We value your privacy and design MeTrail around an “offline-first, minimum data” principle. This policy reflects the real permissions the app uses and how its architecture keeps your data in your hands.

What we don’t do

  • No account is required; we don’t create identities or collect personally identifiable information.
  • No third‑party ads or analytics SDKs; we never sell or share your data.
  • No server-side storage of your visits, locations, photos, or notes unless you explicitly turn on iCloud sync.

How we use permissions

  • Location (Always + Precise): Enables background Visits logging, keeps Today/Footprints maps centered, and maintains geofence accuracy. With “While Using,” only manual pinpointing and basic map display work; continuous trip recording is not available.
  • Notifications: Used for arrival/departure alerts and status tips, enabled only after your consent and can be turned off anytime in system settings or More > Settings > Notification Settings.
  • Photos (read & add): Read to attach photos to places/visits; Add Photos to save share cards or exports to your library when you choose “Save to Photos.” No writes occur unless you trigger a save.
  • File access / iCloud Drive: Used only when you initiate export or backup, to write archives into Files or your personal iCloud Drive.
  • Network access: Runs offline by default. Online calls are limited to (1) iCloud/CloudKit sync if you enable it, and (2) Apple reverse geocoding to turn coordinates into place names. No other external endpoints.

Data storage and sync

  • Local: Visits, locations, attachments, and logs stay in the device’s encrypted sandbox (Core Data + file system).
  • Cloud: Only if you enable iCloud in More > Settings > Sync Settings; data goes to your private iCloud database that we cannot access.
  • Export: Advanced Export writes to a temp directory then hands off to the iOS share sheet; the app keeps no copy afterward.

Logs and diagnostics

  • Logs stay on-device by default and contain debug info and error codes, not sensitive content.
  • You may export logs for self-help or support; nothing leaves the device unless you do so.

Your control

  • Revoke any permission in system settings; related features degrade or turn off automatically.
  • Delete local data or back up/restore via iCloud Drive at any time; when sync is off, everything remains on-device only.

If you have questions about this policy or how permissions are used, please contact us via in-app feedback.