Privacy Policy

Last updated: April 29, 2026

      Your travel data belongs to you. We do not sell it, share it with advertisers, or use it for any purpose other than operating the service.
    

This policy explains what personal data WanderTrack collects, why we collect it, how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR) and Finnish data protection law.

1. Data Controller

The data controller is:

Stefan Saxen
Finland
privacy@wandertrack.app

2. Data We Collect

Category	Data	Source
Account	Email address, hashed password	You provide this when registering
Travel data	Country and city names, ISO codes, coordinates, continent, date visited	You add this when logging visited places
Feedback	Email address, message text, category	You provide this when submitting feedback
Technical logs	IP address, browser type, pages accessed, timestamps	Automatically collected by our hosting provider (Vercel)

We do not collect location data in the background, track you across other websites, or use advertising cookies.

3. How We Use Your Data

Purpose	Legal basis (GDPR Art. 6)
Creating and managing your account	Performance of a contract (Art. 6(1)(b))
Displaying your visited places on the map	Performance of a contract (Art. 6(1)(b))
Responding to feedback and support requests	Legitimate interests (Art. 6(1)(f))
Preventing fraud and abuse	Legitimate interests (Art. 6(1)(f))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

4. Data Sharing

We do not sell your personal data. We share data only with the following sub-processors necessary to operate the service:

Supabase Inc. (United States) — database and authentication. Data is stored in EU data centres where available. Supabase is certified under the EU–US Data Privacy Framework.
Vercel Inc. (United States) — web hosting and content delivery. Vercel processes request logs including IP addresses. Vercel is certified under the EU–US Data Privacy Framework.

No other third parties receive your personal data.

5. Data Retention

Account and travel data — retained for as long as your account is active. Deleted within 30 days of account deletion.
Feedback — retained for up to 2 years, then deleted.
Technical logs — retained by Vercel for up to 30 days in accordance with their data retention policy.

6. Your Rights

Under GDPR you have the following rights regarding your personal data:

Access — request a copy of the data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — request deletion of your data ("right to be forgotten").
Portability — receive your travel data in a machine-readable format (JSON export is available directly from the app).
Restriction — ask us to limit how we process your data in certain circumstances.
Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@wandertrack.app. We will respond within 30 days.

7. Cookies and Local Storage

WanderTrack uses:

Authentication cookies — set by Supabase to keep you logged in. Strictly necessary; no consent required.
Session storage — used to cache map data in your browser for faster loading. This data never leaves your device.
Local storage — used to remember dismissed notification banners. This data never leaves your device.

We do not use any analytics, advertising, or tracking cookies.

8. International Transfers

Your data may be transferred to and stored in the United States by our sub-processors (Supabase and Vercel). Both providers maintain appropriate safeguards under the EU–US Data Privacy Framework and Standard Contractual Clauses as required by GDPR Chapter V.

9. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), row-level security in the database (each user can only access their own data), and hashed password storage. No method of transmission over the internet is 100% secure.

10. Children

WanderTrack is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has created an account, please contact us and we will delete the data promptly.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes we will update the date at the top of this page. Continued use of the service after changes are posted constitutes your acceptance of the revised policy.

12. Supervisory Authority

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Tietosuojavaltuutetun toimisto
PO Box 800, FI-00531 Helsinki, Finland
tietosuoja.fi

13. Contact

For any privacy-related questions or data requests, contact us at privacy@wandertrack.app.