Sacred Trails - Privacy Policy

Last Updated: April 2026

This Privacy Policy describes how Sacred Trails ("App," "we," "us," or "our"), developed by Luke Chiang ("Data Controller"), collects, uses, stores, and protects your personal data. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR), the Japan Act on the Protection of Personal Information (APPI), the Brazil Lei Geral de Protecao de Dados (LGPD), and other applicable data protection laws.

1. Data Controller

Name: Luke Chiang

Location: Taiwan

Email: support@dualpilgrim.app

For GDPR purposes, Luke Chiang acts as the Data Controller for any personal data processed through the App.

2. What Data We Collect

We collect minimal data. Most information stays on your device. Cloud backup is entirely optional.

2.1 Data Stored Locally Only (On Your Device)

The following data is stored exclusively on your device using SharedPreferences and local storage. This data is never transmitted to any server unless you opt in to Cloud Backup (Section 2.3):

Data	Purpose	Storage
Language preference	Display the App in your chosen language	SharedPreferences
Achievement/stamp progress	Track your pilgrimage milestones	SharedPreferences
GPS coordinates of stamp points	Record where stamps were collected	SharedPreferences
Weather cache	Reduce redundant API calls, enable offline access	Local cache
Route preferences	Remember your selected route and display settings	SharedPreferences
Dual Pilgrim mode setting	Track whether you are pursuing both pilgrimages	SharedPreferences

2.2 Data Transmitted to a Server (Only When Safety Tracking Is Enabled)

Data	Purpose	Storage	Retention
GPS coordinates (latitude, longitude)	Share your location with people you choose	Device local storage	Auto-deleted after 7 days
Timestamp	Show when a location point was recorded	Device local storage	Auto-deleted after 7 days

This data is collected only when:

You explicitly enable the Safety Tracking feature, AND

You grant location permission to the App through your device's permission dialog.

No tracking data is ever collected without your affirmative, informed consent.

2.3 Cloud Backup (Optional Sign-In)

If you choose to sign in with Google or Apple, the following data is collected and stored in Google Cloud Firestore:

Data	Purpose	Storage	Retention
Email address	Identify your account	Firebase Authentication (Google Cloud, US)	Until you delete your account
Display name	Show your name in the App	Firebase Authentication (Google Cloud, US)	Until you delete your account
Firebase UID	Link your cloud data to your account	Firebase Authentication (Google Cloud, US)	Until you delete your account
Stamp collection (without GPS coordinates)	Back up your pilgrimage progress	Cloud Firestore (Google Cloud, asia-northeast1)	Until you delete your data
Achievement progress	Back up your milestones	Cloud Firestore (Google Cloud, asia-northeast1)	Until you delete your data
App settings (route, language, transport mode)	Back up your preferences	Cloud Firestore (Google Cloud, asia-northeast1)	Until you delete your data

Important:

Cloud Backup is entirely optional. The App works fully without signing in.

GPS coordinates (latitude/longitude) are never uploaded to the cloud. They remain on your device only.

You can delete your cloud data and account at any time from Settings > Delete Account.

2.4 Data We Do NOT Collect

We do not collect device identifiers, advertising IDs, or analytics data.

We do not use cookies, tracking pixels, or behavioral profiling.

We do not collect health data, biometric data, or movement patterns beyond Safety Tracking GPS points.

We do not upload GPS coordinates to the cloud (stamp locations are stripped of coordinates before cloud backup).

3. Why We Collect Data (Legal Basis)

3.1 Safety Tracking GPS Data

Under GDPR Article 6, our legal basis is explicit consent (Article 6(1)(a)). You provide this consent by turning on the Safety Tracking feature and granting location permission.

3.2 Cloud Backup Data

Under GDPR Article 6, our legal basis is explicit consent (Article 6(1)(a)). You provide this consent by choosing to sign in with Google or Apple. You may withdraw consent at any time by deleting your account.

3.3 Under Japan APPI

We specify the purpose of use at the time of collection: GPS data is collected solely for personal safety purposes. Cloud backup data is collected solely for preserving your pilgrimage progress across devices.

3.4 Under Brazil LGPD

For users in Brazil, the legal basis for processing is consent (LGPD Art. 7, I). You may exercise your rights under LGPD Art. 18 by contacting us or using the in-app account deletion feature.

4. How We Use Your Data

Safety Tracking GPS data: To allow people you share your tracking link with to see your location on a map.

Cloud Backup data: To preserve your pilgrimage progress (stamps, achievements, settings) so you can restore it on a new device.

We do not use your data for advertising, analytics, profiling, marketing, route optimization research, or any other purpose.

5. How We Store Your Data

5.1 Local Storage

Achievement progress, language preferences, weather cache, and route settings are stored using Flutter's SharedPreferences on your device. This data is not encrypted beyond the device-level encryption provided by your operating system (iOS Data Protection / Android file-based encryption).

5.2 Server Storage (Safety Tracking Only)

When Safety Tracking is enabled, GPS coordinates and timestamps are transmitted via HTTPS (TLS 1.2+). Access to tracking data is controlled by a unique, cryptographically random token generated for each tracking session.

5.3 Cloud Storage (Cloud Backup Only)

When you sign in and sync, your progress data (without GPS coordinates) is stored in Google Cloud Firestore in the asia-northeast1 (Tokyo) region. Data is encrypted at rest and in transit by Google Cloud. Access is restricted to your authenticated account only, enforced by Firestore Security Rules.

6. Data Retention

Tracking data (GPS coordinates and timestamps) is automatically deleted after 7 days from the time of recording.

Local data (preferences, achievements) persists on your device until you uninstall the App or clear App data.

Cloud Backup data persists until you explicitly delete it using the "Delete Account" feature in Settings, or by contacting us.

7. Who We Share Your Data With

We do not sell, rent, license, or share your personal data with any third party.

Safety Tracking data is accessible only via a token-based share link that you generate. Cloud Backup data is accessible only to your authenticated account.

8. Third-Party Services

The App uses the following third-party services:

Service	Data Sent	Purpose	Privacy Policy
OpenStreetMap (tile.openstreetmap.org)	Map tile requests (general area coordinates)	Display map tiles	OpenStreetMap Privacy Policy
JMA (Japan Meteorological Agency)	Geographic area code (region-level)	Fetch weather forecasts for Kumano Kodo	JMA Terms
AEMET (Agencia Estatal de Meteorologia)	Municipio code (town-level)	Fetch weather forecasts for Camino de Santiago	AEMET Terms
Firebase Authentication (Google)	Email, display name, OAuth token	User sign-in for Cloud Backup	Google Privacy Policy
Cloud Firestore (Google)	Stamps (no GPS), achievements, settings	Cloud backup storage	Google Cloud Privacy
Google Sign-In	Google account OAuth token	Authentication	Google Privacy Policy
Sign in with Apple	Apple ID token, email (if shared)	Authentication	Apple Privacy Policy

Note: Weather data uses only region-level codes. No precise GPS coordinates, device identifiers, or user identifiers are sent to weather services.

9. Your Rights

9.1 Under GDPR (Articles 13-22)

If you are in the European Economic Area (EEA), you have the following rights:

Right of Access (Art. 15): Request a copy of any personal data we hold about you.

Right to Rectification (Art. 16): Request correction of inaccurate data.

Right to Erasure (Art. 17): Request deletion of your data. You can delete your cloud data and account directly in the App (Settings > Delete Account). Tracking data is auto-deleted after 7 days.

Right to Restriction of Processing (Art. 18): Request that we limit how we process your data.

Right to Data Portability (Art. 20): Request your data in a structured, machine-readable format.

Right to Object (Art. 21): Object to processing of your data.

Right to Withdraw Consent: Withdraw consent at any time by turning off Safety Tracking, signing out of Cloud Backup, or deleting your account.

Right to Lodge a Complaint: Lodge a complaint with a supervisory authority in your country of residence.

9.2 Under Japan APPI

If you are in Japan, you have the right to request disclosure, correction, deletion, or cessation of use of your personal data.

9.3 Under Brazil LGPD

If you are in Brazil, you have the rights listed in LGPD Art. 18, including: confirmation of processing, access, correction, anonymization, deletion, information about sharing, and revocation of consent. The competent authority is the ANPD (Autoridade Nacional de Protecao de Dados).

9.4 How to Exercise Your Rights

To exercise any of these rights, contact us at support@dualpilgrim.app or use the in-app "Delete Account" feature. We will respond within 30 days (GDPR) or without delay (APPI/LGPD).

10. Children's Privacy

Sacred Trails is rated 4+ on the App Store and Everyone on Google Play. The App does not knowingly collect personal data from children under 16 (GDPR) or under 12 (Brazil LGPD). Cloud Backup (sign-in) requires a Google or Apple account, which have their own age restrictions. If you believe a child has signed in without appropriate parental consent, please contact us and we will promptly delete the associated data.

11. Data Security

We implement the following security measures:

Encryption in Transit: All data transmitted between the App and servers uses HTTPS (TLS 1.2 or higher).

Encryption at Rest: Cloud Backup data is encrypted at rest by Google Cloud Firestore.

Access Control: Firestore Security Rules ensure each user can only access their own data.

Token-Based Access: Tracking data is accessible only via unique, cryptographically random session tokens.

Automatic Data Expiry: Tracking data is automatically purged after 7 days.

Minimal Data Collection: GPS coordinates are never uploaded to the cloud. Only essential progress data is backed up.

Account Deletion: Users can permanently delete their cloud data and account at any time from within the App.

12. International Data Transfers

The Data Controller is based in Taiwan. Cloud Backup data is stored in Google Cloud Firestore (asia-northeast1, Tokyo). Firebase Authentication data may be processed in Google's US infrastructure. For transfers outside the EEA, appropriate safeguards are in place in accordance with GDPR Chapter V, including Google's data processing agreements and standard contractual clauses.

For users in Japan, cross-border transfers comply with APPI requirements. For users in Brazil, transfers comply with LGPD Chapter V.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through an App update. The "Last Updated" date at the top indicates when the latest revision was made.

Continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Luke Chiang

Email: support@dualpilgrim.app

*This Privacy Policy is designed to comply with the EU General Data Protection Regulation (GDPR), the Japan Act on the Protection of Personal Information (APPI), the Brazil Lei Geral de Protecao de Dados (LGPD), Apple App Store Review Guidelines, and Google Play Developer Policy requirements.*