Privacy Policy

Last Updated: April 7, 2026

Blue Dot (“we,” “our,” or “us”) operates the Blue Dot mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the App.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you sign in with Apple, we receive your name and email address (as permitted by your Apple ID settings). We store your display name, username, bio, home country, and avatar image.
  • Trip Data: Trip names, locations, dates, countries visited, activities, notes, daily logs, travel companions, checklists, and associated photos and videos.
  • Social Data: Your follower/following relationships, trip tags you send or receive, trip invite links you create, and poke interactions.
  • Wishlist & Bucket List: Countries and locations you mark as wished or planned.
  • Leaderboard Data: Username, country, and trivia scores.

1.2 Information Collected Automatically

  • Device Identifier: A stable device identifier used for app functionality, not for tracking.
  • Location (One-Time): With your permission, we detect your approximate location once during onboarding to determine your home country and timezone. We do not continuously track your location.
  • Push Notification Token: If you enable notifications, your device token is stored to deliver push notifications.

1.3 Information We Do NOT Collect

  • We do not use third-party analytics, advertising, or tracking SDKs.
  • We do not access your contacts, calendar, health data, or browsing history.
  • We do not use biometric data (Face ID/Touch ID).
  • We do not track your location continuously.

2. How We Use Your Information

We use your information solely to provide and improve the App:

  • App Functionality: Display your profile, trips, and travel statistics; sync data across your devices; enable social features.
  • Notifications: Send trip-related reminders and social notifications.
  • Globe Social Feature: Show anonymized trip activity dots on the globe to your followers.
  • Leaderboard: Display trivia scores on the daily leaderboard.

3. Legal Basis for Processing (GDPR)

If you are in the EEA, UK, or Switzerland, our legal bases are:

  • Consent: You consent to data processing when you create an account and accept this Privacy Policy.
  • Contract Performance: Processing necessary to provide the App's features you requested.
  • Legitimate Interests: App security, fraud prevention, and service improvement.

4. Data Sharing and Disclosure

4.1 With Other Users

  • Public Profile: If your profile is not set to private, other users can view your display name, username, avatar, and travel statistics.
  • Followers: Your followers can see your trip activity on the globe.
  • Trip Sharing: When you share trips, the recipient can view the trip details you choose to share.

4.2 Service Providers

  • Supabase, Inc.: We use Supabase for authentication, database hosting, file storage, and push notification delivery.
  • Apple Inc.: Sign in with Apple handles your authentication.

4.3 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties. We do not share data with advertisers or data brokers.

5. Data Retention

  • Account Data: Retained as long as your account is active. Deleted upon account deletion request.
  • Push Notification Queue: Sent notifications are deleted after 30 days.
  • Globe Hellos: Automatically deleted after 24 hours.
  • Trivia Scores: Automatically deleted after 90 days.

6. Your Rights

6.1 GDPR Rights (EEA, UK, Switzerland)

You have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Update or correct your profile information at any time.
  • Erasure: Delete your account and all associated data using “Delete Account” in Settings.
  • Data Portability: Export your data in a machine-readable JSON format via “Export Data.”
  • Restriction: Request that we restrict processing of your data.
  • Object: Object to processing based on legitimate interests.
  • Withdraw Consent: You may withdraw consent at any time by deleting your account.

6.2 CCPA/CPRA Rights (California Residents)

  • Right to Know: Request disclosure of the personal information we collect.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out of Sale: We do not sell your personal information.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

7. Data Security

  • All data in transit is encrypted via TLS.
  • Database access is protected by Row Level Security (RLS) policies.
  • Authentication is handled through Apple's secure Sign in with Apple service.
  • Server-side functions use security-scoped access controls.

8. International Data Transfers

Your data may be processed in the United States where our service provider (Supabase) operates. We ensure appropriate safeguards are in place for international transfers in compliance with GDPR.

9. Children's Privacy

Blue Dot is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last Updated” date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@bluedot.app