Privacy Policy
1. Who we are
This Privacy Policy explains how brieflylost (“we”, “us”, “our”) collects and uses your personal information when you use the brieflylost mobile app and related services (together, the “Service”).
If you have any questions about this policy or your data, email us at the address above.
2. What information we collect
We collect the minimum information needed to run the Service.
Information you provide
- Account details. When you sign up we store your email address and a hashed password through Firebase Authentication. We do not see or store your password in plain text.
- Search queries. When you ask brieflylost for a route (for example, “a scenic countryside drive to Brighton”), the text of that query is sent to our servers and to our language-model provider so a route can be generated.
- Subscription information. If you buy a premium subscription, the App Store or Google Play handles your payment. We never see your card details. We receive a confirmation that you are a paying subscriber, and we link that confirmation to your account.
Information collected automatically
- Location data. We use your device’s GPS location to plan routes and provide turn-by-turn navigation. Location is processed on your device and on our servers in real time. We do not build a long-term profile of your movements.
- Usage data. We log basic, anonymised events (for example: “a route was requested”, “the app crashed”) so we can fix bugs and improve the Service.
- Device information. Standard technical details such as device model, operating system version, and app version, used to support and debug the Service.
We do not collect: contacts, calendar events, photos, microphone input, or advertising identifiers. We do not show ads.
3. How we use your information
We use the information we collect to:
- Authenticate you and keep your account secure.
- Generate scenic route suggestions and provide turn-by-turn navigation.
- Track how many routes you have generated this month so we can apply free-tier and premium-tier limits fairly.
- Verify your subscription status and unlock premium features.
- Diagnose crashes and improve the Service.
- Communicate with you about the Service (for example, account or security notices).
We rely on the following lawful bases under UK GDPR:
- Performance of a contract — to provide the Service you signed up for.
- Legitimate interests — to keep the Service secure, prevent abuse of free-tier quotas, and improve the app.
- Consent — where the law specifically requires it (for example, certain telemetry features), which you can withdraw at any time.
4. Who we share information with
We do not sell your data. We share it only with the service providers we need to run the Service:
| Provider | What they receive | Why |
|---|---|---|
| Google Firebase (Authentication) | Email, account ID | Sign-up and sign-in |
| OpenAI | Your route query text and approximate location context | Generating natural-language route plans |
| RevenueCat | Anonymous account ID, subscription state | Managing premium subscriptions |
| Apple App Store / Google Play | Payment details | Processing subscription payments (we never see your card) |
| Stadia Maps | Map tile requests including approximate location | Displaying the map |
| Google Cloud (Cloud Run, Firestore) | Account ID, route metadata, usage counters | Running our backend and storing usage quotas |
Each of these providers acts as a processor or independent controller under their own terms. We have agreements in place that require them to protect your data.
We may also disclose information if we are required to by law, court order, or to protect the rights, property or safety of brieflylost, our users, or others.
5. International transfers
Some of our processors (notably OpenAI, RevenueCat, Apple, and Google) are based outside the UK and the EEA. When data is transferred internationally, we rely on the safeguards each provider offers — most commonly Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO) or equivalent.
6. How long we keep your data
- Account data. For as long as your account is active. If you delete your account from inside the app, we delete your authentication record immediately and remove your usage data within 30 days.
- Route queries and usage logs. Up to 12 months, after which we delete or fully anonymise them.
- Crash and diagnostic data. Up to 90 days.
- Billing records. As long as we are legally required to retain them (typically 6 years in the UK).
7. Your rights
If you are in the UK or EEA, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and the associated personal data.
- Restrict or object to certain processing.
- Data portability — receive your data in a machine-readable format.
- Withdraw consent at any time (where we rely on consent).
- Complain to the UK Information Commissioner’s Office (ico.org.uk) or your local data-protection authority.
You can delete your account directly inside the app: open the account menu and tap Delete Account. To exercise any other right, email [email protected]. We will respond within one month.
8. Children
brieflylost is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has given us personal information, please contact us and we will delete it.
9. Security
We protect your data with industry-standard measures: TLS encryption in transit, encryption at rest for our databases, restricted internal access, and regular security reviews. No system is perfectly secure, however, and we cannot guarantee absolute security.
10. Changes to this policy
If we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you in the app or by email before the changes take effect.