Terms & Conditions and Privacy Policy
Last updated: 2 July 2025
Last updated: 2 July 2025
By downloading, installing or using Passport (the "App") you enter into a legally binding contract with the provider named in Section 2 and agree to these Terms & Conditions ("Terms"). If you do not agree, do not use the App.
Fabian Gruß
Schneiderberg 29a, 30167 Hannover, Germany
Email: gruss.dev+passport@gmail.com
("we", "us", "our").
You may use the App only for personal, non‑commercial travel planning and in compliance with these Terms and all applicable laws. You must be at least 13 years old (or the minimum digital‑consent age in your country) to create an account.
For iOS users, your licence to use the App is governed by Apple's Standard Licence Agreement (https://www.apple.com/legal/internet-services/itunes/dev/stdeula/). For other platforms, we grant you a personal, non‑exclusive, non‑transferable, revocable licence to install and use one copy of the App on your device for its intended purpose.
All content, trademarks and software components of the App are owned by us or our licensors. Except as expressly permitted by law, you may not copy, modify, reverse‑engineer or create derivative works of the App or its content.
The App is currently free. If we later introduce in‑app purchases or subscriptions, Apple App Store or Google Play billing terms will apply. Prices will be shown in‑app before purchase. For EU consumers, digital content becomes available immediately after purchase; by completing the transaction you expressly waive the 14‑day withdrawal right.
If you are an EU consumer purchasing digital content, you have a statutory right to withdraw from the contract within 14 days unless you have consented to immediate performance and acknowledged the loss of that right. Apple and Google process such withdrawal (refund) requests directly; please use their respective support channels.
We strive for 99 % uptime but do not guarantee uninterrupted service. Support is provided via email at gruss.dev+passport@gmail.com within reasonable business hours (CET).
We are liable without limitation for intent and gross negligence. For slight negligence we are liable only for damages from injury to life, body or health, or for breaches of essential contractual obligations (cardinal duties). In the latter case, liability is limited to foreseeable damage typical for this type of contract. Mandatory statutory liability (e.g. under product‑liability laws) is unaffected.
These Terms are governed by German law, excluding its conflict‑of‑law rules and the UN CISG. If you are an EU consumer, you may also invoke mandatory consumer‑protection provisions of your country of residence. The European Commission provides an Online Dispute Resolution (ODR) platform at https://ec.europa.eu/consumers/odr. We are not obliged or willing to participate in alternative dispute‑resolution procedures before a consumer‑arbitration board.
We may update these Terms to reflect changes in the App or legal requirements. We will notify you of material changes by in‑app notice or email. Continued use after the effective date constitutes acceptance.
If any provision of these Terms is held invalid or unenforceable, the remaining provisions remain in full force.
Protecting your privacy and safeguarding your personal data is very important to us. This Privacy Policy explains what data we collect when you use the App, why we collect it, how we handle it, and the rights you have under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data‑protection laws worldwide.
This Policy applies to all versions of the App, our website(s) that link to it, and any related services (collectively, the "Services").
1. Account data. When you sign up via Sign in with Apple, we receive a hashed Apple ID, a private‑relay email address, your display name and—if you choose—a profile picture. We use this to create and authenticate your account and to let you log in on multiple devices. Legal basis: contract (Art. 6 (1)(b) GDPR).
2. Destination and trip data. You can save places you want to visit (name, address, latitude/longitude) and create trips (title, dates, notes). This is the core functionality of the App. Legal basis: contract.
3. Social‑interaction data. If you decide to collaborate with friends, we store connections, shared trips and destinations, and invite‑link status so you can see and edit plans together. Legal basis: contract.
4. Technical and device data. We automatically collect device tokens for push notifications, Firebase authentication tokens, Branch deep‑link parameters, IP address, device model and OS version to keep the Services secure, deliver notifications and open the correct in‑app views. Legal basis: legitimate interests (Art. 6 (1)(f) GDPR).
5. Location data (optional). Only when you actively choose "Use current location" while adding a destination will the App read your precise location to pre‑fill address fields. Legal basis: consent (Art. 6 (1)(a) GDPR).
6. Locally stored data. The App caches map tiles, images and other temporary files on your device for offline access and faster loading. Legal basis: contract.
We do not sell your data or use it for unsolicited marketing.
With friends you invite and who accept. When you connect, selected trip and destination details become visible to those friends until you revoke sharing.
With service providers under data‑processing agreements:
These providers act only on our instructions and implement appropriate safeguards.
For legal and safety reasons where required by law or to protect rights, property or safety.
Data is primarily stored on Google Cloud servers located in the European Union. Where it is transferred to countries that may not provide the same level of data protection (e.g. the United States), we rely on mechanisms such as the EU–US Data‑Privacy Framework or Standard Contractual Clauses to ensure adequate protection.
We keep personal data for as long as your account is active. If you delete your account, we retain your data for up to 30 days in case you change your mind, and delete backups within a further 30 days. Server logs used for security are kept for up to 90 days.
We use industry‑standard technical and organisational measures such as TLS encryption in transit, encryption at rest, least‑privilege access controls and regular security audits.
Inside the App you can:
The applicable data‑protection law grants you the following rights with respect to your personal data:
Right of access (Art. 15 GDPR). You may request confirmation as to whether personal data concerning you is processed, and, where that is the case, access to the data as well as information on the purposes of processing, the categories of data, the recipients, the envisaged retention period (or the criteria used to determine that period), the existence of automated decision‑making (including profiling), and the safeguards in place if data is transferred to third countries.
Right to rectification (Art. 16 GDPR). You may obtain the immediate correction of inaccurate personal data or the completion of incomplete personal data stored by us.
Right to erasure (Art. 17 GDPR). You may request deletion of your personal data where the statutory grounds apply, in particular if the data is no longer necessary, you have withdrawn consent, or you have objected to processing. This right may be limited, for example, where processing is required for the exercise of freedom of expression, compliance with a legal obligation, or the establishment, exercise or defence of legal claims.
Right to restriction of processing (Art. 18 GDPR). You may request restriction of processing while we verify the accuracy of data you contest; where processing is unlawful but you oppose deletion; where we no longer need the data but you require it for legal claims; or where you have objected to processing pending verification of overriding legitimate grounds.
Right to information (Art. 19 GDPR). If you have exercised the rights of rectification, erasure or restriction of processing, we will communicate any action taken to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.
Right to data portability (Art. 20 GDPR). You have the right to receive the personal data you have provided to us in a structured, commonly used and machine‑readable format and to transmit that data to another controller where technically feasible.
Right to withdraw consent (Art. 7 (3) GDPR). You may withdraw your consent at any time with effect for the future. Processing that took place before the withdrawal remains lawful.
Right to lodge a complaint (Art. 77 GDPR). You can lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
Depending on your jurisdiction, you may have additional rights under local law (e.g., CCPA rights to know, delete and opt‑out). To exercise any of these rights, please contact us at gruss.dev+passport@gmail.com.
The Services are not directed to children under 13, and we do not knowingly collect personal data from them. If we learn that we have inadvertently collected such data, we delete it promptly.
We may update this Policy from time to time. Material changes will be announced in the App or via email, and the "Last updated" date will be revised accordingly.
If you have questions or concerns about this Privacy Policy or our data‑handling practices, please contact us at gruss.dev+passport@gmail.com.
© Fabian Gruß. All rights reserved.