Effective Date: January 15, 2025
Last Updated: January 15, 2025
Version: 1.0
Application: This Privacy Policy applies exclusively to the StayStat mobile application for iOS (version 1.0.0 and later), available on the Apple App Store.
Publisher: STAYSTAT, Montreal, Quebec, Canada
Contact: [email protected]
Website Policy: Our website (staystat.app) has a separate privacy policy. This policy does NOT cover website activities.
Data Controller: STAYSTAT
Address: Montreal, Quebec, Canada
Email: [email protected]
DPO: Not appointed (not required under GDPR Article 37 as we are not a public authority and do not engage in large-scale systematic monitoring or process special categories of data at scale)
EU Representative: Not required under GDPR Article 27(2)(a) - we do not regularly offer goods/services to EU data subjects
What: GPS coordinates (latitude/longitude) to determine your current country.
Why: To detect when you travel to a new country and provide timely travel notifications.
How: Using Apple's Core Location framework (CLLocationManager) with significant location change monitoring for battery efficiency.
Processing: Entirely on-device. Coordinates are immediately converted to country codes (ISO 3166-1 alpha-2) and the precise coordinates are discarded. We never transmit your location to our servers or third parties.
Legal Basis (GDPR Art. 6): Consent via iOS location permission prompt.
Storage: Country codes (not coordinates) stored locally in encrypted Core Data.
Retention: Until you delete the travel entry or uninstall the app.
Background Processing: If you grant "Always Allow" location permission, the app may detect country changes in the background using BGTaskScheduler. You can disable this via iOS Settings → StayStat → Location → "While Using the App".
What: Crash logs, error messages, stack traces, device model, iOS version, app version.
Why: To identify and fix bugs, improve app stability, and enhance user experience.
How: Using Firebase Crashlytics (Google LLC) when you explicitly opt in.
Legal Basis (GDPR Art. 6): Consent (explicit opt-in via Privacy & Diagnostics settings).
Default State: DISABLED. Crash reporting is opt-in only.
Data Processor: Google LLC, subject to Google Cloud Data Processing Terms (https://cloud.google.com/terms/data-processing-terms).
Retention: 90 days by Firebase Crashlytics, then automatically deleted.
Anonymization: Crash reports do NOT include your name, email, profile information, or travel history. Only technical diagnostics and a device identifier.
User Control: Disable anytime in Settings → Privacy & Diagnostics.
What: A Firebase-generated device identifier (not Apple's IDFA).
Why: To correlate crash reports from the same device for diagnostics and reliability analysis.
How: Generated by Firebase SDK when crash reporting is enabled.
Legal Basis (GDPR Art. 6): Legitimate interest (app stability) + Consent (opt-in to crash reporting).
Not Linked to Identity: This identifier is not linked to your name, email, or user profile.
Not Used for Tracking: Not used for cross-app or cross-site tracking.
Retention: As long as crash reporting is enabled; deleted upon opt-out.
What: Access to device camera and photo library.
Why: To scan boarding passes and travel documents (e.g., visa pages) for automated travel entry creation.
How: Using Apple's VisionKit framework for document scanning and Vision framework for Optical Character Recognition (OCR).
Processing: Entirely on-device. No images are uploaded to servers. OCR results (text) are stored locally in Core Data.
Legal Basis (GDPR Art. 6): Consent via iOS permission prompts.
Storage: Scanned text stored in encrypted Core Data; images are not retained after processing.
User Control: Deny permission in iOS Settings → StayStat → Photos / Camera.
What: Biometric authentication for app access (Face ID on supported devices, Touch ID on others).
Why: To secure your travel data and prevent unauthorized access.
How: Using Apple's LocalAuthentication framework (LAContext) with policy deviceOwnerAuthenticationWithBiometrics.
Processing: Biometric data (facial scan, fingerprint) is processed entirely within Apple's Secure Enclave and NEVER accessed, stored, or transmitted by StayStat. We only receive a "success" or "failure" result from iOS.
Legal Basis (GDPR Art. 6 + Art. 9): Explicit consent (opt-in during security setup). Biometric data is a special category under GDPR Article 9.
Storage: Biometric templates stored in Secure Enclave only; StayStat stores only a preference flag (biometric enabled: yes/no) in Keychain.
Retention: Managed by iOS; StayStat does not retain biometric data.
User Control: Disable in Settings → Security → Biometric Authentication.
What: UserDefaults storing preferences, onboarding state, feature flags.
Why: To remember your settings and improve user experience.
How: Using Apple's UserDefaults API.
Legal Basis (GDPR Art. 6): Legitimate interest (app functionality).
Storage: Local device only, not synced via iCloud.
Required Reasons API: CA92.1 - "Access info from same app".
| Data Type | Purpose | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Precise Location | Country change detection, travel notifications | (a) Consent |
| Crash Data | App stability, bug fixing | (a) Consent |
| Device ID | Crash diagnostics correlation | (f) Legitimate Interest |
| Camera/Photos | Boarding pass scanning | (a) Consent |
| Biometric Data | App security | (a) Explicit Consent (Art. 9) |
| UserDefaults | App functionality, user preferences | (f) Legitimate Interest |
No Marketing: We do not use your data for marketing, advertising, or profiling.
No Automated Decision-Making: We do not use algorithms that produce legal effects or significantly affect you (GDPR Article 22).
We do NOT sell, rent, or share your personal data with third parties for their marketing purposes.
We may disclose data if required by law, court order, or government request (e.g., subpoena). We will notify you unless legally prohibited.
No security measure is 100% secure. If your device is lost, stolen, or compromised, your data may be at risk. Enable device passcode and Find My iPhone for additional protection.
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Travel Entries (Core Data) | Until you manually delete or uninstall app | In-app deletion or app uninstall |
| Location Data (Coordinates) | Real-time only (not stored remotely) | Automatic (discarded after country detection) |
| Crash Reports (Firebase) | 90 days | Automatic deletion by Firebase |
| Device Identifier (Firebase) | While crash reporting enabled | Opt-out in Privacy & Diagnostics settings |
| UserDefaults (Preferences) | Until app uninstall | App uninstall |
| Keychain (Passcode, Biometric Pref) | Until app uninstall or manual deletion | Security settings or app uninstall |
| Biometric Templates (Secure Enclave) | Managed by iOS | Managed by iOS |
You can request confirmation of data processing and access to your data. Since all data is stored locally on your device, you can view it directly in the app (Dashboard, Profile, Travel History).
Correct inaccurate data directly in the app via Edit buttons on your profile or travel entries.
Export your data via Settings → Export Data. Formats: PDF, CSV. Includes profile, travel history, statistics.
Object to location tracking: Revoke location permission in iOS Settings → StayStat → Location.
Object to crash reporting: Disable in Settings → Privacy & Diagnostics.
Disable specific features (location, crash reporting) in app settings or iOS permissions.
Withdraw location consent: iOS Settings → StayStat → Location → "Never".
Withdraw crash reporting consent: Settings → Privacy & Diagnostics → Off.
If you believe we've violated your privacy rights, contact your local Data Protection Authority:
Age Requirement: StayStat is intended for users aged 16 and older (GDPR standard).
No Knowing Collection: We do not knowingly collect data from children under 16.
Parental Notice: If you believe a child under 16 has provided data to us, contact [email protected] and we will delete it promptly.
Primary Storage: All user data stored locally on your device (location: where your device is).
Transfers to US: If you enable crash reporting, data is transferred to Google Cloud (United States).
Safeguards: Google Cloud complies with GDPR via:
We may update this Privacy Policy to reflect changes in our practices or for legal/regulatory reasons.
Notification: In-app notice and updated "Last Updated" date at top of this policy.
Material Changes: If we make material changes, we'll notify you via prominent in-app alert requiring acknowledgment.
Your Consent: Continued use after changes constitutes acceptance.
Privacy Inquiries: [email protected]
General Support: [email protected]
Data Controller: STAYSTAT, Montreal, Quebec, Canada
Response Time: We aim to respond within 30 days (GDPR requirement).
Under the California Consumer Privacy Act (CCPA), you have the right to:
To Exercise: Email [email protected]
StayStat does not track users across apps or websites, so Do Not Track browser signals are not applicable.
The app may contain links to third-party websites (e.g., embassy websites for visa info). We are not responsible for their privacy practices.