Skip to main content
GPSSquadStart Planning

Privacy Policy

Effective Date: 18 March 2026

This Privacy Policy describes how GPSSquad collects, uses, stores, and shares your personal data when you use the GPSSquad platform. It applies to users in all territories where GPSSquad operates, including the United States, Canada, Australia, New Zealand, the European Union (including Germany), and India.

Please read this Policy carefully. By using the Platform, you acknowledge that you have read and understood its contents.

1. Who Is Responsible for Your Data

GPSSquad is the data controller (in GDPR terminology) and data fiduciary (under Indias Digital Personal Data Protection Act 2023) responsible for your personal data. Contact: hello@gpssquad.com

For EU/EEA users: we are working to appoint a representative within the European Union as required under Article 27 of the GDPR. Details will be updated here once confirmed.

2. Data We Collect

2.1 Account Data

When you register, we collect your name, email address, and password (stored as a secure hash, never in plain text). This data is necessary to provide you with an account and to identify you when you log in.

2.2 Profile Data

You may optionally provide additional profile information including your location, bio, travel preferences, dietary preferences, vehicle details, and saved places. This information is used to personalise your planning experience. None of it is mandatory to use the Platform.

2.3 Trip Data

When you create trips, we store the route details, stops, interests, budget, travel dates, companion information, and any notes or content you add. This data is the core of the service and is stored on your behalf so you can access and edit it across sessions.

2.4 Location Data

We collect your trip origin and destination as part of the planning process. If you use live navigation features, the app may access your device location with your permission. We do not track your location continuously or in the background without your explicit consent.

For EU users: location data constitutes personal data under GDPR. We process it on the basis of your consent, which you may withdraw at any time via your device settings.

2.5 Communications Data

If you contact us by email, we retain the contents of that communication for the purpose of responding to you and maintaining records of our correspondence. If you subscribe to our mailing list, we store your email address for the purpose of sending you communications you have agreed to receive.

2.6 Technical and Usage Data

We collect standard technical data including your IP address, browser type, device type, operating system, pages visited, and actions taken on the Platform. This data is used to operate the Platform, diagnose technical issues, and understand how the service is used in aggregate.

We use cookies and similar technologies as described in Section 7 below.

3. How We Use Your Data

We use your data for the following purposes:

  • To create and manage your account
  • To provide the trip planning, route mapping, and AI itinerary generation features
  • To personalise your experience based on your stated preferences
  • To send you service communications (account confirmations, password resets, trip notifications)
  • To send you marketing communications where you have given consent or where we have a legitimate interest, subject to your right to opt out at any time
  • To operate and improve the Platform, including identifying and fixing bugs and improving AI outputs
  • To comply with our legal obligations

Legal Bases for Processing (EU/UK/GDPR)

For users in the EU and UK, we process your personal data on the following legal bases:

  • Contract performance: processing necessary to provide the services you have requested (account, trip planning, navigation)
  • Legitimate interests: improving the Platform, preventing fraud, sending relevant marketing where you have a reasonable expectation of it
  • Consent: location data for live navigation, cookies beyond strictly necessary, marketing emails to new subscribers
  • Legal obligation: compliance with applicable law

India (DPDP Act 2023)

For users in India, we process your personal data on the basis of your free, specific, informed, and unconditional consent as required under the Digital Personal Data Protection Act 2023. You may withdraw consent at any time, and we will cease processing within a reasonable time. Withdrawal of consent may affect your ability to use certain features.

4. Third Party Service Providers

We share your data with trusted third party service providers who help us operate the Platform. These providers are contractually obligated to process your data only as instructed by us and to maintain appropriate security standards.

  • Mapbox (United States): mapping, routing, and geocoding services. Your trip routes and location data are processed by Mapbox to generate maps and directions. Privacy policy: mapbox.com/legal/privacy
  • Anthropic (United States): AI powered features including itinerary suggestions and trip planning intelligence. Trip and preference data may be processed to generate suggestions. Privacy policy: anthropic.com/privacy
  • Open Meteo (Switzerland): weather data along routes. Route coordinates are sent to Open Meteo to retrieve weather forecasts. Privacy policy: open-meteo.com/en/privacy
  • SendGrid / Twilio (United States): email delivery for account communications, notifications, and marketing emails. Your email address is processed by SendGrid to deliver messages. Privacy policy: sendgrid.com/policies/privacy
  • Amazon Web Services (United States): cloud infrastructure and data storage. All Platform data is stored on AWS servers. Privacy policy: aws.amazon.com/privacy
  • Neon (United States): managed database infrastructure. Trip and user data is stored in Neon hosted PostgreSQL databases. Privacy policy: neon.tech/privacy

For EU users: transfers to providers based in the United States are conducted under appropriate safeguards including Standard Contractual Clauses as approved by the European Commission.

We do not sell your personal data to third parties. We do not share your data with advertisers.

5. Data Retention

We retain your personal data for as long as your account remains active and for a reasonable period thereafter in case you wish to reactivate your account. You may request deletion of your account and associated data at any time.

Certain data may be retained beyond account deletion where required by law (for example, financial records or communications required for legal proceedings).

Technical logs are retained for up to 90 days for diagnostic purposes.

6. Your Rights

All Users

  • Right to access: you may request a copy of the personal data we hold about you
  • Right to correction: you may request correction of inaccurate or incomplete data
  • Right to deletion: you may request deletion of your account and personal data, subject to legal retention obligations
  • Right to opt out of marketing: you may unsubscribe from marketing communications at any time using the unsubscribe link in any email or by contacting hello@gpssquad.com

EU and UK Users (GDPR)

  • Right to data portability: you may request your data in a structured, machine readable format
  • Right to object: you may object to processing based on legitimate interests
  • Right to restrict processing: you may request that we limit how we use your data in certain circumstances
  • Right to lodge a complaint: you have the right to complain to your local data protection supervisory authority. In Germany, this is the relevant state data protection authority (Landesdatenschutzbehoerde)

We will respond to all data rights requests within 30 days.

Australian Users

Australian users have rights under the Privacy Act 1988 and the Australian Privacy Principles. You may request access to and correction of your personal information. If you believe we have mishandled your data, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

New Zealand Users

New Zealand users have rights under the Privacy Act 2020. You may request access to and correction of your personal information. Complaints may be lodged with the Privacy Commissioner at privacy.org.nz.

Canadian Users

Canadian users have rights under PIPEDA (federal) and applicable provincial privacy legislation. You may access, correct, or withdraw consent for processing of your personal information. Complaints may be directed to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Indian Users

Indian users have rights under the Digital Personal Data Protection Act 2023. You have the right to access, correct, and erase your personal data, and the right to grievance redressal. Our Grievance Officer can be contacted at hello@gpssquad.com. You may also approach the Data Protection Board of India once it is constituted and operational.

California Users (CCPA)

California residents have the right to know what personal information we collect and how it is used, to request deletion, to opt out of the sale of personal information (we do not sell personal information), and to non discrimination for exercising these rights. To submit a request, contact hello@gpssquad.com.

7. Cookies and Tracking

We use cookies and similar tracking technologies to operate the Platform and understand how it is used. Cookies are small text files stored on your device.

We use the following categories of cookies:

  • Strictly necessary cookies: required for the Platform to function (authentication, session management). These cannot be disabled.
  • Functional cookies: remember your preferences and settings across sessions
  • Analytics cookies: help us understand how the Platform is used in aggregate. We use these only with your consent.

For EU users: we present a cookie consent banner on first visit. You may withdraw or update your consent at any time via the cookie settings option in the Platform footer. Strictly necessary cookies do not require consent.

For German users: we comply with the Telekommunikation Telemedien Datenschutz Gesetz (TTDSG) in addition to GDPR requirements.

8. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures including encrypted data transmission (HTTPS), hashed password storage, access controls limiting who within GPSSquad can access personal data, and regular security reviews.

No system is entirely secure, and we cannot guarantee absolute security. If you become aware of any security concern, please notify us immediately at hello@gpssquad.com.

9. Children's Privacy

The Platform is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without parental consent, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated Policy on the Platform with a revised effective date. We encourage you to review this Policy periodically.

11. Contact

For all privacy related enquiries, requests, or complaints:

Email: hello@gpssquad.com

Subject line: Privacy Request

We aim to acknowledge all privacy enquiries within 48 hours and resolve them within 30 days.