DryLane logoDryLane

Privacy Policy

DryLane  |  Last updated: 19 May 2025  |  Effective date: 19 May 2025

This policy explains what personal data DryLane collects, why, how long it is kept, who it is shared with, and the rights you have over it. We have written it in plain language. If anything is unclear, email us at support@drylane.app.

1. Who we are and how to contact us

DryLane is a motorcycle route planning application operated by Alin Avram, an individual developer based in Romania (EU). Alin Avram acts as the data controller for personal data processed through the DryLane app and website.

Data controller contact:
Alin Avram – DryLane
Romania
Email: support@drylane.app

For all privacy and data protection enquiries, including exercising your rights, please use the email above. We will respond within 30 days (or 90 days for complex requests, with notice given within the initial 30 days).

2. What data we collect and why

The table below lists every category of personal data we process, why we process it, and the legal basis under GDPR.

CategorySpecific data pointsPurposeLegal basis (GDPR Art. 6)
Account dataEmail address, first name, last name, account creation date, account UIDCreating and managing your user account; sending transactional emails (e.g. password reset)Art. 6(1)(b) — performance of contract
Location dataGPS coordinates (approximate and precise), last known position cached on deviceCalculating routes from your current position; displaying your location on the mapArt. 6(1)(a) — consent (granted via OS permission prompt)
Route dataWaypoints (origin, destination, intermediate stops), route name, departure time, saved route contentProviding the route planning service; storing saved routes at your requestArt. 6(1)(b) — performance of contract
Usage / quota dataDaily route request count, date of last request, subscription tierEnforcing free-tier limits; unlocking Premium featuresArt. 6(1)(b) — performance of contract
Subscription dataSubscription tier (free / premium), entitlement status from RevenueCatVerifying premium entitlements; enabling tier-appropriate featuresArt. 6(1)(b) — performance of contract
Device / technical dataDevice platform (iOS / Android), app version, OS versionPlatform-specific SDK configuration (RevenueCat, Firebase)Art. 6(1)(f) — legitimate interest (app functionality and security)
App preferencesTheme preference, dismissed warnings, cached location, route cache keysPersisting your in-app settings between sessions; caching routes and locations to reduce API callsArt. 6(1)(b) — performance of contract
Search queriesAddress search strings entered in the origin/destination fieldsGeocoding address searches via Mapbox; short-lived in-memory cache (session only, not stored)Art. 6(1)(b) — performance of contract

We do not collect:

  • Payment card numbers or billing details (handled entirely by Apple / Google);
  • Background location when the app is not in use;
  • Voice, camera, or microphone data;
  • Contacts or other device data;
  • Precise movement history or continuous tracking logs.

3. Legal bases for processing (GDPR)

We rely on the following legal bases under Article 6 of the GDPR:

  • Contract (Art. 6(1)(b)): Most processing is necessary to provide the Service you signed up for — account management, route calculation, saved routes, and subscription enforcement.
  • Consent (Art. 6(1)(a)): Precise GPS location is only accessed after you grant permission through your device's operating system prompt. You can withdraw consent at any time by revoking the location permission in your device settings. Withdrawal does not affect prior processing.
  • Legitimate interests (Art. 6(1)(f)): We process basic device and technical data to ensure the app functions correctly and securely. Our legitimate interest does not override your fundamental rights — you may object at any time (see Section 10).
  • Legal obligation (Art. 6(1)(c)): We may retain certain records if required by Romanian or EU law (e.g. tax records for paid transactions).

4. Location data

Location is the most sensitive data the app uses. Here is exactly how it works:

  • Location is requested only when you open the app and only to the accuracy needed for routing (medium accuracy).
  • The last known GPS fix is cached locally on your device (SharedPreferences) so the map can show your position on next launch without waiting. This data never leaves your device.
  • When you set a route origin, the coordinates of your position are sent to our routing provider (Mapbox, via a Firebase Cloud Function) solely to calculate the route. Mapbox processes these coordinates under its own privacy policy.
  • We do not store your location history on our servers. Firestore does not receive raw GPS coordinates.
  • You can clear the cached location at any time by tapping the X next to the origin field in the app.

5. How long we keep your data

DataRetention periodReason
Account data (name, email, UID)Until you delete your account, plus up to 30 days for backup purgingRequired for the Service
Saved routesUntil you delete them or delete your accountUser-controlled content
Route quota counterResets daily; deleted on account deletionLimit enforcement
Route cache (device)24 hours (TTL), stored locally on device onlyReducing API calls
Weather cache (device)30 minutes (TTL), stored locally on device onlyReducing API calls
Last known location (device)Overwritten on next GPS fix; cleared on account deletion or manuallyMap initialisation
Firebase Authentication logsPer Google's retention policy (typically 90 days for logs)Authentication security
Subscription records (RevenueCat)Per RevenueCat's retention policy; may be kept for legal/tax purposesPurchase verification, tax compliance

When you delete your account we will delete or anonymise all Firestore data associated with your UID within 30 days. Some data held by third-party processors (Firebase, RevenueCat) may be subject to their own retention schedules.

6. Who we share your data with

We do not sell your personal data. We share data only with the service providers necessary to operate the app ("data processors"), under appropriate data processing agreements:

ProcessorRoleData sharedPrivacy policy
Google Firebase (Google LLC)Authentication, database (Firestore), Cloud FunctionsEmail, UID, name, saved routes, quota datapolicies.google.com/privacy
Mapbox (Mapbox, Inc.)Maps, routing, geocodingRoute waypoints (via server-side proxy), search queries, map tile requestsmapbox.com/legal/privacy
WeatherAPI.comWeather forecast dataGeographic coordinates along the route (no account data)weatherapi.com/privacy.aspx
RevenueCat (RevenueCat, Inc.)Subscription managementFirebase UID, device platform, purchase receipts (received from Apple/Google)revenuecat.com/privacy
Apple Inc.App distribution, in-app billing (iOS)Governed entirely by Apple's policiesapple.com/legal/privacy
Google LLCApp distribution, in-app billing (Android)Governed entirely by Google's policiespolicies.google.com/privacy

We may disclose personal data to law enforcement or government authorities if required to do so by applicable law, court order, or to protect the rights, property, or safety of DryLane, our users, or the public.

7. International data transfers

Some of our third-party processors are based in the United States. When personal data is transferred from the EU/EEA to the US or other third countries, we ensure the transfer is protected by one or more of the following safeguards:

  • Adequacy decision – the European Commission has determined that the destination country provides adequate protection; or
  • Standard Contractual Clauses (SCCs) – the processor has signed the European Commission's approved SCCs (2021 version); or
  • EU-US Data Privacy Framework – the processor is certified under the DPF where applicable (Google, Mapbox, RevenueCat).

You can request a copy of the applicable safeguards by emailing support@drylane.app.

8. Cookies and local storage

The DryLane mobile app does not use browser cookies. It uses SharedPreferences (Android) and equivalent local storage (iOS) to store app preferences, route caches, and the last known location entirely on your device. This data is never transmitted to our servers.

The DryLane website (drylane.app) may use essential cookies required for the website to function (e.g. session state). If we add analytics or marketing cookies in the future, we will update this policy and obtain consent where required.

9. Children's privacy

The Service is not directed at children under 16 years of age (or the applicable minimum digital consent age in your country). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at support@drylane.app and we will delete it promptly.

10. Your rights

Depending on where you live, you have the following rights over your personal data. To exercise any of them, email support@drylane.app with the subject line "Privacy Rights Request". We will verify your identity before acting and respond within 30 days.

EU / EEA residents (GDPR)

  • Access (Art. 15): Receive a copy of all personal data we hold about you and information about how it is processed.
  • Rectification (Art. 16): Correct inaccurate or incomplete data.
  • Erasure / "right to be forgotten" (Art. 17): Request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
  • Restriction (Art. 18): Ask us to pause processing while a dispute is resolved.
  • Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (JSON/CSV) and transfer it to another controller.
  • Object (Art. 21): Object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
  • Withdraw consent: Revoke location permission at any time via your device settings. This does not affect processing already carried out.
  • Supervisory authority complaint: You may lodge a complaint with the Romanian data protection authority:
    ANSPDCP – Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
    Website: dataprotection.ro  |  Email: anspdcp@dataprotection.ro

UK residents (UK GDPR / DPA 2018)

You have the same rights as EU residents above. You may also lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint

California residents (CCPA / CPRA)

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: Request deletion of your personal information, subject to exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioural advertising.
  • Right to non-discrimination: We will not discriminate against you for exercising any CCPA right.

To exercise California rights, email support@drylane.app with subject "CCPA Request".

Brazil residents (LGPD)

Brazil's Lei Geral de Proteção de Dados (LGPD) grants you rights similar to GDPR, including access, correction, deletion, portability, and the right to object to processing. To exercise any of these rights, email support@drylane.app. You may also lodge a complaint with Brazil's national data protection authority, ANPD (Autoridade Nacional de Proteção de Dados) at gov.br/anpd.

Canada residents (PIPEDA)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access personal information we hold about you and to challenge its accuracy. To make a request, email support@drylane.app. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

Australia residents (Privacy Act 1988)

Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to access and correct personal information we hold about you. To make a request, email support@drylane.app. If you are not satisfied, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Other US state residents

Residents of Virginia, Colorado, Connecticut, Texas, and other US states with applicable privacy laws may have rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of certain processing. We do not sell personal data. To exercise your rights, email support@drylane.app.

Other jurisdictions

Residents of other countries may have additional rights over their personal data under local law. Regardless of where you are located, you can always contact us at support@drylane.app to access, correct, or delete your data and we will respond in good faith.

11. Security

We take reasonable technical and organisational measures to protect your personal data, including:

  • Firebase Authentication for secure account management (tokens, not passwords, stored on device);
  • Firestore security rules that restrict each user's data to their own UID;
  • Routing API key stored server-side only (Firebase Cloud Function) — never shipped in the app binary;
  • HTTPS for all network communication;
  • No payment data ever reaches our servers.

No system is completely secure. In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy in the App or by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

Your continued use of the Service after the effective date constitutes acceptance of the revised policy. If you do not accept the changes, you must stop using the Service and delete your account.

13. Contact and complaints

For any privacy question, rights request, or complaint, contact us first — we prefer to resolve issues directly before they escalate:

DryLane — Data Controller
Alin Avram
Romania
Email: support@drylane.app
Website: https://drylane.app

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (see Section 10).

© 2025 DryLane. All rights reserved.