Privacy Policy
Last updated: June 2026 (v2.4)
Version: 2.4
Effective Date: June 2026
Applies To: Worldwide (App Store); AU/NZ (Google Play)
Primary Jurisdiction: New South Wales, Australia
ABN: 78 694 741 636
1. INTRODUCTION AND COMMITMENT TO PRIVACY
Ready2Roam ("App," "we," "us," "our") is committed to protecting
your privacy and ensuring you have a positive experience on our
platform. This Privacy Policy explains how we collect, use, disclose,
and safeguard your information when you use our App.
The App is distributed worldwide on the Apple App Store and in Australia
and New Zealand on Google Play. Accordingly, this policy is intended to
comply with applicable privacy laws across all regions where the App is
available, including (but not limited to):
- Australian Privacy Principles (APPs) under the Privacy Act 1988
- New Zealand Privacy Act 2020 - for NZ users
- EU General Data Protection Regulation (GDPR) - for users in the EU
- UK General Data Protection Regulation (UK GDPR) and Data Protection
- California Consumer Privacy Act (CCPA) - for California, USA users
- Personal Information Protection and Electronic Documents Act
Please read this Privacy Policy carefully. If you do not agree with our
practices, please do not use the App.
2. INFORMATION WE COLLECT
2.1 Personal Information
- Email address (for account creation)
- Name (optional)
- Profile photo (optional)
2.2 Financial Data
Your financial data (expenses, income, trip budgets, scenarios) is
stored on your device and automatically backed up to secure cloud
servers when you are signed in. We do NOT have access to your specific
financial details.
2.3 Cloud Backup and Sync
When you are signed in, your data is automatically backed up to secure
cloud servers powered by Google Firebase. Your data is encrypted in
transit using TLS 1.3 and encrypted at rest using Google Cloud\'s
built-in encryption. Access to your data is protected by your
authentication credentials. We do not access, review, or use your
financial data for any purpose. Only authenticated sessions linked to
your account can retrieve your data.
2.4 Anonymised Analytics We DO Collect
- Number of scenarios created (to improve features)
- Average runway months distribution (anonymised, for benchmarking)
- Most used expense categories (to optimise quick entry)
- Feature usage patterns (to prioritise development)
- App crash reports and performance metrics
2.5 What We DO NOT Access or Use
- Your actual expense amounts
- Your specific income details
- Bank account information
- Any personally identifiable financial data
While your financial data is stored on our cloud servers as part of
the automatic backup service described in Section 2.3, this data is
stored solely for your benefit. It is not accessed, read, processed,
or used by Ready2Roam for any purpose including analytics, marketing,
or product development.
2.6 Information You Provide Directly
Financial and Trip Data:- Income figures, expense estimates, and financial projections you
- Trip plans, route waypoints, stop details, and itinerary notes
- Savings targets, loan amounts, and other financial parameters
- Vehicle details including type, dimensions, and specifications
- Photographs or images uploaded for receipt capture or documentation
- Name, email address, and contact details
- Authentication credentials (encrypted)
- Payment information (managed by Apple or Google - we do not receive
- Messages, feedback, or support requests you send to us
- Your responses to surveys, questionnaires, or user feedback requests
2.7 Information Collected Automatically
Device and Usage Data:- Device type, operating system, and version
- Device identifiers (IDFA for iOS, Advertising ID for Android)
- App version and features you use
- Duration and frequency of use
- Crash reports and error logs
- IP address and network connection type
- Approximate location based on IP address (not GPS-precise location)
- Precise GPS location only when you explicitly grant location
2.8 Information from Third Parties
- Device operating system providers (Apple, Google) may provide app
- Payment processors may provide transaction details related to
- Third-party service providers may share error logs or security
3. HOW WE USE YOUR PERSONAL INFORMATION
3.1 Service Delivery and Functionality
- Providing you with access to the App and its features
- Processing and performing calculations based on your input data
- Generating financial modelling scenarios and projections
- Displaying maps, points of interest, and route information
- Storing your preferences and saved scenarios
- Providing cloud backup and sync to protect your data and enable
3.2 Technical Operations and Support
- Troubleshooting technical issues and errors
- Monitoring app performance, stability, and security
- Conducting crash analysis and error reporting
- Providing customer support and responding to your inquiries
- Debugging and improving app functionality
3.3 Analytics and Improvement
- Understanding how you use the App
- Analysing user behaviour to improve features and user experience
- Identifying technical problems and areas for enhancement
- Measuring feature adoption and effectiveness
3.4 Lawful Basis for Processing (GDPR/UK GDPR)
For users in the EU, EEA, and UK, we process personal data under the
following lawful bases:
-----------------------------------------------------------------------
Lawful Basis Activities
------------------------ ----------------------------------------------
Contract Performance Account creation and management; cloud sync
(Art. 6(1)(b)) and backup; subscription management
Legitimate Interests App performance monitoring; crash reporting;
(Art. 6(1)(f)) security; anonymised analytics to improve the
App
Consent (Art. 6(1)(a)) Precise GPS location access (requested at
runtime); optional analytics if a consent
mechanism is presented
Legal Obligation (Art. Compliance with applicable law; response to
6(1)(c)) lawful legal orders
-----------------------------------------------------------------------
4. DATA STORAGE AND SECURITY
4.1 Storage Architecture
Your data is stored using a dual-storage approach:
- Local Storage: All data is stored on your device using an encrypted
- Cloud Backup: When signed in, data is automatically synchronised to
region).
EU and UK users - data residency:Currently, all user data is stored in Google Firebase\'s
australia-southeast1 (Sydney) region. This includes data from EU and
UK users. This transfer is covered by Standard Contractual Clauses
(SCCs) between Ready2Roam and Google. A dedicated EU Firebase region
is planned for V1.2 to provide EU-local data residency.
4.2 Security Measures
-------------------------------------------------------------------------
Layer Technology Details
---------------- ------------------ -------------------------------------
Local Storage SQLCipher All local databases encrypted with
(AES-256) user-derived key
Cloud Storage Google Cloud Automatic server-side encryption for
Encryption Firestore data
Data in Transit TLS 1.3 All API calls over HTTPS
Authentication Firebase Auth Apple, Google, and email sign-in with
secure token management
Key Management iOS Keychain / Encryption keys stored in device
Android Keystore secure enclave
-------------------------------------------------------------------------
4.3 Data Retention
- Local data remains on your device until you delete it or delete your
- Cloud data is retained while your account is active
- Upon account deletion, all cloud data is permanently deleted within
- Anonymised analytics data may be retained indefinitely
5. DATA SHARING AND DISCLOSURE
We do NOT sell your personal information to third parties under any
circumstances.
We may share limited data with:
- Google Firebase: Cloud infrastructure provider (data processing
- RevenueCat: Subscription management (receives only subscription
- Apple/Google: App Store payment processing for subscriptions
- Analytics providers (e.g., Firebase Analytics, Crashlytics):
- Mapbox: Map rendering and geocoding (receives map viewport
Law enforcement and regulatory disclosure:
We may disclose personal information to law enforcement, government
authorities, or regulatory bodies where we are required to do so by
applicable law or a valid legal order from a competent authority in any
applicable jurisdiction, including Australian, New Zealand, EU/EEA
member state, UK, US, and Canadian authorities as applicable. We will,
where lawfully permitted, notify you of such requests.
6. YOUR RIGHTS
Under the Australian Privacy Principles (and as expanded for users in
other jurisdictions - see Section 13), you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Delete your account and all associated data through the
- Data Export: Export your data in standard formats from within the
- Opt-out: Disable analytics collection in App settings
- Complaint: Lodge a complaint with the Office of the Australian
*Users in other jurisdictions have additional rights - please refer to
Section 13 for details specific to your region.*
7. SUBSCRIPTION MANAGEMENT
If you subscribe to a paid plan (Explorer or Nomad Pro), your
subscription is managed by Apple (App Store) or Google (Play Store), not
by Ready2Roam. Important points:
- We do not have access to your payment card details
- Subscription cancellation must be done through your Apple ID or
- Deleting your Ready2Roam account does NOT automatically cancel your
- You are responsible for cancelling your subscription separately to
- Refund requests must be directed to Apple or Google, not to
8. AGE REQUIREMENT
Ready2Roam is designed for users aged 13 years and older. By creating an
account and using the App, you confirm that you are at least 13 years of
age. We do not knowingly collect personal information from anyone under
- If we become aware that we have collected information from a person
between the ages of 13 and the age of majority in their jurisdiction
should review this Privacy Policy with a parent or legal guardian.
9. CHILDREN\'S PRIVACY
The App is not intended for children under 13 years of age. Consistent
with the United States Children's Online Privacy Protection Act (COPPA),
we do not knowingly collect, use, or disclose personal information from
children under 13. If we become aware that we have inadvertently
collected personal information from a child under 13, we will delete
that information promptly. If a parent or guardian becomes aware that
their child under 13 has provided us with personal information, they
should contact us at support@ready2roam.com.au and we will take steps
to remove that information from our systems.
10. INTERNATIONAL DATA TRANSFERS
Your data is primarily stored on Google Firebase servers in the
australia-southeast1 (Sydney) region. Some anonymised analytics and
crash data may be processed by third-party providers (e.g., Firebase
Analytics servers operated by Google in the US) in other jurisdictions.
Where data is transferred internationally, we ensure appropriate
safeguards are in place in accordance with applicable privacy law. For
EU and UK users, international transfers from the EU/EEA and UK are
covered by Standard Contractual Clauses (SCCs) entered into between
Ready2Roam and Google LLC as data processor. A copy of Google\'s
applicable SCCs is available at https://cloud.google.com/terms/sccs.
For NZ users, transfers to Australia are subject to the Trans-Tasman
mutual recognition framework. Ready2Roam acknowledges its obligations to
NZ users under the NZ Privacy Act 2020 as set out in Section 13.1.
11. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you
of material changes by:
- Displaying a notice within the App
- Requiring re-acceptance for significant changes
- Updating the version number and effective date
Your continued use of the App after changes constitutes acceptance of
the updated policy.
12. CONTACT US
If you have questions about this Privacy Policy or wish to exercise your
rights, contact us:
- Email: support@ready2roam.com.au
- Business Name: Ready2Roam
- ABN: 78 694 741 636
- Jurisdiction: New South Wales, Australia
For privacy complaints, you may also contact the Office of the
Australian Information Commissioner (OAIC) at www.oaic.gov.au. Users in
other jurisdictions may contact their applicable supervisory authority
as described in Section 13.
13. INTERNATIONAL USERS AND REGIONAL RIGHTS
Ready2Roam is distributed worldwide on the Apple App Store. The
following subsections describe the additional rights and obligations
that apply to users in specific regions, in addition to the general
provisions of this policy.
13.1 New Zealand
Ready2Roam is operated by an Australian entity (ABN 78 694 741 636) and
is distributed in New Zealand. NZ users\' personal information is
handled in accordance with the New Zealand Privacy Act 2020 where
applicable, in addition to the Australian Privacy Principles.
Key points for NZ users:
- The NZ Privacy Act 2020 sets out 13 Information Privacy Principles
disclosed
- Ready2Roam applies these principles to NZ user data to the extent
Australian Privacy Act 1988
- The Privacy Commissioner of New Zealand has jurisdiction to
Commissioner at www.privacy.org.nz
- Transfers of your data to Australia (for cloud storage in Firebase)
- Contact for NZ privacy enquiries: support@ready2roam.com.au (same
13.2 European Union and European Economic Area (GDPR)
If you are located in the EU or EEA, the General Data Protection
Regulation (EU) 2016/679 (GDPR) applies to your personal data. In
addition to the rights described in Section 6, you have the following
rights under the GDPR:
-----------------------------------------------------------------------
Right Description
------------------------ ----------------------------------------------
Right of Access (Art. Obtain a copy of personal data we hold about
15) you and information on how it is processed
Right to Rectification Request correction of inaccurate or incomplete
(Art. 16) personal data
Right to Erasure (Art. Request deletion of personal data where it is
17) no longer necessary, consent is withdrawn, or
processing is unlawful
Right to Restriction Request that processing be restricted in
(Art. 18) certain circumstances while accuracy is
contested or objection is pending
Right to Data Receive your personal data in a structured,
Portability (Art. 20) machine-readable format for transfer to
another controller
Right to Object (Art. Object to processing based on legitimate
21) interests. We will cease unless we demonstrate
compelling legitimate grounds
Right to Lodge Complaint Lodge a complaint with your member state
supervisory authority (e.g., CNIL in France,
BfDI in Germany, ICO in the UK - see 13.3)
-----------------------------------------------------------------------
Lawful basis: As described in Section 3.4, we process personal data on
the bases of contract performance, legitimate interests, consent, and
legal obligation. Where processing is based on consent, you may withdraw
consent at any time without affecting the lawfulness of prior
processing.
Data transfers: Personal data is currently stored in Google Firebase\'s
australia-southeast1 region. This transfer from the EU/EEA to Australia
is made under Standard Contractual Clauses (SCCs). Australia is not
currently an EU-designated adequate country; accordingly SCCs are
required and are in place.
V1.2 Roadmap - EU data residency:A dedicated EU Firebase region (europe-west1, Belgium) is planned for
V1.2. When deployed, EU user data will be stored within the EU with
no cross-border transfer required. This policy will be updated
accordingly.
13.3 United Kingdom (UK GDPR)
If you are located in the United Kingdom, the UK General Data Protection
Regulation (UK GDPR) and the Data Protection Act 2018 apply. The UK GDPR
is broadly equivalent to the EU GDPR but is a distinct regulation
following the UK\'s departure from the EU. The Information
Commissioner\'s Office (ICO) is the UK supervisory authority.
UK users have the same rights as EU users described in Section 13.2,
exercisable under UK GDPR rather than EU GDPR. Key UK-specific points:
- The ICO is your supervisory authority. You may lodge a complaint at
- International transfers from the UK are governed by the UK\'s
UK user data to Australia use Google\'s IDTA-compliant processing
terms
- The UK has recognised Australia as providing adequate protection
safeguards are maintained for Firestore processing
13.4 United States - California (CCPA)
If you are a California resident, the California Consumer Privacy Act
(CCPA) and the California Privacy Rights Act (CPRA) may apply to your
personal information. The following disclosures are provided in
accordance with CCPA requirements:
Categories of personal information we collect (in the preceding 12
months):
- Identifiers: email address, name (optional), IP address, device
- Internet or other electronic network activity: app usage, feature
- Geolocation data: approximate (IP-based) and precise (GPS, if
- Inferences: anonymised usage patterns derived from app interaction
We do not sell, rent, or share your personal information with third
parties for monetary consideration or other valuable consideration as
defined under the CCPA.
Your California privacy rights:
- Right to Know: You may request disclosure of personal information
- Right to Delete: You may request deletion of personal information we
- Right to Correct: You may request correction of inaccurate personal
- Right to Opt-Out of Sale: We do not sell personal information. No
time
- Right to Non-Discrimination: We will not discriminate against you
To exercise your California rights, contact us at
support@ready2roam.com.au. We will respond within 45 days of a
verifiable consumer request.
Law enforcement disclosures: Ready2Roam may be required to disclose
personal information in response to lawful requests from US government
authorities, including to meet national security or law enforcement
requirements. We will, where legally permitted, notify affected users.
13.5 Canada (PIPEDA)
If you are located in Canada, the Personal Information Protection and
Electronic Documents Act (PIPEDA) and applicable provincial privacy laws
may govern the collection, use, and disclosure of your personal
information. Key provisions:
- We collect, use, and disclose personal information with your
permitted by law
- You may access and correct your personal information by contacting
- Personal information is transferred to Australia for cloud storage.
consistent with PIPEDA Schedule 1 Principle 7
- You may file a complaint with the Office of the Privacy Commissioner