Privacy Policy

This Privacy Policy explains how TrailArk Labs ("TrailArk", "we", "us") collects, uses, shares and protects your information when you use the TrailArk mobile app and this website (together, the "Service"). By using the Service you agree to this Policy.

1. Information we collect

We collect only what the Service needs to work.

Information you provide

• Account details: your email address and name; an encrypted (hashed) password if you sign up with a password; and optionally your date of birth and gender, which help tailor itinerary suggestions. You can leave the optional fields blank.
• Content you create: trips and itineraries, expenses and settlements, trip chat messages, connections and buddy/board posts.
• Photos & videos ("memories"): images and short video clips you upload to a trip, along with any place label and the location embedded in the file (EXIF GPS), if present.
• Support messages you send us.

Information collected automatically

• Location data: with your permission, your device's location — precisely during live convoy navigation (to show your position to your group), and to geo-tag memories. Location is used only while you use those features.
• Push & device data: a push notification token (via Firebase Cloud Messaging), your device platform, and basic technical/log information needed to operate and secure the Service.

2. How we use your information

• Provide and operate the Service — accounts, trips, itineraries, maps, convoys, expense splitting and memories.
• Generate AI travel itineraries and destination guides tailored to your inputs.
• Show your live location to people in your convoy, and deliver group features and push notifications.
• Keep the community safe (see Safety & content moderation).
• Respond to support requests and send important service messages.
• Maintain security, prevent abuse and comply with the law.

We do not sell your personal information, and we do not use it for third-party advertising.

3. AI & third-party processing

To deliver certain features we share the minimum data needed with trusted service providers who process it on our behalf:

• AI itinerary & guide generation — your trip inputs (e.g., destination, dates, preferences) are sent to third-party AI providers (such as Google) to generate plans and guides.
• Place & stay enrichment — location/place queries may be sent to search/enrichment providers (e.g., SerpApi) to fetch details about hotels and points of interest.
• Maps — map display and navigation use Google Maps and OpenStreetMap.
• Push notifications — delivered via Firebase Cloud Messaging (Google).
• Email — sign-in codes and notifications are sent through our email provider.
• Hosting — the Service runs on our secured server infrastructure.

These providers are permitted to use the data only to provide their service to us. We do not send them more than is necessary, and we never sell your data to them.

4. Safety & content moderation

TrailArk includes user-generated content. To keep it safe we use automated checks on text and images (to filter abusive language and explicit imagery), and we give you tools to report objectionable content and block other users. Reports are reviewed and may result in content removal or account action. Blocked users can no longer see your content, and you no longer see theirs.

5. How we share information

• With people you choose: trip members, connections and convoy participants see the content and live location you share with them.
• With service providers: as described in section 3, strictly to operate the Service.
• For legal reasons: to comply with applicable law, enforce our Terms, or protect the rights and safety of users and the public.
• Business transfers: if TrailArk is involved in a merger or acquisition, information may be transferred subject to this Policy.

6. Data retention & deletion

We keep your information for as long as your account is active or as needed to provide the Service. You can permanently delete your account and associated data at any time from inside the app (Profile → Account → Delete account), or by request — see our Account & Data Deletion page. When you delete your account we remove your profile, trips you own, photos, expenses, messages and connections; residual copies in backups are purged on a rolling basis (typically within 30 days).

7. Your rights & choices

• Access & correction: view and edit your profile and content in the app.
• Deletion: delete your account and data in-app at any time.
• Withdrawing consent: you may withdraw the consent you gave at signup at any time by deleting your account in-app or writing to us — withdrawal is as easy as giving consent was.
• Permissions: location, camera, photos and notifications are optional and controlled by your device settings — you can revoke them anytime (some features won't work without them).
• Blocking & reporting: control who can interact with you.

If you are in India, see section 10 for your rights under the Digital Personal Data Protection Act, 2023. To exercise any right, contact us below.

8. Security

We protect your data with encryption in transit (HTTPS/TLS), passwords hashed using bcrypt, restricted internal access and other technical and organisational safeguards. No method of transmission or storage is 100% secure, but we work hard to protect your information and respond promptly to any issue.

9. Age requirement (18+)

TrailArk is a road-travel service for adults: you must be 18 years or older to create an account. Signup requires you to confirm this, and the app does not accept a date of birth indicating a younger age. India's Digital Personal Data Protection Act, 2023 treats anyone under 18 as a child, and we do not knowingly process children's personal data, track children or direct any advertising at them. If you believe someone under 18 has created an account, contact us and we will delete it.

10. Your rights under India's DPDP Act

TrailArk is built India-first, and we honour the Digital Personal Data Protection Act, 2023 ("DPDP Act"). As a Data Principal you have the right to:

• Access — a summary of the personal data we process about you and the processing activities.
• Correction & erasure — correct inaccurate data (editable in-app) and erase data that is no longer necessary (account deletion is available in-app).
• Withdraw consent — at any time, with the same ease as it was given; we then stop the related processing unless another lawful ground applies.
• Grievance redressal — a readily available way to raise complaints (below), answered within a reasonable time and in any case within timelines under applicable rules.
• Nominate — designate another person to exercise your rights in case of death or incapacity (write to us to record a nominee).

We process personal data only for the purposes you consented to at signup (operating the Service as described in this Policy) and as otherwise permitted under the DPDP Act. Your consent is recorded with a timestamp when you accept this Policy and our Terms. If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India.

11. International transfers

Some service providers (such as AI and maps providers) may process data on servers outside India. Where we transfer data internationally, we do so as permitted under the DPDP Act and take steps to ensure it remains protected consistent with this Policy.

12. Changes to this Policy

We may update this Policy from time to time. We'll revise the "Last updated" date above and, for material changes, provide additional notice in the app or by email. Continued use of the Service after changes means you accept the updated Policy.

13. Contact & Grievance Officer