Privacy Policy
Last updated: April 2026
1. Introduction
VoyageTrail ("we", "us", "our") is a cruise and flight travel tracking service operated from the United Kingdom. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have in relation to your data when you use our service at app.voyagetrail.app and related subdomains (collectively, the "Service").
By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is VoyageTrail, contactable at:
- Email: hello@voyagetrail.app
3. Personal Data We Collect
3.1 Account Information
When you create an account, we collect:
- Email address — used for authentication, email verification, and service communications.
- Display name — your chosen name displayed within the Service.
- Password — stored securely using Argon2 hashing. We never store your password in plain text and cannot retrieve it.
- Account role — your permission level within the Service (e.g. user, admin).
3.2 Travel Data
When you use the Service, you may voluntarily provide:
- Cruise voyage records — ship names, itineraries, ports of call, dates, cabin details, and related notes.
- Flight records — departure and arrival airports, dates, airlines, seat information, and related notes.
- Visited countries — countries derived from your travel records or manually added.
- Custom fields — any additional data you choose to add to your travel records.
3.3 AIS Ship Tracking Data
To enhance your cruise records with accurate route and port data, we use Automatic Identification System (AIS) satellite data provided by third-party APIs. This data relates to ship positions, not to you personally. We cache ship position data to improve service performance. AIS data is associated with your cruise records only when you use the route-building feature.
3.4 Billing Information
If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not collect or store your credit card number, bank account details, or other payment instrument data on our servers. We receive from Stripe:
- Your Stripe customer ID.
- Subscription status (active, cancelled, trialling, past due).
- Current billing period dates.
- The plan and price you are subscribed to.
Stripe processes your payment data under its own privacy policy, available at stripe.com/privacy.
3.5 Technical Data
When you access the Service, our hosting infrastructure may automatically log:
- IP address (for security and abuse prevention).
- Browser type and version.
- Request timestamps.
We do not use any third-party analytics, tracking pixels, or advertising networks.
4. How We Use Your Data
We process your personal data on the following lawful bases under UK GDPR:
4.1 Performance of Contract (Article 6(1)(b))
- Providing and maintaining the Service.
- Managing your account and authentication.
- Processing subscriptions and managing your billing relationship via Stripe.
- Displaying your travel data on the interactive map and in statistics.
- Fetching AIS data and itinerary information to populate your cruise records.
- Enabling data export and account deletion.
4.2 Legitimate Interests (Article 6(1)(f))
- Sending transactional emails (email verification, password-related communications, important service updates).
- Preventing fraud, abuse, and unauthorised access.
- Improving the Service based on aggregate, anonymised usage data.
4.3 Consent (Article 6(1)(a))
Where we rely on your consent for any processing activity, you may withdraw consent at any time by contacting us at hello@voyagetrail.app. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
5. Cookies and Local Storage
We use a minimal number of cookies and local storage items:
| Name | Purpose | Type | Duration |
|---|---|---|---|
| Session cookie | Authenticates your logged-in session | Strictly necessary | 30 days |
| Theme preference | Stores your light/dark mode choice | Functional | Persistent |
| Beta acceptance | Records whether you have accepted beta terms | Functional | Persistent |
We do not use any advertising, analytics, or third-party tracking cookies. Because we only use strictly necessary and functional cookies, we do not require a cookie consent banner under UK/EU cookie regulations.
6. Data Processors and Third-Party Services
We share your personal data with the following third-party service providers ("data processors") who process data on our behalf:
| Category | Purpose | Data Shared | Location |
|---|---|---|---|
| Cloud hosting provider | Application and database hosting | All Service data (encrypted in transit and at rest) | EU/UK region |
| Payment processor | Subscription billing and payment processing | Email, subscription details, payment information | United States (with EU/UK safeguards) |
| Email delivery provider | Transactional email delivery | Email address, email content | United States (with EU/UK safeguards) |
| Maritime data provider | AIS ship position data | Ship identifiers only (no personal data) | EU |
| CDN and DNS provider | Content delivery and DNS for marketing site | IP address, request metadata | Global (with EU/UK safeguards) |
Each processor is contractually obligated to protect your data and process it only on our instructions. Where processors are located outside the UK, appropriate safeguards are in place (such as Standard Contractual Clauses or UK International Data Transfer Agreements).
7. International Data Transfers
Our primary hosting infrastructure is located in the EU/UK region. Some of our data processors operate globally and may transfer data outside the UK and the European Economic Area (EEA). Where such transfers occur, we ensure that adequate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- UK International Data Transfer Agreements (IDTAs) or Addenda.
- The processor's participation in recognised data protection frameworks.
8. Data Retention
We retain your personal data for as long as your account is active.
- Account data and travel records are retained until you delete your account.
- Billing records may be retained for up to 7 years after your last transaction to comply with UK tax and accounting obligations.
- Server logs containing IP addresses are retained for no longer than 90 days.
- AIS ship position data (which does not contain personal data) is retained indefinitely to improve service quality.
When you delete your account, all personal data is permanently erased from our database within 30 days, except where retention is required by law.
9. Your Rights Under UK GDPR
As a data subject, you have the following rights under UK GDPR. You can exercise any of these rights by contacting us at hello@voyagetrail.app.
9.1 Right of Access (Article 15)
You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data. You can export all your data at any time from your account settings in JSON or CSV format.
9.2 Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected. You can update your email address, display name, and travel records directly within the Service at any time.
9.3 Right to Erasure (Article 17)
You have the right to request the deletion of your personal data. You can delete your account and all associated data at any time from your account settings. Deletion is permanent and cannot be reversed.
9.4 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. The data export feature in your account settings provides your data in JSON and CSV formats.
9.5 Right to Restrict Processing (Article 18)
You have the right to request the restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
9.6 Right to Object (Article 21)
You have the right to object to the processing of your personal data where we rely on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
9.7 Right to Lodge a Complaint
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Passwords are hashed using Argon2 (an industry-leading hashing algorithm). We cannot view or retrieve your password.
- All data in transit is encrypted using TLS (HTTPS).
- Database connections are encrypted.
- Session-based authentication with secure, HTTP-only cookies.
- Role-based access controls to restrict data access to authorised personnel.
While we take all reasonable precautions, no method of electronic storage or transmission is 100% secure. If you become aware of any security breach, please notify us immediately at hello@voyagetrail.app.
11. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at hello@voyagetrail.app.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (using the address associated with your account) or by placing a prominent notice within the Service at least 14 days before the changes take effect.
We encourage you to review this page periodically. Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.
13. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us:
- Email: hello@voyagetrail.app