Privacy Policy

MapQueue ("we", "our", "the app") is a navigation application that provides turn-by-turn directions, multi-stop route planning, and collaborative driving features. This policy explains what data we collect, how we use it, and your rights.

Account Information: When you create an account, we collect your email address, display name, and profile picture (optional). Location Data: We collect your device's location to provide navigation, display your position on the map, and share your location with friends ("Roadies") during active drive sessions. Location data is collected in both the foreground and background while navigation is active. Device Information: We collect your device's push notification token to deliver notifications such as drive invites and friend requests. Usage Data: We collect anonymized crash reports and error logs via Sentry to improve app stability. These do not contain personal information.

For users in the European Union and other jurisdictions with GDPR or similar data protection laws, we process personal data on the following legal bases: Consent: Location data, device identifiers, and personalized advertising require your explicit consent, which you can withdraw at any time through device settings. Legitimate Interest: We process anonymized usage data and crash reports to improve app stability and security. Contractual Necessity: We process account information (email, name) to provide the service and maintain your account. Right to Withdraw Consent: You can withdraw consent for location tracking, personalized ads, and push notifications at any time by: - Disabling location permissions in device settings - Opting out of personalized ads in device settings - Disabling push notifications in app settings Data Processing Agreement: Organizations processing data on behalf of users can request a Data Processing Agreement (DPA) by contacting privacy@mapqueue.com.

- Provide turn-by-turn navigation and route calculation - Share your real-time location with accepted friends during drive sessions - Send push notifications for drive invites and friend requests - Cache route data locally on your device for offline navigation - Monitor app stability through anonymized crash reports - Authenticate your account and maintain your session

MapQueue requests both foreground and background location permissions. Background location is used only during active navigation so directions continue when you switch apps. Location sharing with Roadies only occurs during active drive sessions that you explicitly start. Your location is never shared without your action. You can revoke location permissions at any time through your device settings. The app will continue to function with limited features.

We work with trusted partners to provide and improve MapQueue: - Supabase (AWS): Authentication and database hosting - Mapbox: Map tiles, routing, and geocoding - Expo: Push notification delivery - Sentry: Crash reporting and error monitoring - Cloudinary: Profile picture hosting - Google AdMob: Display of personalized advertisements - RevenueCat: Subscription management and analytics Each service operates under its own privacy policy. We only share data with these services as necessary to provide app functionality.

Your account data is stored securely using Supabase (hosted on AWS). Authentication tokens are stored in your device's secure enclave (iOS Keychain / Android Keystore). Route data and preferences are cached locally using AsyncStorage. We do not sell, rent, or share your personal data with third parties for marketing purposes.

Active Drive Data Location data collected during navigation is deleted when you end the drive session. Trip summary (route, duration, distance) is retained in your trip history. You can delete individual trips from the app or request bulk deletion. Account Data Retention - Profile information (name, email, photo) retained while account is active - Saved locations (home, work, favorites) retained while account is active - Settings and preferences retained while account is active Account Deletion Timeline 1. Deletion Request: You can request account deletion from Settings > Delete Account 2. Grace Period: Your account enters a 7-day grace period. You can cancel deletion and restore your account during this time 3. Permanent Deletion: After 7 days, all account data is permanently deleted: - Profile information - Trip history - Saved locations - Preferences - Connections with other users Hazard Reports Hazard reports you submit are retained for safety purposes. Reports are anonymized 30 days after submission (location + type only, no user ID). Reports older than 90 days are archived. Subscription Data RevenueCat handles payment information (not stored by MapQueue). Subscription status is retained while active. Cancellation processed through your device's app store (Apple or Google). Upon cancellation, ad-free status ends immediately. Cookie Deletion No persistent cookies on MapQueue app. On website, cookies deleted via browser settings or privacy mode.

In the event of a confirmed data breach or security incident affecting personal data, we will: - Assess the scope and nature of the breach - Notify affected users promptly (within 72 hours where required by law) - Provide information about the breach, its consequences, and mitigation steps - Report to relevant authorities as required by law (GDPR, CCPA, etc.) Users are advised to monitor their accounts for suspicious activity and contact us immediately if they suspect unauthorized access.

MapQueue uses Supabase (AWS) which may involve transferring personal data from the EU to the United States and other countries. We implement safeguards to protect data: - Standard Contractual Clauses (SCCs) with data processors - EU adequacy decisions where applicable - Appropriate technical and organizational measures - Your explicit consent for data transfers where required Data transfers comply with GDPR Article 46 and GDPR Chapter V requirements.

For residents of California, you have the following rights under the California Consumer Privacy Act (CCPA): Right to Know: You have the right to request what personal information we collect, use, and disclose. Right to Delete: You have the right to request deletion of personal information collected from you, subject to certain exceptions. Right to Correct: You have the right to correct inaccurate personal information. Right to Opt-Out: You have the right to opt-out of the sale or sharing of your personal information. We do not sell personal information to third parties for marketing purposes. Right to Limit Use: You have the right to limit our use of sensitive personal information (location data, financial information) to necessary business purposes. No Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not face discriminatory pricing, service, or quality differences. Sale of Minors' Data: For California residents under 16 years old, we require opt-in consent before selling or sharing their data. For minors under 13, we require parental consent. Verification: We will verify your identity before processing requests. You may designate an authorized agent to submit requests on your behalf. Response Timeline: We will respond to verified requests within 45 days (or up to 90 days if complex). We will not charge a fee unless requests are manifestly unfounded or excessive. California "Shine the Light": We do not share personal information with third parties for their own direct marketing without your consent. How to Submit a CCPA Request: - Email: privacy@mapqueue.com - Include: Your full name, email, specific request, and any relevant information - Include the statement: "California Resident - CCPA Request" For more information about CCPA rights, visit the California Attorney General's website.

You have the right to: - Access the personal data we hold about you - Request correction of inaccurate data - Request deletion of your account and data - Withdraw consent for location sharing at any time - Opt out of push notifications through device settings - Opt out of personalized ads by adjusting ad personalization in device settings - Disable location tracking by toggling location permissions in app settings - Manage or cancel subscriptions through app settings or device app store - Request data access or deletion by emailing privacy@mapqueue.com for GDPR/CCPA requests

For questions about this privacy policy or to exercise your data rights, contact us at privacy@mapqueue.com.