Privacy Policy for CmTag Mobile App
Effective Date: October 22, 2025
SecureTrip ("we", "our", or "us") operates the SecureTrip mobile application (the "App"). This Privacy Policy describes how we collect, use, share, and protect your information when you use the App. By using the App, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the App.
This Privacy Policy complies with applicable laws, including the General Data Protection Regulation (GDPR) for EU users, the California Consumer Privacy Act (CCPA) for California residents, and Google's Play Store requirements for apps handling personal or sensitive data (e.g., location, camera access).
1. Information We Collect
We collect the following types of information to provide and improve the App's trip recording features:
Personal Information You Provide:
Account Information: Email address, password, and name when you register or login. For admin users, we also collect role information (user or admin).
Trip Data: Location coordinates (latitude/longitude), timestamps, remarks, and photos (including metadata like EXIF data) you capture during trips.
Device Information: Device ID, model, OS version, language, and account settings for authentication and security.
Automatically Collected Information:
Location Data: Precise GPS location data when you enable location services for trip recording. This includes background location if permitted.
Camera Data: Photos captured in-app, including metadata (e.g., timestamp, device model). We do not access your photo library unless explicitly granted.
Usage Data: App interactions (e.g., trip uploads, views), device sensors (e.g., accelerometer for security), and network details (e.g., signal strength for verification).
Technical Data: IP address, browser type, OS, and app version for analytics and security.
Information from Third Parties:
- Google Sign-In: If you use Google login, we receive your Google account email, name, and profile picture.
We do not collect sensitive information like financial data, health data, or biometric data.
2. How We Use Your Information
We use the collected information for the following purposes:
Account Management: To create and manage your account, authenticate logins, and enforce role-based access (user vs. admin).
Trip Recording: To store and display your trip data, including GPS locations, photos, and remarks. Admin users can view aggregated data for oversight.
Security and Fraud Prevention: To verify device authenticity, detect tampering (e.g., via hash checks and timestamps), and prevent unauthorized access. This includes binding data to your device and checking for real-time GPS and camera use.
Notifications: To send optional alerts (e.g., admin notifications for new user trips if enabled).
App Improvement: To analyze usage patterns, fix bugs, and enhance features (e.g., better map accuracy).
Compliance: To meet legal requirements, such as responding to data access requests under GDPR or CCPA.
We do not use your information for automated decision-making that significantly affects you.
3. How We Share Your Information
We do not sell your personal information. We may share it as follows:
Service Providers: With trusted third parties (e.g., cloud storage for photos, analytics tools like Google Analytics) who need access to provide services. They are bound by confidentiality agreements.
Admin Access: Trip data may be viewed by admins for management purposes (e.g., reviewing notifications or analytics).
Legal Requirements: If required by law, regulation, or legal process (e.g., court order).
Business Transfers: In case of merger, acquisition, or sale of assets.
We do not share location or photo data with advertisers or third parties for marketing.
4. Your Choices and Rights
You have control over your data:
Account Settings: Update your profile, enable/disable notifications, or delete your account via the app settings.
Permissions: Manage camera and location access in your device settings. We only access when you actively use the feature.
Data Access/Deletion: Contact us at support@securetrip.com to request access, correction, or deletion of your data. We respond within 30 days (GDPR/CCPA compliant).
For California residents (CCPA):
Right to Know: Request categories of personal information collected.
Right to Delete: Request deletion of personal information.
Right to Opt-Out: We do not sell data, but you can opt-out of sharing.
For EU residents (GDPR):
Right to Access: Request a copy of your data.
Right to Rectification: Correct inaccurate data.
Right to Erasure: Delete your data ("right to be forgotten").
5. Data Retention and Security
Retention: We keep your data as long as your account is active or as needed for legal/compliance reasons (e.g., trip logs for 7 years). Deleted accounts remove data within 30 days.
Security: We use industry-standard encryption (HTTPS, AES-256), access controls, and regular audits. For trip photos, we apply tamper-detection (hashes, timestamps). However, no system is 100% secure, so we cannot guarantee absolute security.
6. Children's Privacy
The App is not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from children. If we discover such data, we delete it promptly.
7. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices. We'll notify you via in-app notice or email for material changes. Continued use after changes means acceptance.
8. Contact Us
For questions about this Privacy Policy or data practices, contact:
- Email: support@securetrip.com
Last Updated: October 22, 2025