Privacy Policy

1. Introduction

TRODDR ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. Please also review our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, password (encrypted), date of birth, profile information
• Preferences: Travel interests, dietary restrictions, accessibility needs, language preferences, notification settings
• Travel Plans: Saved places, bookmarks, custom itineraries, trip dates, travel companions
• User Feedback: Upvotes, downvotes, "would visit again" votes, interaction signals
• Communication: Support requests, messages, survey responses, feedback submissions
• Payment Information: Processed securely by third-party payment processors (we do not store full credit card details)

2.2 Information Collected Automatically

• Usage Data: Features used, screens viewed, session duration, search queries, engagement metrics, content interactions
• Device Information: Device model, operating system, network information, device identifiers (IDFA, Android ID), app version, screen size
• Location Data: Precise GPS location (when enabled), IP-based location, saved locations, location history
• Technical Data: IP address, browser settings, cookies, server logs, crash reports, performance data
• Offline Data: Cached listings, maps, images, and itineraries for offline access

2.3 Information from Third-Party Sources

• Social login data from Apple, Google, or Facebook (name, email, profile picture)
• Booking or reservation confirmations from integrated partners
• Aggregated demographic information from analytics providers
• Map usage data from Google Maps and Apple Maps

3. How We Use Your Information

3.1 Primary Uses

• Provide, operate, maintain, and personalize the Service
• Manage your account and travel itineraries
• Deliver location-based and personalized recommendations
• Enable offline functionality through content caching
• Facilitate social features and content sharing

3.2 Improvement & Analytics

• Analyze usage trends and user behavior to improve the Service
• Aggregate user feedback to refine curation and recommendations
• Develop and test new features and functionality
• Monitor performance and troubleshoot technical issues
• Measure effectiveness of sponsored listings and partnerships

3.3 Security & Fraud Prevention

• Detect and prevent fraud, abuse, and security threats
• Verify identity and ensure age compliance
• Maintain safety and integrity of the Service
• Enforce our Terms of Service and policies

3.4 Communication

• Send transactional notifications (account updates, security alerts)
• Provide customer support and respond to inquiries
• Send marketing communications (with your consent where required)
• Conduct surveys and request feedback

3.5 Legal Compliance

• Comply with legal obligations and respond to lawful requests
• Enforce our rights and protect against legal liability
• Investigate and prevent illegal activities

3.6 Legal Basis for Processing (EEA/UK Users)

We process your data based on:

• Contractual Necessity: To provide the Service you've agreed to
• Consent: When you've given explicit permission
• Legal Obligations: To comply with applicable laws
• Legitimate Interests: For business operations, security, and improvement (balanced against your rights)

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third-party providers who help us operate the Service:

• Cloud hosting providers (AWS, Google Cloud)
• Analytics services (Google Analytics, Firebase, Mixpanel)
• Customer support, email, and notification services
• Security and fraud prevention tools
• Payment processors

These providers are contractually obligated to protect your information and only use it for specified purposes.

4.2 Mapping Partners

• Google Maps (subject to Google's Privacy Policy)
• Apple Maps (subject to Apple's Privacy Policy)

4.3 Business Partners

• Aggregated, anonymized feedback shared with featured businesses
• Booking and reservation partners for confirmed transactions

4.4 Legal Disclosure

We may disclose information when required by law or to:

• Comply with legal process, court orders, or government requests
• Protect our rights, property, or safety, or that of our users
• Investigate fraud, security issues, or policy violations
• Respond to emergencies involving danger of death or serious injury

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. You will be notified of any such change.

4.6 With Your Consent

We may share information for purposes you explicitly approve or direct.

4.7 Aggregated or De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analytics, or product development.

5. Your Privacy Choices and Rights

5.1 Account Management

• Access and update your information through the app settings
• Manage saved places, itineraries, and preferences
• Control profile visibility and sharing settings

5.2 Location Services

• Control location access via device settings (iOS: Settings > Privacy > Location Services)
• Manage location preferences within TRODDR app settings
• Disable location services anytime (may limit location-based features)

5.3 Marketing & Communications

• Unsubscribe from marketing emails using the unsubscribe link
• Manage push notifications in app settings or device settings
• Opt out of personalized advertising through device settings

Note: You will still receive important service-related communications even after opting out of marketing.

5.4 Data Subject Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Data Portability: Receive your data in a machine-readable format
• Restriction: Request limits on how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights: Contact us at legal@troddr.com with "Privacy Rights Request" in the subject line. We will respond within 30 days (45 days for California residents).

5.5 Account Deletion

• Delete your account through app settings under "Account Management"
• Or email legal@troddr.com requesting account deletion
• We will remove your data within 30 days (subject to legal retention requirements)

5.6 Identity Verification

To protect your privacy, we may request verification of your identity before fulfilling data requests.

6. Data Security

6.1 Security Measures

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Secure Authentication: Password hashing, secure token management, multi-factor authentication options
• Access Controls: Role-based access, principle of least privilege, employee training
• Infrastructure Security: Firewalls, intrusion detection systems, regular security audits
• Incident Response: 24/7 monitoring, breach response procedures, regular security testing

Important: No security system is 100% perfect. While we implement industry-standard protections, you are responsible for keeping your login credentials secure and taking appropriate precautions.

6.2 Best Practices for Users

• Use a strong, unique password for your TRODDR account
• Never share your login credentials with others
• Log out of your account on shared or public devices
• Enable device security features (screen lock, biometric authentication)
• Keep the TRODDR app updated to the latest version

6.3 Data Breach Notification

If a data breach affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.

7. Data Retention

We retain your information as long as necessary to provide the Service, meet legal requirements, resolve disputes, and enforce our agreements.

7.1 Retention Periods

• Account Information: While your account is active, plus 90 days after deletion request
• Usage & Analytics Data: 18-24 months, then aggregated or deleted
• Communications: 3 years for support and legal purposes
• Transaction Records: As required by law (typically 7 years)
• Backup Systems: Up to 90 days in secure backup systems
• Legal Holds: Retained as required for litigation, investigations, or regulatory matters

After retention periods expire, we securely delete or anonymize your information.

8. International Data Transfers

TRODDR operates globally. Your information may be transferred to, stored, and processed in Jamaica, the United States, and other jurisdictions where our service providers operate.

8.1 Safeguards

When transferring data internationally, we use approved mechanisms to ensure adequate protection:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) where applicable
• Privacy Shield certifications (where available and applicable)
• Other legally approved transfer mechanisms

By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

9. Children's Privacy

Age Requirements: Our Service is for users aged 13 and older. Users between 13-17 must have parental or guardian consent to use the Service.

9.1 Parental Rights (Ages 13-17)

• Parents or legal guardians must review and agree to this Privacy Policy and our Terms of Service
• Parents are responsible for monitoring their child's use of the Service
• Parents may request access to or deletion of their child's information by contacting legal@troddr.com
• We may request verifiable parental consent at any time

9.2 Protection for Minors

• We limit data collection to what's necessary for Service functionality
• We do not use minors' data for targeted advertising
• Parents have transparency and control over their child's information

9.3 Children Under 13

We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have collected information from a child under 13 without proper consent, please contact us immediately at legal@troddr.com. We will promptly investigate and delete such information.

10. Cookies and Tracking Technologies

10.1 Technologies We Use

• Cookies: Small data files stored on your device to remember preferences and sessions
• Web Beacons/Pixels: Track page views, email opens, and user interactions
• Device Identifiers: Mobile advertising IDs (IDFA on iOS, Android ID)
• Local Storage: Cached data for offline functionality and performance
• Analytics SDKs: Third-party tools embedded in our app for usage analysis

10.2 Purposes

• Essential: Authentication, security, maintaining user preferences and sessions
• Analytics: Understanding usage patterns, measuring app performance
• Personalization: Customizing content and recommendations based on preferences
• Offline Access: Caching content for offline availability

10.3 Your Controls

• iOS: Settings > Privacy > Tracking (disable "Allow Apps to Request to Track")
• Android: Settings > Google > Ads > Opt out of Ads Personalization
• In-App: Manage tracking preferences in TRODDR app settings
• Browser: Adjust cookie settings in your browser preferences

10.4 Cookie Consent

Where required by law (e.g., EU, UK), you will be prompted to accept or manage cookies when first using our Service.

11. Offline Functionality

TRODDR allows you to download content for offline access, including itineraries, place listings, maps, and images.

11.1 Data Storage

• Offline content is cached locally on your device
• Cached data may become outdated if not synced regularly with our servers
• You can manage offline content through app settings
• Offline data is cleared when you uninstall the app

Privacy Tip: Offline data stored on your device may be accessible to anyone with physical access to your device. We recommend using device security features such as screen locks, encryption, and biometric authentication.

12. Third-Party Services

12.1 Integrated Services

We integrate with third-party platforms to provide enhanced functionality:

• Google Maps & Apple Maps: Location services and navigation
• Social Platforms: Apple, Google, and Facebook for authentication and sharing
• Cloud Providers: AWS and Google Cloud for hosting and storage
• Analytics: Google Analytics, Firebase, Mixpanel for usage insights

12.2 Third-Party Privacy Policies

These services have independent privacy policies. We encourage you to review them:

• Google: https://policies.google.com/privacy
• Apple: https://www.apple.com/legal/privacy/
• Facebook: https://www.facebook.com/privacy/policy/

12.3 Disclaimer

We are not responsible for the privacy practices of third-party services. When you leave our Service via external links, you do so at your own risk.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

13.1 How We'll Notify You

• Prominent notice within the app
• Email to your registered account address
• Push notification (if you have notifications enabled)
• Notice on our website

13.2 Material Changes

We will provide at least 30 days' notice before material changes take effect.

Continued use of our Service after updates indicates your acceptance of the revised Privacy Policy. If you do not agree with changes, you must stop using the Service and may delete your account.

14. Regional Privacy Rights

14.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

• Right to Know: Request information about the categories and specific pieces of personal data we collect
• Right to Delete: Request deletion of your personal information (with certain exceptions)
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: You will not face discrimination for exercising your rights
• Shine the Light: Request disclosure of information sharing with third parties for their marketing purposes

To exercise rights: Email legal@troddr.com with "California Privacy Rights" in the subject line. We will respond within 45 days.

14.2 European Economic Area & UK (GDPR)

If you are located in the EEA or UK, you have the following rights:

• Right of Access: Confirm whether we process your data and access a copy
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: "Right to be Forgotten" in certain circumstances
• Right to Restriction: Limit processing in specific situations
• Right to Data Portability: Receive your data in a portable, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Complain: File a complaint with your local data protection authority
• Automated Decision-Making: Rights regarding automated decisions and profiling

To exercise rights: Email legal@troddr.com with "GDPR Request" in the subject line. We will respond within 30 days.

14.3 Brazil (LGPD)

Brazilian residents have rights including access, correction, deletion, portability, and objection to processing. Contact legal@troddr.com to exercise these rights.

14.4 Other Jurisdictions

We honor privacy rights as required by your local laws. Contact us at legal@troddr.com to understand how privacy laws in your jurisdiction apply to your use of our Service.

15. Contact Information