contract — to provide the Caravango service you requested when you joined or created a trip
- Legitimate interests — to keep the app secure, prevent abuse, and improve the service. We have weighed our interests against your privacy and concluded these uses are proportionate.
- Consent — for optional location sharing, push notifications, and any other feature where iOS or our app explicitly asks for your permission. You can withdraw consent at any time in Settings.
- Legal obligation — when responding to lawful requests from authorities.
6. Sharing your information
With other trip participants
When you join or create a trip, certain information is shared with the other participants in that trip:
- Your display name, vehicle name, vehicle icon, and number of travelers
- Your starting location (visible to the trip host and other participants)
- Your live location and ETA (only if you enable live-location sharing)
- Updates and deviations you send during the trip
- Your arrival status
You control what you share by choosing whether to enable live-location sharing, whether to include a location with each update, and whether to leave the trip.
With service providers
We use the following service providers to operate Caravango:
- Apple Push Notification service (APNs) — to deliver push notifications. Apple receives only the data needed to route the notification (device token + payload). See Apple’s Privacy Policy.
- Apple Maps Server API — to calculate routes and ETAs based on your location. Apple receives only coordinate pairs (origin, destination) without identifying information attached.
- Apple App Attest — to verify that requests come from a genuine Caravango install on a real Apple device. Apple receives attestation data; we do not receive any new personal data from this process.
- Fly.io — to host our backend servers, and Crunchy Bridge — to host our database. Hosting infrastructure stores your trip data in encrypted form.
- Grafana Cloud — to receive anonymized server logs and performance metrics. We do not send any personal data to this service; only operational telemetry.
We do not share your information with anyone else, including advertisers, data brokers, social networks, or analytics companies.
With law enforcement
We may share your information with law enforcement, courts, or regulators when required by law, when responding to a valid legal process, or when necessary to protect the rights, safety, or property of Caravango, our users, or others.
7. Apple services we use
Caravango is an iOS-only app and uses several Apple services for core functionality. Apple is the controller for the data it processes through these services and is bound by its own privacy practices, available at apple.com/legal/privacy.
- Apple Push Notification service — delivers notifications
- Apple Maps and MapKit — autocomplete addresses (search queries stay between your device and Apple), calculate routes (your location is sent to Apple to compute the route), and display maps
- Apple App Attest — verifies your device is genuine
- Apple’s Location Services — your iOS device determines your location; we receive coordinates only with your permission
- Sign in with Apple (in a future version, optional) — if you choose to sign in, Apple may share an anonymized relay email with us
8. How long we keep your information
We keep different types of information for different periods:
- Active trip data — kept until the trip ends or you leave it
- Trip location data (yours and other participants’) — coordinates and addresses are deleted when the trip ends
- Deviation messages — free-text content is deleted from our servers 30 days after the trip ends. Locally cached copies on your device are deleted on the same schedule.
- Trip history (without location data) — summary information about ended trips (duration, who arrived, deviation types) is retained for the user to view and is purged based on user action and our retention policy
- Local data on your device — ended trips remain in your device’s local list for at least 7 days; you can clear them via Settings → Clear Trip History
- Diagnostic data — anonymized analytics events are retained for up to 24 months for product analysis; logs are retained for up to 30 days for debugging
- Push delivery records — kept for 30 days for support and diagnostics, then deleted
- Audit log of administrative actions — retained indefinitely for compliance purposes
- App Attest verification records — retained for the lifetime of your device’s installation
When you remove the app or ask us to delete your data (see “Your rights and choices”), we delete the data we hold about your device, subject to short retention periods needed for fraud prevention and legal obligations.
9. How we protect your information
- Encryption in transit — all communication between the app and our servers uses TLS 1.2 or TLS 1.3
- Encryption at rest — our database is encrypted at rest by our cloud provider
- Access controls — only authorized personnel can access production systems, with audit logging
- Tokens, not passwords — we do not store passwords because we do not require accounts
- Apple Keychain — sensitive credentials on your device are stored in iOS Keychain, protected by your device’s secure enclave
- App Attest — every request to our servers is verified to come from a genuine Caravango install on a real Apple device
- Minimum data collection — we collect only what we need
No system is perfectly secure. If we ever experience a data breach affecting your information, we will notify you and applicable authorities as required by law.
10. Your rights and choices
Within the app
- Choose what to share — enable or disable live-location sharing per trip
- Leave a trip — stops sharing your location and information with that trip going forward
- Mute notifications — per-trip mute or globally per notification tier
- Block a participant — per-trip soft mute that hides their content from your view
- Report content — flag content for our review
- Clear trip history — remove ended trips from your device (subject to a 7-day floor for recent trips)
Rights under GDPR (EEA/UK users)
If GDPR applies to you, you have the right to:
- Access the personal data we hold about you
- Have inaccurate personal data corrected
- Have your personal data deleted
- Restrict or object to processing
- Receive your personal data in a portable format
- Lodge a complaint with your local data protection authority
Rights under CCPA/CPRA (California users)
If you are a California resident, you have the right to:
- Know what personal information we collect about you
- Have your personal information deleted
- Opt out of “sales” of personal information (we do not sell personal information)
- Limit the use of sensitive personal information (we do not use sensitive personal information for purposes that require this opt-out)
- Not be discriminated against for exercising your rights
How to exercise your rights
Because Caravango does not require an account, exercising your rights typically requires us to identify your data via your device identifier. To make a request, email us at privacy@caravango.app from the device that uses Caravango, including the diagnostic info from Settings → Diagnostic Info. We will respond within 30 days.
If you simply delete the app, we delete the data tied to your device on a rolling basis as your trips end.
11. Children’s privacy
Caravango is rated for ages 4+ in the App Store but is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@caravango.app.
12. International data transfers
If you are outside [PRIMARY COUNTRY OF OPERATION], your information may be transferred to and processed in [COUNTRY] or other countries where our service providers operate. These countries may have data protection laws different from those in your country.
When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been deemed adequate by the European Commission, we use appropriate safeguards such as Standard Contractual Clauses.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the “Last updated” date at the top of the policy
- For material changes, notify you in the app or by another reasonable means
- Continue to handle previously-collected information under the policy that applied at the time of collection unless you consent otherwise
14. How to contact us
For privacy questions, requests, or complaints, contact us at privacy@caravango.app.
[LEGAL ENTITY NAME]
[ADDRESS]