Privacy Policy
Effective May 20, 2026 · Last updated May 20, 2026
ADV Vet ("we", "us", "the app") is an adventure-motorcycle ride logger built for veteran riders. This policy explains what we collect, why, who else touches your data, and the controls you have. We try to keep this short and free of legal weasel-words.
If anything here is unclear, email privacy@advvet.app and a real human will reply.
1. Who we are
ADV Vet is a mobile application for iOS and Android, distributed via the Apple App Store and Google Play. The data controller is ADV Vet (operator of the app). Contact: privacy@advvet.app.
We are a small team. There is no third-party analytics, no ad network, no data broker, and no "partner sharing" of your personal data.
2. What we collect, and why
2.1 Account data
- Email address — required to sign in and recover your account.
- Display name — required so other riders can see who posted a ride or comment.
- Password — stored hashed by our auth provider (Supabase). We never see your plaintext password.
- Sign-in identifier if you use Sign in with Apple or Sign in with Google — limited to the unique user ID returned by Apple / Google.
2.2 Profile data (you choose what to add)
- Bike year, make, model, color (optional).
- Bike photo (optional).
- Avatar photo (optional).
- Service branch (optional). Edit or remove at any time in Settings → Account.
2.3 Ride data (only when you tap "Start Ride")
- Precise GPS location sampled while a ride is active. Used to draw your path, compute distance, compute elapsed time, detect National Parks crossed, and generate route cards if you publish or share.
- Background location is optional and asked separately. Decline and the app still records rides while the screen is on.
- We stop tracking the moment you tap End Ride or Pause, and auto-pause after ~12 minutes of no movement.
2.4 User-generated content
- Group rides you create or join.
- Route names, descriptions, waypoints, and polylines for routes you publish.
- Comments and photos you post on routes or group rides.
- Star ratings you leave on routes.
- Reports and blocks you submit.
2.5 Device data
We do not collect device identifiers, IDFA, advertising IDs, or any cross-app tracking signals. ADV Vet does not request App Tracking Transparency permission. The OS records app crashes through Apple's standard reporting; we may view aggregate crash stack traces inside App Store Connect.
3. Who we share data with
We share the minimum needed to make a feature work. None of these companies receives your data for their own marketing or profiling.
- Supabase — Postgres + Auth + Storage + Edge Functions (our backend).
- OSRM — snap-to-road during route planning.
- Photon / Komoot — address autocomplete.
- National Park Service API — identify parks crossed during a ride.
- OpenWeather — local weather on ride cards.
- NHTSA vPIC — decode motorcycle model lists during sign-up.
- Overpass / OpenStreetMap — background map tiles.
- Anthropic (via our Edge Function) — optional AI-generated trip log; your Anthropic key stays on our server.
- Apple / Google Maps / DMD2 — only data you explicitly hand off via "Open in Maps" / "Share GPX".
- Apple / Google — Sign in with Apple / Google identity assertion.
We never sell your personal data. We never share it for cross-context behavioral advertising.
4. Where data lives
Server-side data is stored in our Supabase project, hosted in the US region. Supabase encrypts at rest and in transit. Local data on your device — drafts, in-progress rides, cached profile, session tokens — lives in iOS Keychain / Android Keystore (tokens) and app-private storage (caches), sandboxed by the OS.
5. Your rights and how to use them
You can do all of these inside the app:
- See / edit your profile: Settings → Account.
- Stop background or all location: iOS Settings → ADV Vet → Location.
- Delete your account and all your data: Settings → Delete Account.
- Delete a single ride, comment, or group ride: long-press / overflow.
- Report another user's content or block them: three-dot icon on comments and rides.
Tapping Delete Account immediately and permanently deletes your auth record, profile, rides, routes, comments, group rides, follow graph, and all storage objects keyed to your user ID. There is no "deactivated" state. This is irreversible.
EU/UK residents have GDPR rights of access, rectification, erasure, restriction, portability, and objection. California residents have CCPA rights of access, deletion, and the right to opt out of "selling" or "sharing" (we do neither). Email privacy@advvet.app for help — we respond within 30 days.
6. Moderation and reports
The app contains user-generated content. Apple App Store Guideline 1.2 requires us to give every user a way to report content and block other users. Both controls are on the three-dot icon attached to every comment and group ride. We review reports within 24 hours.
7. Children
ADV Vet is not directed to children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, email privacy@advvet.app and we will delete the account.
8. Security
Sessions are stored in the iOS Keychain / Android Keystore. All network traffic uses HTTPS (TLS 1.2+). Server-side data access is gated by Postgres Row-Level Security. We rate-limit content writes per user. If you spot a vulnerability, email security@advvet.app.
9. Changes to this policy
If we materially change what we collect or who we share with, we will update this page, bump the Last updated date, and surface a notice in the app on next launch.
10. Contact
General privacy: privacy@advvet.app · Security: security@advvet.app · Support: support@advvet.app
Ride safe.