Privacy Policy
Trod is a walking exploration game: you walk in the real world and the map reveals where you have been. That only works if you trust us with how location is handled — so this policy is written to be read.
The short version
- Your phone converts GPS positions into hexagonal map areas roughly 175 m wide, on the device. Only those area identifiers are saved to your account — your raw GPS coordinates are never stored on our servers.
- We don’t sell your data, we don’t show ads, and we don’t use advertising identifiers.
- Walking mode (screen-off reveal) works the same way: positions become map areas on your phone; nothing more leaves it.
- You can delete your account and all of its data from inside the app, immediately.
1. Who we are
Trod is operated by Omar Ajruli, an individual developer based in Estonia (the “we” in this policy). Contact: ajruli.omar@gmail.com.
2. What we collect
Things you give us
- Account details when you sign up: your email address, and your name if you sign in with Google. Guest play needs no account; guest progress stays on your phone until you sign in.
- Profile choices like your display name.
- A profile picture, only if you choose one. If you pick a photo from your device or sign in with Google, that single image becomes your avatar; for signed-in accounts it is stored on our servers so it follows your account, and for guests it stays on your phone. We never browse or collect the rest of your photo library.
Things created by playing
- Your explored map: the ~175 m hexagonal areas you have revealed, derived on the device from GPS. We cannot reconstruct your exact route from them.
- Landmarks you mark as visited, quest and passport progress, and per-city exploration percentages.
- App settings, stored on your phone.
Optional, only if you turn it on
- Step counting uses your phone’s step sensor after you grant the physical-activity permission. As a guest your steps stay on your phone. If you sign in, your daily step totals are backed up to your account so they follow you across devices — we never upload the raw sensor stream, the timing of individual steps, or any location.
Diagnostics
- If the app crashes or errors, a crash report is sent to Sentry (see section 4). Reports are scrubbed of coordinates and personal identifiers before sending and include technical context like app version, OS version and device model.
3. What we never collect
- Raw GPS coordinates on our servers — conversion to map areas happens on the device.
- A continuous location history or your routes.
- “Background location” in the Android permission sense — Trod never requests that permission. Walking mode runs as a visible, user-started service with an ongoing notification, using the normal “while using the app” permission.
- Your contacts, microphone, camera, photo library, or advertising ID. Choosing a profile picture hands us only that one image — see section 2.
4. Third parties we rely on
| Service | What it does | What it receives |
|---|---|---|
| Supabase | Sign-in and database | Your account data and explored map areas. Hosted in the EU (Ireland, eu-west-1), encrypted in transit and at rest, with per-user access rules. |
| MapTiler | The base map | Standard tile requests: your IP address, device user-agent and which map tiles you view (inherent to any online map). |
| Open-Meteo | Weather on the map | An approximate location rounded to roughly an 11 km grid — enough for a city forecast, not your position. |
| Sentry | Crash reporting | Crash and error reports, scrubbed of coordinates and personal identifiers before sending. |
| Optional sign-in | Only used if you choose “Sign in with Google”; standard OAuth sign-in data. |
We do not use advertising or marketing analytics services.
5. How we use your data
- To run the game: show your explored map, progress, landmarks and stamps on your devices.
- To keep your progress safe across devices and reinstalls.
- To fix crashes and keep the app stable.
- Nothing else. No profiling, no ad targeting, no selling or renting data.
6. Your rights
Under the GDPR (and similar laws) you can:
- Delete — remove your account and all its data from inside the app (You › Settings › Delete Account), or see the deletion page. Deletion is immediate and permanent.
- Access / export — email us and we will send you a copy of the data linked to your account.
- Correct — change your display name in the app, or email us for anything else.
- Object or withdraw consent — optional features (like step counting) can be turned off any time in Settings.
- Complain — you can lodge a complaint with your data-protection authority. In Estonia that is the Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee).
7. Retention
- Account and gameplay data: kept while your account exists.
- On deletion: removed from production immediately; encrypted backups expire within 90 days.
- Crash reports: retained up to 90 days, then deleted.
8. Children
Trod is not directed at children under 13 (under 16 in the EU where that is the age of digital consent). We do not knowingly collect data from children below those ages; if you believe a child has created an account, contact us and we will delete it.
9. Security
Data is encrypted in transit (TLS) and at rest. Database access is restricted by per-user rules so one account can never read another’s data. No method is 100% secure, but location-grade data is exactly why we designed the system so your precise positions never reach a server in the first place.
10. International transfers
Your account data is hosted in the European Union. Where a service provider processes data outside the EEA (for example crash reporting), transfers rely on standard contractual clauses or an equivalent safeguard.
11. Changes
If this policy changes in a meaningful way we will update this page and note it in the app. The date below always reflects the current version.
12. Contact
Omar Ajruli · Estonia · ajruli.omar@gmail.com