trailworld.io
|
Sign in

Privacy Policy

Last updated: April 2026

This policy describes how Trailworld ("we", "our") collects, uses and protects your personal information, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25 (Act to modernize legislative provisions respecting the protection of personal information).

1. Privacy Officer

Our privacy officer can be reached at:

Email: privacy@trailworld.io

All requests regarding your data (access, correction, deletion, portability) must be sent to this address.

2. Information Collected

2.1 Account Information

When creating an account, we collect:

  • Email address
  • Name or username
  • First name and last name (if voluntarily provided)
  • Password (encrypted with bcrypt — never stored in plain text)
  • Profile photo (if signing in via Google)

2.2 User Content

  • GPX files and GPS tracks you upload
  • Route descriptions, tags, comments
  • Photos attached to comments
  • GPS coordinates extracted from photo EXIF metadata (only if you choose to share them)

2.3 Profile Information (optional)

  • Bio, region, preferred activity — voluntarily provided in your settings

2.4 Technical Data

  • IP address (used only for rate limiting abusive login attempts, not retained long-term)
  • JWT session tokens (stored client-side only)

3. Purpose of Collection

We use your information exclusively to:

  • Create and manage your account
  • Display your routes and public profile
  • Enable sharing and group features
  • Ensure platform security (abuse detection, rate limiting)
  • Authenticate you when you sign in

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

4. Third-Party Sharing

Third Party Reason Location
Google LLC OAuth authentication (if you choose "Continue with Google") United States

Google is subject to its own privacy policies. Signing in with Google is optional — you can create an account with your email and password.

No other third parties have access to your data.

5. Hosting and Storage

Your data (database, GPX files, photos) is hosted on servers located in Canada. No international data transfers occur, except in the case of Google sign-in (see section 4).

6. Retention Period

Data Retention
Account and profile Until account deletion
Routes, comments, photos Until deleted by the user or through moderation
Temporary upload tokens 24 hours
Ephemeral share links 48 hours
Audit logs (moderation) 3 years

7. Your Rights (Quebec Law 25 / PIPEDA)

Under Law 25 and PIPEDA, you have the right to:

  • Access your personal information
  • Correct any inaccurate information
  • Delete your account and associated data
  • Portability — receive your data in a structured, machine-readable format
  • Withdraw consent to the processing of your data
  • Object to certain processing activities

To exercise these rights, contact: privacy@trailworld.io

We respond within 30 days.

8. Security

  • Passwords are encrypted using bcrypt (high cost factor)
  • Sessions use signed JWT tokens
  • GPX files and photos are only accessible to authorized users (based on route visibility settings)
  • Communications between your browser and our servers are encrypted via HTTPS

9. Cookies

We use a functional session cookie to keep you signed in. This cookie is strictly necessary for the service to function and does not require separate consent.

We use no advertising or third-party tracking cookies.

10. Data Breach

In the event of a data breach posing a serious risk of harm, we commit to:

  • Notifying the Commission d'accès à l'information du Québec (CAI) within the required timeframe
  • Notifying affected individuals as soon as possible
  • Documenting the incident and corrective measures taken

11. Minors

Trailworld is not intended for persons under 13 years of age. We do not knowingly collect information about minors. If you believe a minor has created an account, contact us and we will delete the relevant data.

12. Changes

We may update this policy. In the event of a significant change, we will post a notice on the What's New page. The last updated date appears at the top of this document.

13. Contact

Trailworld Email: privacy@trailworld.io Website: https://www.trailworld.io

This policy was written in good faith to reflect our actual practices. It does not constitute legal advice. For questions regarding legal compliance, consult a privacy law professional.