Privacy Policy
Effective date: June 1, 2026
SmartQ helps travelers understand crowd levels, queue context, trip timing, and route planning. To provide these features, SmartQ processes certain data such as account information, saved plans, optional location-related data, community reports, report photos, subscription entitlement data, technical logs, diagnostics, and product usage information. We aim to minimize personal data, avoid publishing individual movement history, and use aggregated or de-identified information where appropriate.
Who We Are
SmartQ is operated by KeRoY Technologies OÜ, a company registered in Estonia. Registry code: 17494934.
For privacy, data, legal, product, provider, or correction requests, contact KeRoY Technologies OÜ at [email protected].
Data We Collect
Depending on how you use SmartQ, we may collect or process the following:
Account and authentication data
- Email address, user ID, Clerk session/authentication data, profile or display name if provided, and sign-in method metadata where relevant.
Trip and planning data
- Selected city, saved places, trip setup, itinerary requests, generated plan results, hotel/home-base/start point if entered, travel dates and time windows if entered, selected attractions, must-see choices, planner objective, route preferences, and saved itinerary state.
Optional location-related data
- Device permission status, foreground or current location when permission is granted, approximate or precise location where needed for a requested feature, proximity validation for reports, visit start/end events, attraction/city IDs, timestamps, GPS accuracy, confidence values, queue/visit signals, nearby-live discovery context, supported city-zone context, and location/tracking heartbeats or pings where implemented.
Community reports and user content
- Crowd reports, queue-minute reports, "No queue" reports where supported, votes, flags, comments, uploaded report photos if enabled, report timestamps, attraction/city context, and contribution score or badge inputs.
Report photos
- Report photos are stored as private storage objects where possible. Public report reads may show only short-lived signed photo URLs, and old or expired report photos should not remain as permanent public links.
- Photos may be removed when reports are deleted, hidden, expired, or account deletion succeeds. Please do not upload photos containing sensitive personal information unless necessary.
Premium subscription data
- App Store subscription product ID, transaction/entitlement status, renewal or expiry information from Apple, restore status, account-linked subscription state, backend verification result, and fraud, duplicate-account, or account-linking checks.
- Payments are processed by Apple through the App Store. SmartQ receives and stores only the subscription entitlement and transaction information needed to verify Premium access, restore purchases, prevent abuse, and support users. SmartQ does not store payment card details.
Device, diagnostics, and security data
- Device type, OS/app/browser version, IP address, request metadata, logs, crash/error diagnostics, Sentry event metadata where configured, rate-limit/security/fraud/abuse signals, app environment, bundle/build metadata, and DeviceCheck or app-attestation-style metadata where used.
Product usage and analytics data
- Searches, missing-search events, page/app interactions, plan generation events, recommendation clicks, report interactions, city/language/build metadata, wearable/display surface usage where relevant, and /explore usage where relevant.
Communications
- Emails or messages sent to SmartQ, support requests, privacy/account deletion requests, feedback, and bug reports.
Location Data
Location access is optional and controlled by your device settings. You can revoke location permission in iOS or device settings.
SmartQ may use location to show nearby attractions, validate reports, detect or estimate visits, support My Trip and trip companion features, improve crowd/queue estimates, prevent abuse, show city-zone context, and improve product quality.
SmartQ does not publish individual movement history to other users. SmartQ aims not to store continuous raw GPS traces on its servers, but may send or store limited location-related event data where needed, such as attraction ID, city ID, timestamp, approximate or precise validation fix, GPS accuracy, confidence score, visit start/end event, heartbeats/pings, and account or device identifier.
Aggregated or de-identified location-derived signals may be used to improve SmartQ estimates. Location-derived data may also support nearby-live discovery, report proximity gates, trip reminders, Live Activities, and wearable/display companion cards. Queue/photo report entry points from companion or wearable/display surfaces must still pass sign-in, app, and nearby-location gates before submitting.
Queue, Crowd, and Report Evidence
SmartQ combines live signals, typical patterns, user reports, queue/photo reports, visit signals, opening hours, weather context, events, and routing context. Estimates may be limited, stale, unavailable, or wrong.
Queue/wait wording should be reserved for actual queue/wait evidence. Weather overlays and weather context are not observed crowd evidence. A "No queue" report may be treated as queue evidence only where SmartQ has supporting evidence such as a saved photo, depending on current product rules.
Generic tap reports are weaker evidence than queue/photo reports or independently confirmed visit answers. User-facing copy should not expose internal scraped-source names, vendor names, or raw collection methods.
How We Use Data
- Provide and operate SmartQ features.
- Generate crowd, queue, timing, and itinerary estimates.
- Show live /explore map and detail context.
- Support SmartQ Display and /wearable companion surfaces.
- Save and sync user plans, trips, places, and account data.
- Process and verify Premium subscriptions.
- Restore App Store subscriptions.
- Prevent subscription abuse or wrong-account subscription linking.
- Validate reports and reduce spam/fraud.
- Improve recommendations, search coverage, route quality, and product reliability.
- Provide support and respond to requests.
- Maintain security, debug issues, monitor crashes, prevent abuse, and comply with law.
Legal Bases
Where GDPR or similar law applies, SmartQ relies on the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account, login, saved plans, saved places, trip setup, and support | Performance of contract. |
| Premium subscriptions, restore, entitlement verification, and account-linked subscription state | Performance of contract; legal obligation for accounting/tax where applicable; legitimate interests for fraud and abuse prevention. |
| Optional location permission and location-based features | Consent where required; performance of contract where needed to provide a requested location-based feature. |
| Reports, comments, votes, flags, and photos | Performance of contract and/or user consent depending on the feature; legitimate interests for moderation, safety, fraud prevention, and trust. |
| Report photo storage, short-lived signed URLs, deletion, and moderation | Performance of contract and legitimate interests in service integrity and community safety. |
| Security, rate limiting, fraud prevention, abuse prevention, app attestation, and diagnostics | Legitimate interests. |
| Sentry/crash/error diagnostics and reliability monitoring | Legitimate interests in operating and securing the service, with minimization where practical. |
| Product analytics and reliability | Legitimate interests, with minimization. |
| Legal/privacy requests | Legal obligation. |
| Marketing emails, if any | Consent or legitimate interest depending on message type. We do not currently send marketing newsletters unless you opt in. |
Third-Party Service Providers
SmartQ may use service providers and platform partners to provide, secure, improve, monitor, or support the service. These providers process data only as needed for those purposes.
- Authentication: Clerk.
- Database and storage: Supabase.
- Hosting, deployment, backend API, and infrastructure: Vercel, Fly.io, and Cloudflare where used.
- App distribution and purchases: Apple App Store and StoreKit.
- Maps, routing, geocoding, transit, weather, and event context: Apple Maps / MapKit, OpenWeather where configured, and other configured providers.
- Observability and error monitoring: Sentry.
- Display/wearable integrations: Meta Wearables Device Access Toolkit where included in the production app and where data may pass through that surface.
- Email, support, analytics, security, or logging providers where configured.
When you open a third-party map, ticketing, event, venue, navigation, or platform service, your use of that service is also subject to that provider's own terms and privacy policy.
International Transfers
SmartQ is operated from the EEA/Estonia. Some providers may process data outside the EEA. Where required, SmartQ relies on adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.
Retention
| Data category | Typical retention |
|---|---|
| Account/profile/auth data | Kept while the account exists, unless law requires longer. |
| Saved plans/trips/places | Kept until deleted by the user, account deletion, or inactivity cleanup where applicable. |
| Premium subscription records | Kept as long as needed to verify Premium access, restore subscriptions, prevent abuse, provide support, and comply with accounting/legal obligations. |
| Reports/comments/votes/flags | Kept until deleted, moderated, expired, hidden, or account deletion where applicable; public/safety records may remain in aggregated or de-identified form. |
| Report photos | Kept only as long as needed for visible report features, moderation, abuse prevention, or account/report lifecycle. Public display should use short-lived signed URLs, not permanent public links. |
| Location-related visit/queue/proximity events | Kept only as long as reasonably needed for product features, fraud prevention, quality, and aggregate estimates; aggregated or de-identified statistics may be kept longer. |
| Heartbeats/pings/tracking events | Kept only as long as reasonably needed for trip continuity, abuse prevention, debugging, and aggregate product quality, unless aggregated or de-identified. |
| Logs/security/diagnostics/Sentry events | Kept for a limited period unless needed for security, abuse investigation, debugging, or legal obligations. |
| Legal/accounting/tax records | Kept as required by law. |
| Aggregated/de-identified data | May be kept longer because it no longer directly identifies a user. |
Public Reports and Community Content
Reports, comments, queue estimates, votes, flags, and photos may be visible to other users if submitted to public community features. Public report displays should not expose private reporter identity beyond chosen display name or profile information.
Public report reads should expose only display-safe fields. Public or anonymous clients should not receive reporter user IDs, trust scoring internals, moderation-only fields, or private ownership fields.
SmartQ may moderate, remove, hide, aggregate, expire, or de-identify reports to protect trust and safety. Map report bubbles are lightweight discovery hints, not a full public comments feed.
Automated Estimates and Recommendations
SmartQ uses automated scoring and planning logic to estimate crowd levels, queue context, route timing, nearby recommendations, trip guidance, and suggested visit order. SmartQ may combine live signals, typical patterns, reports, queue/photo evidence, opening hours, weather context, events, routing context, and user-selected preferences.
These outputs are informational travel recommendations only. They do not produce legal or similarly significant effects. SmartQ estimates may be wrong, stale, unavailable, or uncertain, and SmartQ should not present generated estimates as observed live facts.
SmartQ Display and Wearable Surfaces
SmartQ may provide compact trip, nearby, crowd, or queue guidance through SmartQ Display, /wearable, Live Activities, or supported display/wearable integrations. These surfaces are meant for display-safe companion guidance and deep links back into the iPhone app.
They should not expose private account, reporter, or admin data. Queue/photo report submissions from these surfaces must still require sign-in and valid proximity/location checks where applicable. The public /wearable route should be treated as a display/compatibility surface, not a full planner or report-authority surface.
Your Choices and Rights
- You may request access, correction, deletion, restriction, portability, objection, or withdrawal of consent where applicable.
- You may revoke location, notification, camera, or photo permissions in device settings.
- You may request account deletion and privacy help by contacting SmartQ.
- EU/EEA users may complain to their local data protection authority or the Estonian Data Protection Inspectorate.
- Where GDPR applies, SmartQ will normally respond within one month.
- You may stop using SmartQ at any time.
Children
SmartQ is not intended for children under 13. If a stricter local age applies, users must meet that age. Parents or guardians can contact SmartQ if they believe a child provided personal data.
Security
SmartQ uses technical and organizational measures to protect data. No system is perfectly secure. Users should keep account credentials safe. Report photos and private storage should not be exposed as permanent public links.
Changes
SmartQ may update this Privacy Policy. The effective date will be updated, and material changes may be communicated through the website, app, or other reasonable means.
Contact
For privacy, data, legal, product, provider, or correction requests, contact KeRoY Technologies OÜ at [email protected].