Privacy Policy
Last updated: March 4, 2026
1. Who We Are
For privacy inquiries, contact [email protected].
2. Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Account | Email, display name, password (hashed) | Authentication |
| Profile | Phone, date of birth, address (optional) | Account personalization |
| Trip data | OCR text from screenshots, timestamps | Trip tracking & analytics |
| Device | Device ID, push subscription tokens | Notifications & security |
| Technical | IP address, request logs | Security & debugging |
3. How We Use Your Data
- Process and display your trip data on the dashboard
- Send push notifications about trip status
- Send transactional emails (welcome, OTP codes, password reset)
- Maintain security (session control, device verification)
4. Data Storage & Security
Your data is stored in a PostgreSQL database on a Hetzner cloud server located in Helsinki, Finland (EU). Passwords are hashed with bcrypt. All connections use HTTPS/TLS encryption.
5. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Resend | Transactional email delivery | Email address, email content |
We do not sell, rent, or share your personal data with any other third parties.
6. Data Retention
Your data is retained for as long as your account is active. When you delete your account, all associated data (trips, events, exports, push subscriptions, debug uploads) is permanently and immediately removed from our database.
7. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access — View your data on the dashboard and My Account page
- Rectification — Edit your profile from My Account
- Erasure — Delete your account and all data from My Account
- Portability — Export your trip data from the dashboard
- Object — Contact us to opt out of specific processing
To exercise any right not available through the app, email [email protected].
8. Cookies
We use a single session cookie (onisai_admin_session) for authentication. No tracking cookies, analytics, or advertising cookies are used.
9. Children
The Service is not intended for users under 16. We do not knowingly collect data from children.
10. Changes
We may update this policy at any time. Continued use of the Service constitutes acceptance.