Last updated: 13 March 2026
Privacy Policy
MileTrack ("we", "us", "our") is operated by Asset Track Sp. z o.o. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws.
This policy explains what data we collect, why we collect it, how we use it, and what rights you have.
Quick summary
MileTrack is local-first for trip storage, but not infrastructure-free. This summary exists so the landing page, Security page, and legal page describe the same model.
On-device by default
- Trip logs, route history, saved places, vehicle setup, and reimbursement settings stay on your device by default.
- Optional iCloud backup can sync this data across your iOS devices when you enable it.
- Monthly exports can be archived locally without relying on a hosted portal.
Service infrastructure still used
- Account data, consent choices, and support conversations use service infrastructure so we can operate the product.
- Crash diagnostics and optional analytics are processed separately from trip logs and can be disabled where consent is required.
- Road map matching uses anonymized route segments to improve recorded route quality.
Operational controls
- Infrastructure is hosted in the EU or with contractual safeguards where that is not possible.
- Deletion, export, and retention controls are documented in the Privacy Policy.
- Audit logging and access controls apply to the service-side systems we operate.
1. Data Controller
Asset Track Sp. z o.o. is the data controller responsible for your personal data.
- Email: [email protected]
- Website: miletrack.app
2. Data We Collect
2.1 Account data
When you create an account, we collect:
- Email address
- Name (optional)
- Country of tax residence
- Authentication credentials (hashed, never stored in plain text)
2.2 Location and trip data
To provide mileage tracking, the app collects:
- GPS coordinates — recorded during active trip tracking (background location)
- Motion and activity data — used to detect trip starts and stops (walking, driving, stationary)
- Trip metadata — origin, destination, distance, timestamps, route polyline, classification (business/commute/private)
- Geofence data — saved places such as home and office locations
Background location: MileTrack uses background location access to detect and record trips automatically when the app is not in the foreground. You can disable automatic tracking at any time in Settings. Location data is only collected during active trip detection and tracking — we do not continuously monitor your position.
2.3 Vehicle and workplace data
- Vehicle details (make, model, registration, odometer)
- Workplace addresses
- Reimbursement rates and tax year settings
2.4 Usage and device data
- Device type, OS version, app version
- Crash reports and performance metrics (anonymised)
- Feature usage patterns (anonymised analytics)
2.5 Export and report data
- Generated reports (PDF, CSV, XLSX) are created from your trip snapshot and delivered to you
- We do not retain copies of exported files after delivery
3. Legal Basis for Processing
We process your data under the following GDPR legal bases:
| Purpose | Legal basis |
|---|---|
| Provide the mileage tracking service | Performance of contract (Art. 6(1)(b)) |
| Process location data for trip recording | Your explicit consent (Art. 6(1)(a)) |
| Generate tax-compliant reports | Performance of contract (Art. 6(1)(b)) |
| Send service-related communications | Legitimate interest (Art. 6(1)(f)) |
| Improve the service through anonymised analytics | Consent for optional web analytics in EU/UK (Art. 6(1)(a)); legitimate interest where local law permits (Art. 6(1)(f)) |
| Comply with tax record-keeping obligations | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
- Automatically detect, record, and classify your trips
- Learn classification patterns from your driving history (on-device)
- Generate country-specific mileage reports for tax compliance
- Match recorded routes to road networks for accuracy (road map matching)
- Synchronise data across iOS devices when optional iCloud backup is enabled
- Provide customer support
- Improve the app through anonymised usage analytics
5. Data Sharing
We do not sell your personal data to third parties.
We may share limited data with:
- Infrastructure providers — cloud hosting and database services (EU-based or with adequate safeguards)
- Map services — anonymised route segments for road map matching (no personally identifiable information)
- Analytics providers — anonymised crash and usage data
- Accounting exports/integrations — only when you explicitly export or connect to a third-party accounting service (Xero, DATEV, etc.)
- Legal authorities — when required by law or valid legal process
6. Data Storage and Security
- Trip data is stored on-device by default; optional iCloud backup/sync is available on iOS when you enable it
- Service-side account, support, analytics, and route-matching traffic is encrypted in transit using TLS 1.2+
- Service-side data at rest is encrypted using AES-256 or provider-equivalent controls
- Servers are located in the European Union
- We implement access controls, audit logging, and regular security reviews
- Route polylines are hashed to provide tamper-evident audit trails
7. Data Retention
- Trip data: Retained for as long as your account is active, or as required by applicable tax record-keeping laws (typically 5–10 years depending on jurisdiction)
- Account data: Retained until you delete your account
- Anonymised analytics: Retained indefinitely (not linked to your identity)
When you delete your account, all personal data is permanently removed within 30 days, except where retention is required by law.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Access — Request a copy of all personal data we hold about you
- Rectification — Correct inaccurate or incomplete data
- Erasure — Request deletion of your data ("right to be forgotten")
- Restriction — Request that we limit processing of your data
- Portability — Receive your data in a structured, machine-readable format (JSON, CSV)
- Objection — Object to processing based on legitimate interests
- Withdraw consent — Revoke consent for location tracking and optional website analytics at any time through app/device controls or website cookie settings
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9. Cookies
The MileTrack website uses a consent banner and stores your cookie choice in browser storage.
- Essential storage: Always enabled for core site behavior and to remember consent choices.
- Optional analytics: Umami analytics is loaded only when you allow analytics in the consent banner.
- No ad cookies: We do not run advertising cookies, cross-site ad trackers, or fingerprinting scripts for ad targeting.
For EU/UK visitors, optional analytics requires explicit opt-in consent. For US visitors, analytics can be disabled at any time through the "Cookie settings" control on the website.
We do not sell or share personal data for cross-context behavioral advertising.
10. Children's Privacy
MileTrack is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. International Transfers
Your data is processed and stored within the European Economic Area (EEA). If any data transfer outside the EEA is necessary (e.g., crash reporting services), we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email. The "Last updated" date at the top of this page reflects the most recent revision.
13. Contact
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- Email: [email protected]
- General enquiries: [email protected]
You also have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, BfDI in Germany, CNIL in France, AP in the Netherlands).