Privacy Policy
Last updated: January 2026
1. Information We Collect
We collect information you provide directly to us when you create an account, create or share gear lists and trip plans, use emergency features, or communicate with us. This may include your name, email address, phone number, emergency contact details, trip itineraries, gear lists, GPS coordinates, check-in data, and any other information you choose to provide through the service. Google OAuth Authentication: When you sign in with Google, we collect your email address, name, and profile picture from your Google account. This information is used solely for account creation, authentication, and personalization of your Trailkeep experience. We do not access any other Google services or data from your Google account beyond basic profile information required for login. We also automatically collect certain technical information when you access Trailkeep, including: IP address, device type, browser type, operating system, and general geographic location (country/region). This data is collected through essential cookies and server logs to ensure security and proper functioning of the service.
2. How We Use Your Information
We use the information we collect to: provide, maintain, and improve our services; communicate with you about your account and service updates; personalize your experience with Trailkeep; enable trip sharing and emergency features; facilitate communication between you and your emergency contacts; ensure security and prevent fraud; and comply with legal obligations. Technical data collected through essential cookies and logs is used solely to maintain service functionality, security, and to troubleshoot issues.
3. Emergency Data Sharing and Safety QR
When you activate Overdue Alerts, share trip plans via links, or display your Safety QR: Your trip data, personal information, and emergency details become accessible to anyone with the Safety QR, shared link, or access to your emergency information. This may include Search and Rescue teams, park rangers, parking attendants, other hikers, emergency contacts, or any other third party who encounters your Safety QR or shared links. Trailkeep has NO CONTROL over who accesses your shared data, how they use it, or what they do with it. Trailkeep is NOT RESPONSIBLE for how third parties access, use, store, or share your emergency data. Shared data may remain publicly accessible until you manually deactivate sharing or delete the information. By using emergency features, you explicitly consent to this data sharing and acknowledge the risks.
4. Information Sharing and Disclosure
Beyond emergency and trip sharing features, we do not sell your personal information to third parties. We may share your information with: service providers who perform services on our behalf, including hosting providers (Supabase), content delivery networks (Cloudflare), and email delivery services (Resend); law enforcement or government agencies when required by law, subpoena, court order, or legal process; other parties when we believe disclosure is necessary to protect our rights, your safety, or the safety of others; or in connection with a merger, acquisition, or sale of assets, where your information may be transferred to the acquiring entity.
5. Data Security
We take reasonable technical and organizational measures to help protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data, especially in emergency situations, during transmission, or when accessed via shared links or Safety QR.
6. No Guarantee of Data Availability
Your trip data, emergency information, Safety QR, and all other data stored in Trailkeep may be unavailable, inaccessible, or lost at any time due to: server outages, maintenance, or technical failures; database corruption or errors; security breaches or cyberattacks; account termination (voluntary or involuntary); service discontinuation or shutdown; force majeure events; or any other technical or operational issues. Trailkeep is NOT RESPONSIBLE for data loss, unavailability, or inaccessibility under any circumstances. DO NOT rely on Trailkeep as your only source of trip plan backup or emergency information. Maintain offline copies of all critical trip data, emergency contacts, and safety information.
7. Your Choices and Data Rights
You can access, update, and manage certain information about you from within your Trailkeep account settings. You may request to have your account and associated data deleted by contacting us at info@trailkeep.com. Please note that some information may be retained for legal compliance, dispute resolution, or legitimate business purposes. Depending on your location, you may have additional rights under data protection laws such as GDPR or CCPA, including rights to access, correction, deletion, and data portability. Contact us to exercise these rights.
8. Cookies and Tracking Technologies
We currently use only essential cookies required for Trailkeep to function. These include: authentication cookies (via Supabase and Google OAuth) to keep you logged in and secure your session; and security cookies (via Cloudflare) for DDoS protection, bot detection, and load balancing. These cookies are strictly necessary for the service to operate and do not track your browsing activity across other websites. We do not currently use advertising cookies, tracking pixels, or third-party analytics services. If we implement analytics or tracking services in the future, we will update this policy and provide appropriate notice and consent mechanisms where required by law. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using Trailkeep.
9. Third-Party Services and Links
Trailkeep uses third-party services to deliver and improve our platform. These include: Supabase (database hosting and authentication) which stores your account data and manages login sessions; Cloudflare (content delivery network, DDoS protection, and security services) which may process your IP address and device information to provide these services; Resend (email delivery) which processes email addresses to send notifications and alerts; and other services such as mapping APIs and weather data providers. When you use Trailkeep, your data may pass through or be processed by these third-party services. Each service has its own privacy policy governing how they handle data. We are not responsible for the privacy practices, data handling, security, or content of such third-party services.
10. Children's Privacy
Trailkeep is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 13, please contact us immediately.
11. International Data Transfers
Your information may be transferred to, stored on, and processed by servers and service providers located in countries other than your own, where data protection laws may differ from those in your jurisdiction. By using Trailkeep, you consent to the transfer of your information to these countries. We will take reasonable steps to ensure your data receives adequate protection in accordance with this Privacy Policy and the laws of the Republic of Estonia and the European Union.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. We encourage you to review this Privacy Policy periodically. Your continued use of Trailkeep after changes become effective constitutes acceptance of the updated policy.
13. Data Breach Notification
In the event of a data breach that compromises your personal information, we will notify affected users and relevant supervisory authorities in accordance with GDPR and Estonian data protection laws. We will make reasonable efforts to notify you via email within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and 34. Notifications will include the nature of the breach, categories of affected data, likely consequences, and measures taken to address the breach and mitigate harm. You may contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you have concerns about how we handle data breaches.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at info@trailkeep.com. We will make reasonable efforts to respond to your inquiry within a reasonable timeframe, but cannot guarantee response times or outcomes.