Privacy

The short version: local-first, explicit sharing.

Last updated: 25 June 2026

Your riding data starts in your phone's local storage. Recordings stay local unless you export them. Imported tracks stay local unless you enable device sync, which uploads those GPX files to OffTrail's protected sync relay so your paired device can download them. The app also shares anonymous usage statistics and crash reports (via Google Firebase) so we can fix problems and improve it — not your tracks, your routes, or where you ride. Other data leaves the device only when you use a feature that needs the network: live location during a Group ride session (over our own servers), event participation, basemap tile requests, and — when you use Track to or a track's off-road / on-road split is worked out — coordinates sent to a routing service. Each of these is described below.

What we collect on a server we operate

There is no rider profile and no leaderboard. What our own infrastructure does handle:

What stays on your phone

You can back any of this up the way you'd back up any iOS app's local files (Files app, iCloud Drive backup, Finder sync). OffTrail does not provide account-based recovery.

Location

OffTrail asks for "When in Use" location permission so the user dot can render on the map and the rider can be tracked along an imported route. With your permission we keep listening to location updates while the app is in the foreground — that's how recording survives screen-lock and pocket use. Recording is suspended when the app moves to the background, to save battery. iOS shows its standard system blue bar while location is being used.

Your location is used in real time to render the map and write entries into your own ride recording. It is not transmitted anywhere — except during a Group ride session (sent to our own servers), or when you build a Track to route, where your position and destination are sent to a routing service. Both are described below.

Group ride (opt-in)

When you start or join a Group ride from Settings → Group ride, OffTrail shares your live position with the riders in your session over a realtime connection to OffTrail's own servers (a Cloudflare Durable Object — a small, single-session server instance). There is no third-party messaging provider, no OffTrail account, and no long-term storage — and it works the same between Android and iPhone riders. Specifically:

Network requests we make

The app loads basemap tiles online when you're connected, so the map keeps looking fresh in places you haven't pre-cached. Tile requests go to:

These requests are subject to the respective providers' privacy policies. OffTrail does not intercept, log, or proxy any of them. If you are fully offline, the app falls back to what you have cached (or, for satellite, surfaces a "Satellite needs network" banner; for weather, the chip just hides).

Routing & place names (Track to, off-road split)

Two features send coordinates off the device, because the work can't be done offline on the phone:

What our routing service keeps. Coordinates are never logged, and no IP address is stored. We keep aggregate statistics in the same spirit as the tiles: request counters (route type, success/failure, coarse 1° map cell of the route's midpoint, edge country) and — for generated routes only — an anonymised "popular corridors" heatmap: a sparse sample of the computed route's geometry, rounded to a ~1 km grid, with the first and last 500 m of every route discarded so neither your start point nor your destination is ever retained. Surface-split (map-match) requests carry your own recorded track, so they are excluded from the heatmap entirely. Nothing links any of this to a device or person.

External links from inside the app

The About screen has two opt-in outbound links: Share OffTrail (system share sheet seeded with the App Store URL + a short pitch) and Follow on Instagram (deep link to @offtrailgpx, falls back to Safari if Instagram isn't installed). Both open in their respective destinations and are subject to those services' policies. OffTrail does not collect anything before, during, or after the tap.

Review prompt

After three saved recordings on the same install, OffTrail asks iOS to surface its native App Store review sheet (SKStoreReviewController). The sheet runs entirely inside the system frame; we do not see your review or rating. Apple's own throttle limits this prompt to at most three appearances per rider per 365 days across the whole iOS device. We additionally store a one-shot flag locally so OffTrail itself doesn't re-prompt within the same install.

Analytics & crash reports (Google Firebase)

Since v1.14.1 (iOS) / v0.83 (Android), OffTrail uses Google Firebase for two things, on both platforms:

What is never sent to Firebase: your GPS coordinates, your tracks or recordings, track names, routes, or anything that says where you ride. Events are feature counters, not location data. We don't create accounts or identifiers of our own; Firebase uses a per-install app identifier to group events (Google acts as a processor — see Firebase privacy). This data is used only to improve OffTrail.

No ads, no ad tracking. OffTrail has no ad SDKs, no cross-app tracking, and nothing is shared or sold for advertising.

Cookies & website analytics (this site only)

This website uses Google Analytics to understand visits — which pages are read, from which countries, on which devices. It only runs after you accept the cookie banner; decline (or simply ignore it) and no analytics cookie is ever set. This applies to offtrailapp.com only — the app sets no cookies and is covered by the Firebase section above.

Aside from this opt-in analytics cookie, the site sets none. Your banner choice itself is stored locally in your browser (localStorage), not on a server.

Children

OffTrail is rated 4+ but is not directed at children. Because we don't collect any personal data, no special children's-data provisions apply.

Changes to this policy

When we add a feature that changes what leaves your device, we say so plainly here and update the "Last updated" date. The core stance is a product principle, not a phase: OffTrail is local-first, and network features should be explicit and understandable.

Contact

Questions or pushback: [email protected].