Privacy Policy

Last updated: March 24, 2026

1. What GeoJrnl Does

GeoJrnl is a personal travel journal that helps you visualize your trips on an interactive map. You can create trips manually or import them automatically from connected services like Strava, Google Calendar, and your device's photo library.

2. Data We Collect

  • Account information — email address and password (managed by Supabase Auth).
  • Trips, places, moments — content you create within the app.
  • Photos — images you upload or sync from your device. Stored in private cloud storage accessible only to you.
  • Strava data — when you connect Strava, we import activity metadata (name, date, distance, start location) and summary polylines. We store these as route geometry in your account. We do not access or store segment data, leaderboards, social data, or any data from other athletes.
  • Google Calendar data — when you connect Google Calendar, we fetch event titles, dates, locations, and descriptions to identify travel-related events. Events are processed by AI (Claude Haiku) to classify them as trips. Calendar data is not stored after processing — only the resulting trip records are kept.
  • Home location — an optional lat/lng you set to filter out everyday activities near home. Stored in your account settings.

3. How We Use Your Data

  • To display your trips, routes, and photos on your personal map.
  • To cluster activities into trips based on date and geographic proximity.
  • To classify calendar events as travel using AI (Claude Haiku). Only calendar event data is sent to the AI — never Strava data, photos, or personal information.
  • To generate trip names via reverse geocoding (Nominatim, OpenStreetMap).

4. Data Sharing

We do not sell, rent, or share your data with third parties. Your data is never used for advertising. The only ways your data leaves your account:

  • Share links — you can optionally create public share links for individual places. These show only the place details you choose to share. Routes and Strava data are never included in share links.
  • ZIP export — you can export your journal as a portable ZIP file. This is your data, delivered to you.

5. Strava Integration

  • We request the activity:read_all scope to access your activities, including private ones that may be part of your trips.
  • We store OAuth tokens securely server-side. Tokens are never exposed to the browser.
  • Token refresh is handled automatically on expiry.
  • We do not use Strava data for AI training, machine learning, or any automated decision-making.
  • We do not display Strava data from other athletes — only your own activities.
  • Disconnecting: When you disconnect Strava (from GeoJrnl settings or from strava.com/settings/apps), we immediately revoke your tokens and delete all Strava-sourced route data from our database.
  • We handle Strava deauthorization webhooks to ensure data is deleted even if you revoke access from Strava directly.

6. Google Calendar Integration

  • We request the calendar.readonly scope.
  • Calendar events are fetched, processed for trip classification, and then only the resulting trip records are stored. Raw calendar data is not persisted.
  • Disconnecting removes your stored tokens. Trip records created from calendar data are retained as part of your journal.

7. Data Storage & Security

  • All data is stored in Supabase (PostgreSQL + cloud storage) with Row Level Security (RLS) enforced — you can only access your own data.
  • All connections use HTTPS/TLS encryption in transit.
  • OAuth tokens are stored server-side only and are never included in client-side code or API responses.

8. Data Retention & Deletion

  • Your data is retained for as long as your account exists.
  • You can delete individual trips, places, moments, and photos at any time.
  • You can export all your data as a ZIP file at any time.
  • Disconnecting a service (Strava, Google Calendar) deletes the associated tokens and, for Strava, all imported route data.
  • Deleting your account removes all your data from our systems.

9. Your Rights (GDPR)

You have the right to:

  • Access your data — use the ZIP export feature.
  • Rectify your data — edit any trip, place, or moment.
  • Delete your data — delete individual items or your entire account.
  • Port your data — the ZIP export produces standard Markdown + image files.
  • Withdraw consent — disconnect any integrated service at any time.

10. Contact

For privacy questions or data requests, contact us at privacy@geojrnl.com.