Privacy Policy

Kaleido Travel · Last updated: 29 April 2026 · Effective date: 29 April 2026

    Plain-English summary: Kaleido Travel helps you log journeys and discover places. We collect your location while the app is in use, your account details, and the tips/photos you choose to share. We do not sell your data. You can delete your account and all your data at any time.
  

1. Who We Are

Kaleido Travel ("Kaleido", "we", "us", or "our") is operated by James van den Hoorn, an independent developer. Our contact email is jamievan44@hotmail.com.

This Privacy Policy explains how we collect, use, share, and protect information about you when you use the Kaleido Travel mobile application ("App") and any related services (collectively, the "Services").

2. Information We Collect

2.1 Information you provide

Account details: email address, display name, and optional profile photo when you sign up (via email/password or Google Sign-In).
Travel content: journey names, place visits (stops), text tips, ratings, star reviews, voice recordings, and photos you choose to upload.
Preferences: unit system (metric/imperial), notification preferences, travel style tags, and privacy settings for your journeys.

2.2 Information collected automatically

Precise location (GPS): When you have an active journey, the App records GPS coordinates to detect stops and calculate distance. Location is used only while the App is open (foreground) unless you have granted background location permission for automatic stop detection.
Device identifiers: Push notification token (APNs on iOS) used solely to deliver notifications you have enabled.
Usage data: Contribution statistics (journey count, tip count, points earned), notification delivery and interaction events, and anonymous API usage counters stored locally on your device. We do not use third-party advertising SDKs or analytics platforms.
Crash and error reports: If Sentry error monitoring is enabled in your build, anonymised crash stack traces are sent to Sentry, Inc. (USA). No personally identifiable information is included in these reports.

2.3 Information from third parties

Google Sign-In: If you choose to sign in with Google, we receive your email address, display name, and profile photo URL from Google.
Google Places API: When the App detects you at a location, it queries Google Places to identify the venue. We store the resulting venue name, place ID, address, and category in our database.

3. How We Use Your Information

Purpose	Data used	Legal basis (GDPR)
Provide and personalise the Services	Account details, location, travel content	Contract performance
Detect stops and build your journey timeline	GPS coordinates	Contract performance
Show community tips and venue information	Content you submit (made public per your privacy setting)	Contract performance / Legitimate interests
Award points, badges, and leaderboard ranking	Contribution statistics	Contract performance
Send push notifications (journey prompts, milestones)	Push token, notification preferences	Consent
Improve and debug the App	Crash reports (anonymised)	Legitimate interests
Comply with legal obligations	Any relevant data	Legal obligation

We do not use your data for advertising, profiling for third-party marketing, or automated decision-making with legal or similarly significant effects.

4. How We Share Your Information

We do not sell your personal data. We share data only as follows:

4.1 With other users

Tips, photos, and reviews you submit are visible to other Kaleido users by default. Your username is shown alongside your public content. You can set individual journeys to Private, in which case their content is not shared.

4.2 With service providers

Provider	Purpose	Location
Google Firebase (Firestore, Storage, Auth, Cloud Functions, FCM)	Database, file storage, authentication, server-side logic, push delivery	USA / EU (multi-region)
Google Places API	Venue identification and enrichment	USA
Viator (TripAdvisor subsidiary)	Display tour and activity listings near venues	USA
Sentry, Inc. (optional)	Crash reporting	USA

All providers are bound by data processing agreements and are required to protect your data in accordance with applicable law.

4.3 Legal requirements

We may disclose your data if required by law, court order, or to protect the rights, property, or safety of Kaleido, our users, or the public.

5. Location Data

Location is the core feature of Kaleido. Here is exactly how we handle it:

GPS coordinates are collected only when you have an active journey or when you open the "Now" tab.
Raw GPS points are used to detect stop clusters and calculate distance; they are not stored individually in our database — only the inferred stop locations are saved.
Your current location (as a geohash) is written to your user document so nearby community content can be retrieved. It is overwritten in place and is not logged as a history.
You can stop location collection at any time by ending your journey or revoking location permission in iOS Settings.

6. Permissions We Request

Permission	Why we need it
Location (when in use)	Detect stops and show nearby venues on the Now tab
Location (always / background)	Optional — only requested to enable automatic stop detection while app is backgrounded
Camera	Take photos to attach to tips, stops, and reviews
Photo library	Select existing photos to attach to content
Microphone	Record voice tips and notes
Push notifications	Journey milestone alerts, community interaction notifications

You can revoke any permission at any time in iOS Settings → Kaleido Travel. The App will continue to function with reduced features.

7. App Tracking Transparency (iOS)

Kaleido Travel does not track you across other companies' apps or websites for advertising purposes. We request the App Tracking Transparency permission solely because certain third-party SDKs (such as Firebase) include it in their standard integration. Our App is declared as using only standard/exempt encryption and does not share data with advertising networks.

8. Data Retention

Account and content data: Retained until you delete your account. Upon deletion, your profile, journeys, stops, and contributions are permanently removed from our live database within 30 days.
Backups: Firebase automated backups may retain deleted data for up to 35 days before expiry.
Push tokens: Deleted when you sign out or delete your account.
Crash reports: Retained by Sentry for 90 days.

9. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate data (you can do this directly in the App's profile settings).
Erasure: Delete your account and all associated data (via Settings → Delete Account, or by emailing us).
Portability: Request your data in a machine-readable format.
Restriction / Objection: Object to or restrict certain processing activities.
Withdraw consent: Withdraw notification consent at any time in iOS Settings.

To exercise any right, email jamievan44@hotmail.com. We will respond within 30 days. If you are in the UK or EU and believe we have handled your data incorrectly, you may lodge a complaint with the ICO (UK) or your local supervisory authority.

10. Children's Privacy

Kaleido Travel is not directed to children under the age of 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. International Transfers

Our infrastructure (Firebase) is operated by Google LLC, based in the USA. Data transferred outside the UK/EEA is protected by Google's standard contractual clauses approved by the European Commission. A copy of these safeguards is available at firebase.google.com/support/privacy.

12. Security

We use Firebase Security Rules to enforce authentication-gated access to all personal data. All data is transmitted over TLS. API keys are stored as environment variables and are never embedded in the client app bundle in plain text. Despite these measures, no system is perfectly secure; please use a strong password and keep your device secure.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify you via a push notification or in-app alert if the changes are material. Continued use of the App after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or your data, please contact:

James van den Hoorn
Kaleido Travel
Email: jamievan44@hotmail.com