StayStat Mobile Application Privacy Policy
Effective Date:
Last Updated:
Version: 1.0
1. Introduction and Scope
Application: This Privacy Policy applies exclusively to the StayStat mobile application for iOS (version 1.0.0 and later), available on the Apple App Store.
Publisher: StayStat, Montreal, Quebec, Canada
Contact: [email protected]
Website Policy: Our website (staystat.app) has a separate privacy policy. This policy does NOT cover website activities.
2. Data Controller Information
Data Controller: StayStat
Address: Montreal, Quebec, Canada
Email: [email protected]
DPO: Not appointed (not required under GDPR Article 37 as we are not a public authority and do not engage in large-scale systematic monitoring or process special categories of data at scale)
EU Representative: Not required under GDPR Article 27(2)(a) - we do not regularly offer goods/services to EU data subjects
3. Summary - Privacy at a Glance
- Privacy-First Design: All travel data is processed and stored locally on your device using encrypted Core Data storage.
- Minimal Collection: We collect only what's necessary: precise location (on-device only), crash data (opt-in), and a device identifier (opt-in).
- No Tracking: We do not track you across apps or websites (NSPrivacyTracking: false).
- No Data Sales: We never sell, rent, or share your personal data with third parties for their marketing purposes.
- No Advertising: No third-party advertising networks or marketing SDKs.
- No Accounts: No user accounts, emails, or passwords required. All data stays on your device.
- User Control: You control all permissions via iOS Settings and can delete all data by uninstalling the app.
4. Information We Collect
4.1 Precise Location Data
What: GPS coordinates (latitude/longitude) to determine your current country.
Why: To detect when you travel to a new country and provide timely travel notifications.
How: Using Apple's Core Location framework (CLLocationManager) with significant location change monitoring for battery efficiency.
Processing: Entirely on-device. Coordinates are immediately converted to country codes (ISO 3166-1 alpha-2) and the precise coordinates are discarded. We never transmit your location to our servers or third parties.
Legal Basis (GDPR Art. 6): Consent via iOS location permission prompt.
Storage: Country codes (not coordinates) stored locally in encrypted Core Data.
Retention: Until you delete the travel entry or uninstall the app.
Background Processing: If you grant "Always Allow" location permission, the app may detect country changes in the background using BGTaskScheduler. You can disable this via iOS Settings → StayStat → Location → "While Using the App".
4.2 Crash Data (Diagnostics)
What: Crash logs, error messages, stack traces, device model, iOS version, app version.
Why: To identify and fix bugs, improve app stability, and enhance user experience.
How: Using Firebase Crashlytics (Google LLC) when you explicitly opt in.
Legal Basis (GDPR Art. 6): Consent (explicit opt-in via Privacy & Diagnostics settings).
Default State: DISABLED. Crash reporting is opt-in only.
Data Processor: Google LLC, subject to Google Cloud Data Processing Terms (https://cloud.google.com/terms/data-processing-terms).
Retention: 90 days by Firebase Crashlytics, then automatically deleted.
Anonymization: Crash reports do NOT include your name, email, profile information, or travel history. Only technical diagnostics and a device identifier.
User Control: Disable anytime in Settings → Privacy & Diagnostics.
4.3 Device Identifier
What: A Firebase-generated device identifier (not Apple's IDFA).
Why: To correlate crash reports from the same device for diagnostics and reliability analysis.
How: Generated by Firebase SDK when crash reporting is enabled.
Legal Basis (GDPR Art. 6): Legitimate interest (app stability) + Consent (opt-in to crash reporting).
Not Linked to Identity: This identifier is not linked to your name, email, or user profile.
Not Used for Tracking: Not used for cross-app or cross-site tracking.
Retention: As long as crash reporting is enabled; deleted upon opt-out.
4.4 Camera and Photo Library Access
What: Access to device camera and photo library.
Why: To scan boarding passes and travel documents (e.g., visa pages) for automated travel entry creation.
How: Using Apple's VisionKit framework for document scanning and Vision framework for Optical Character Recognition (OCR).
Processing: Entirely on-device. No images are uploaded to servers. OCR results (text) are stored locally in Core Data.
Legal Basis (GDPR Art. 6): Consent via iOS permission prompts.
Storage: Scanned text stored in encrypted Core Data; images are not retained after processing.
User Control: Deny permission in iOS Settings → StayStat → Photos / Camera.
4.5 Biometric Data (Face ID / Touch ID)
What: Biometric authentication for app access (Face ID on supported devices, Touch ID on others).
Why: To secure your travel data and prevent unauthorized access.
How: Using Apple's LocalAuthentication framework (LAContext) with policy deviceOwnerAuthenticationWithBiometrics.
Processing: Biometric data (facial scan, fingerprint) is processed entirely within Apple's Secure Enclave and NEVER accessed, stored, or transmitted by StayStat. We only receive a "success" or "failure" result from iOS.
Legal Basis (GDPR Art. 6 + Art. 9): Explicit consent (opt-in during security setup). Biometric data is a special category under GDPR Article 9.
Storage: Biometric templates stored in Secure Enclave only; StayStat stores only a preference flag (biometric enabled: yes/no) in Keychain.
Retention: Managed by iOS; StayStat does not retain biometric data.
User Control: Disable in Settings → Security → Biometric Authentication.
4.6 Application Usage Data (Local Only)
What: UserDefaults storing preferences, onboarding state, feature flags.
Why: To remember your settings and improve user experience.
How: Using Apple's UserDefaults API.
Legal Basis (GDPR Art. 6): Legitimate interest (app functionality).
Storage: Local device only, not synced via iCloud.
Required Reasons API: CA92.1 - "Access info from same app".
4.7 Data We Do NOT Collect
- Name, Email, Phone Number: No user accounts or personal identifiers.
- Payment Information: App is free; no in-app purchases.
- Contacts or Social Media: No access to contacts, social media accounts.
- Advertising ID (IDFA): Not collected or used.
- Browsing History: Not applicable (not a browser).
- Health Data: Not collected.
5. How We Use Your Information
| Data Type | Purpose | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Precise Location | Country change detection, travel notifications | (a) Consent |
| Crash Data | App stability, bug fixing | (a) Consent |
| Device ID | Crash diagnostics correlation | (f) Legitimate Interest |
| Camera/Photos | Boarding pass scanning | (a) Consent |
| Biometric Data | App security | (a) Explicit Consent (Art. 9) |
| UserDefaults | App functionality, user preferences | (f) Legitimate Interest |
No Marketing: We do not use your data for marketing, advertising, or profiling.
No Automated Decision-Making: We do not use algorithms that produce legal effects or significantly affect you (GDPR Article 22).
6. Data Sharing and Disclosure
6.1 Third-Party Service Providers (Data Processors)
Firebase Crashlytics (Google LLC)
- Purpose: Crash reporting and diagnostics (opt-in only).
- Data Shared: Crash logs, device identifier, device model, iOS version, app version.
- Location: United States (Google Cloud).
- Safeguards: Google Cloud Data Processing Terms, Standard Contractual Clauses (SCCs) for EU data transfers.
- Privacy Policy: https://policies.google.com/privacy
Firebase Remote Config (Google LLC)
- Purpose: Feature flag management (fetch-only, no data sent).
- Data Shared: None (app only fetches configuration values).
6.2 No Data Sales
We do NOT sell, rent, or share your personal data with third parties for their marketing purposes.
6.3 Legal Disclosure
We may disclose data if required by law, court order, or government request (e.g., subpoena). We will notify you unless legally prohibited.
7. Data Security
7.1 Technical Measures
- Encryption at Rest: Core Data encrypted with iOS Data Protection (FileProtectionType.completeUnlessOpen, AES-256 backed). This level was selected so that CloudKit background sync can continue while the device is locked; new data written on disk is still protected.
- Keychain Security: Sensitive data (passcode hash, biometric preference) stored in iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly (not synced via iCloud).
- Secure Enclave: Biometric data (Face ID/Touch ID) processed in Secure Enclave; never accessible to app.
- Encryption in Transit: All network communication (Firebase, CloudKit) uses TLS 1.2+ encryption.
- Apple iCloud Sync (CloudKit): Trip data, profiles, and expenses sync across your signed-in Apple devices through your own Apple iCloud account using
NSPersistentCloudKitContainer. Data is stored in your own private iCloud database and is not visible to StayStat engineers. You can disable iCloud for StayStat anytime in iOS Settings → [Your Name] → iCloud. - No StayStat Servers: StayStat operates no backend database and has no access to your travel data. The only third-party service used is Firebase (Crashlytics + Remote Config), which never receives travel data.
7.2 Organizational Measures
- Access Control: App requires passcode or biometric authentication (optional but recommended).
- Session Timeout: Automatic logout after 30 minutes of inactivity.
- Code Security: Regular code reviews, secure coding practices.
7.3 Limitations
No security measure is 100% secure. If your device is lost, stolen, or compromised, your data may be at risk. Enable device passcode and Find My iPhone for additional protection.
8. Data Retention
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Travel Entries (Core Data) | Until you manually delete or uninstall app | In-app deletion or app uninstall |
| Location Data (Coordinates) | Real-time only (not stored remotely) | Automatic (discarded after country detection) |
| Crash Reports (Firebase) | 90 days | Automatic deletion by Firebase |
| Device Identifier (Firebase) | While crash reporting enabled | Opt-out in Privacy & Diagnostics settings |
| UserDefaults (Preferences) | Until app uninstall | App uninstall |
| Keychain (Passcode, Biometric Pref) | Until app uninstall or manual deletion | Security settings or app uninstall |
| Biometric Templates (Secure Enclave) | Managed by iOS | Managed by iOS |
9. Your Rights (GDPR, CCPA, and General Privacy)
9.1 Right of Access (GDPR Art. 15)
You can request confirmation of data processing and access to your data. Since all data is stored locally on your device, you can view it directly in the app (Dashboard, Profile, Travel History).
9.2 Right to Rectification (GDPR Art. 16)
Correct inaccurate data directly in the app via Edit buttons on your profile or travel entries.
9.3 Right to Erasure / "Right to Be Forgotten" (GDPR Art. 17)
- Local Data: Delete the app to remove all locally stored data (Core Data, Keychain, UserDefaults).
- Crash Reports: Opt-out in Settings → Privacy & Diagnostics to stop future collection. Existing reports retained for 90 days, then auto-deleted.
9.4 Right to Data Portability (GDPR Art. 20)
Export your data via Settings → Export Data. Formats: PDF, CSV. Includes profile, travel history, statistics.
9.5 Right to Object (GDPR Art. 21)
Object to location tracking: Revoke location permission in iOS Settings → StayStat → Location.
Object to crash reporting: Disable in Settings → Privacy & Diagnostics.
9.6 Right to Restrict Processing (GDPR Art. 18)
Disable specific features (location, crash reporting) in app settings or iOS permissions.
9.7 Right to Withdraw Consent (GDPR)
Withdraw location consent: iOS Settings → StayStat → Location → "Never".
Withdraw crash reporting consent: Settings → Privacy & Diagnostics → Off.
9.8 Right to Lodge a Complaint (GDPR)
If you believe we've violated your privacy rights, contact your local Data Protection Authority:
- EU: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en
- Canada: Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca)
10. Children's Privacy
Age Requirement: StayStat is intended for users aged 16 and older (GDPR standard).
No Knowing Collection: We do not knowingly collect data from children under 16.
Parental Notice: If you believe a child under 16 has provided data to us, contact [email protected] and we will delete it promptly.
11. International Data Transfers
Primary Storage: All user data stored locally on your device (location: where your device is).
Transfers to US: If you enable crash reporting, data is transferred to Google Cloud (United States).
Safeguards: Google Cloud complies with GDPR via:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Google Cloud Data Processing Terms: https://cloud.google.com/terms/data-processing-terms
- Supplementary measures per Schrems II
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or for legal/regulatory reasons.
Notification: In-app notice and updated "Last Updated" date at top of this policy.
Material Changes: If we make material changes, we'll notify you via prominent in-app alert requiring acknowledgment.
Your Consent: Continued use after changes constitutes acceptance.
13. Contact Us
Privacy Inquiries: [email protected]
General Support: [email protected]
Data Controller: StayStat, Montreal, Quebec, Canada
Response Time: We aim to respond within 30 days (GDPR requirement).
14. Additional Information
14.1 California Residents (CCPA)
Under the California Consumer Privacy Act (CCPA), you have the right to:
- Know what personal information is collected, used, shared
- Delete personal information (subject to exceptions)
- Opt-out of sale (we do not sell data)
- Non-discrimination for exercising rights
To Exercise: Email [email protected]
14.2 Do Not Track
StayStat does not track users across apps or websites, so Do Not Track browser signals are not applicable.
14.3 Third-Party Links
The app may contain links to third-party websites (e.g., embassy websites for visa info). We are not responsible for their privacy practices.