Zen Lane — Privacy Policy

ZEN LANE — PRIVACY POLICY

Byte Caliper S.R.L.

At Zen Lane, we believe your driving data belongs to you. Our "Privacy by Design" approach ensures that your detailed trip history stays on your device, not our servers. This policy explains how we handle the limited data we do collect to make the app work.

1. DATA WE COLLECT AND WHY

We process different categories of data depending on how you use the App:

Account Information

When you register, we collect your email address and username.

Purpose: To manage your account, provide Pro subscription features, and allow Friends to identify you.
Legal Basis: Performance of a contract.

Real-Time Trip Data (Ephemeral)

If you enable "Live Sharing," we temporarily process your GPS location, speed, and driving metrics.

Purpose: To stream your live progress to your connected Friends.
Data Flow: This data is encrypted in transit and held in volatile server memory only. It is automatically deleted when the trip ends or after 24 hours.
Legal Basis: Your explicit consent.

Device and Technical Data

We collect basic info like your device model, OS version, and IP address.

Purpose: For security, fraud prevention (detecting spoofing), and app optimization.
Legal Basis: Legitimate interest.

2. DATA WE DO NOT COLLECT (LOCAL STORAGE)

Unlike many navigation apps, Zen Lane does not upload your historical Trip Data to our servers. Your full trip history, maps of past routes, and detailed sensor logs are stored locally on your Android device. We cannot see, sell, or recover this data if you delete the app or lose your phone. You are responsible for the security of your device.

3. LOCATION PERMISSIONS

To function, Zen Lane requires the "While using the app" location permission. This permission allows the app to access your location only while you have Zen Lane open and a trip is in progress.

Control: You can revoke this at any time in Android Settings, but the app will stop recording trips.
Sensitivity: We treat location data as sensitive personal data.

4. DATA SHARING AND RECIPIENTS

We do not sell your data. We only share data in the following scenarios:

With Your Friends: Only the data you choose to share via the Live Sharing feature.
Service Providers: We use infrastructure providers (like cloud hosting) to transmit Real-Time Data. These "processors" are bound by strict data protection agreements.
Legal Obligations: If required by Romanian or EU law (e.g., a valid court order).

5. THIRD-PARTY SERVICES & SDKs

To provide essential app functionality, we integrate specialized Software Development Kits (SDKs). These providers act as "Data Processors" and may process limited technical data (such as IP addresses and device IDs):

Maps & Navigation: We use MapLibre to render maps and provide search results. Map tiles are served by OpenFreeMap, which may process your IP address and request metadata to deliver map tiles.
Stability & Performance: We use Firebase Crashlytics (Google) to identify bugs. This service collects "crash logs" which contain technical info about your device state at the time of an error, but does not include your GPS trip history.
Subscription Management: Payments are processed exclusively through the Google Play Store. We receive confirmation of your "Pro" status but never see your credit card or billing details.

All third-party providers are vetted for GDPR compliance and are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) where data is processed outside the EEA.

6. DATA RETENTION

Data Type	Retention Period
Trip History	Indefinite (only on your device; 0 days on our servers).
Real-Time Data	Max 24 hours (deleted immediately after trip ends).
Account Data	Duration of account + up to 36 months after deletion (for legal/fraud purposes).

7. YOUR GDPR RIGHTS

As a user in the European Economic Area (EEA), you have the following rights:

Right to Access: Request a copy of the Account Data we hold about you.
Right to Erasure: Request that we delete your account and associated server data.
Right to Withdraw Consent: Stop live sharing or location tracking at any time.
Right to Lodge a Complaint: Contact the Romanian ANSPDCP (www.dataprotection.ro) if you believe we are mishandling your data.

8. CHILDREN'S PRIVACY

Our Services are directed to individuals who are at least 18 years of age. We do not knowingly collect or solicit personal data from anyone under 18. If we learn that we have collected personal data from a child under 18 without verifiable parental consent, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us with personal data, please contact us at zenlane-contact@bytecaliper.com.

9. INTERNATIONAL TRANSFERS

We primarily store and process data within the European Union. If any sub-processor transfers data outside the EEA, we ensure "Standard Contractual Clauses" (SCCs) are in place to maintain EU-level protection.

10. SECURITY

We use TLS 1.2+ encryption for all data transmitted between your device and our servers. Because your trip history is stored locally, we recommend using Android's built-in encryption and a strong biometric/PIN lock to protect your data from physical theft.

11. CONTACT US

For any privacy-related requests or to exercise your rights:

Email: zenlane-contact@bytecaliper.com