Privacy Policy

Table of Contents

1. What Information ApexTracker Handles
2. What Stays on Your Device (and in Your iCloud)
3. What is Sent to ApexTracker Servers
4. Third-Party Services We Rely On
5. Permissions the App Requests
6. How We Use Information
7. Mapping Platform & Acceptable Use
8. Data Retention & Deletion
9. Security
10. Your Privacy Rights
11. Children's Privacy
12. International Users
13. Changes to This Policy
14. Contact Us

1. What Information ApexTracker Handles

1.1 Information You Provide Directly

In the App (kept on your device, synced through your iCloud):

• Motorcycle profile: make, model, year, VIN, nickname, tank capacity, mileage, photos
• Maintenance records: services performed, dates, mileage, costs, notes, receipt photos
• Saved addresses and saved routes
• Emergency contacts (names and phone numbers) you choose to add for crash detection
• Imported GPX route files
• App settings and preferences (units, voice guidance, crash detection sensitivity, weather alert thresholds, etc.)

On the Website:

• Beta program signup form: name, email address, motorcycle ownership information, riding experience level, intended use case
• Contact form: name, email, message contents, and any attachments you choose to send

If you contact support:

• Your email address and the contents of your correspondence
• Any logs, screenshots, or device details you voluntarily share

1.2 Information the App Generates Automatically

Ride data (stored on your device, synced through your iCloud only):

• GPS coordinates, speed, heading, and elevation captured while a ride is recording
• Motion-sensor data: lean angle, acceleration, gyroscope readings (used to compute riding dynamics)
• Trip duration, distance, route geometry, ride stats and summaries

Device identifiers we generate:

• A random device ID (UUID) is generated on first launch and stored locally on your device. It is sent with requests to our API only to enforce per-device rate limits and is not tied to your name, email, Apple ID, or advertising identifiers.

Diagnostics and crash reports:

• In production builds, the App uses Sentry to report crashes, errors, and a 20% sample of performance traces. Reports include the type of error, a stack trace, the device model and OS version, the App version, and an anonymous session identifier. They do not include your ride GPS tracks, motorcycle photos, contacts, addresses, or maintenance records.
• Sentry is disabled in debug/development builds.

1.3 Information We Do Not Collect

• We do not require, and the App does not create, an ApexTracker account. There is no username or password to register.
• We do not request the iOS Advertising Identifier (IDFA) and do not engage in cross-app or cross-website tracking. Our App Store privacy declaration sets "Tracking" to false.
• We do not collect your contacts list. The App can search your on-device contacts to set a navigation destination if you grant Contacts permission, but matched contacts are used only on your device and are not transmitted to us.
• The App does not currently read data from Apple HealthKit. Our privacy manifest reserves the Health data category for a planned Apple Watch heart-rate integration; until that ships, no heart-rate or fitness values are read or transmitted.

2. What Stays on Your Device (and in Your iCloud)

ApexTracker is designed local-first. The following data is stored in a database on your iPhone and is not transmitted to ApexTracker servers:

• Every ride you record (GPS tracks, lean angle, speed, route)
• Motorcycles in your garage (including VINs and photos)
• Maintenance records, service schedules, and receipt images
• Saved addresses, saved routes, and imported GPX routes
• Emergency contacts
• App preferences and trip-session state

iCloud sync (CloudKit): By default, the App uses Apple's CloudKit so that your data is available across the Apple devices signed into your iCloud account. This sync happens through Apple's infrastructure and Apple's privacy terms apply to it. ApexTracker does not have access to your iCloud database, cannot read its contents, and does not store a copy on our servers. If iCloud sync fails or is unavailable, the App falls back to a local-only database. You can disable iCloud sync for ApexTracker at any time from your iOS Settings > Apple ID > iCloud.

Receipt OCR: When you scan a maintenance receipt with the camera, text recognition runs on-device using Apple's Vision framework. The image and the extracted text never leave your phone (other than through your own iCloud sync).

3. What is Sent to ApexTracker Servers

ApexTracker operates a small backend (the "ApexTracker API") hosted on Cloudflare at apextracker-api.onemoretab.software. Its sole purpose is to keep third-party API keys off your device and to dispatch crash alerts. The endpoints in active use are:

3.1 Voice Navigation Prompts (TTS)

• When voice guidance is enabled, the App sends short navigation phrases (e.g. "In 500 feet, turn right onto Main Street") to our API, which forwards them to OpenAI's text-to-speech service and returns the audio for in-ear playback.
• What is sent: the prompt text only (limited to 500 characters), plus your device ID for rate limiting.
• What is not sent: your name, email, Apple ID, GPS track, route history, or any motorcycle/maintenance data.
• Per OpenAI's API terms, audio inputs/outputs from API requests are not used to train OpenAI models.

3.2 Crash-Detection Emergency SMS

• If you opt in to crash detection and the App detects a probable crash, it shows a 30-second countdown so you can cancel a false alarm. If you do not cancel, it sends an emergency request to our API, which forwards a text message to your designated emergency contacts via Twilio.
• What is sent: the rider name you set, your latitude and longitude at the time of the alert, the timestamp, and the names and phone numbers of the emergency contacts you previously saved on-device. If a future Apple Watch integration is enabled, the most recent heart-rate reading may be included.
• This data is used only to dispatch the SMS. We do not retain crash-alert payloads beyond what is necessary to deliver the message and produce audit/error logs (typically days, not months).

3.3 Operational Logs and Rate Limiting

• Like any web service, our Cloudflare Worker logs request metadata (path, status code, IP address, device ID, timestamp) for security, abuse prevention, and rate limiting. These logs are retained briefly and are not used to build a profile of you.

4. Third-Party Services We Rely On

The App contacts the following third-party services directly from your device. Each service's own privacy policy applies to the information it receives.

• Mapbox — Map tiles, search, geocoding, directions, and round-trip routing. The App sends your location, search queries, and selected origin/destination/waypoints to Mapbox in order to render maps and produce routes. See Mapbox Privacy Policy.
• Apple WeatherKit — Current conditions, forecasts, and severe-weather alerts along your route. Coordinates are sent to Apple's WeatherKit service. See Apple Privacy Policy.
• Open-Meteo — Used as a fallback weather provider when WeatherKit is unavailable. Coordinates are sent to api.open-meteo.com.
• NHTSA — Public U.S. government APIs (vpic.nhtsa.dot.gov, api.nhtsa.gov) used to decode VINs and check for open recalls. The App sends the VIN you enter or the make/model/year of your motorcycle.
• maintenanceschedule.com — Public maintenance-schedule data is fetched using your motorcycle's make, model, and year to populate factory service intervals.
• Apple App Store / StoreKit — Subscription transactions for ApexTracker Pro are processed entirely by Apple. ApexTracker never sees your payment details. Apple provides us with anonymous transaction status used to determine your entitlement.
• Apple iCloud (CloudKit) — Used to sync your App data across your own Apple devices. Operated by Apple under your iCloud account.
• Sentry — Crash and error reporting (production builds only). Reports do not contain ride tracks, photos, contacts, or other personal records.
• Cloudflare — Hosts the ApexTracker API described in section 3 and provides DDoS protection / WAF / KV-backed rate limiting.
• OpenAI — Voice synthesis for navigation prompts, accessed through our API as described in section 3.1.
• Twilio — SMS delivery for crash-detection alerts, accessed through our API as described in section 3.2.

Switchback (switchback.apextracker.app): Our companion trip-planning website is a separate browser-based service. When you visit it, standard web request data (IP address, user agent, requested URL) is processed by our hosting and edge providers. Routes you build in Switchback can be exported as GPX and imported into the App; nothing is automatically pushed from Switchback into your ApexTracker data unless you import it yourself.

5. Permissions the App Requests

iOS will prompt you before granting each of the following. You can review or revoke any of them later in Settings > Privacy & Security or Settings > ApexTracker.

• Location (When In Use and Always, with Precise Location): Required to record rides, provide turn-by-turn navigation, find nearby points of interest and fuel stops, and trigger weather alerts along your route. "Always" access is needed to keep recording while the App is in the background or your phone is locked. Location is not used when no ride or navigation session is active and you are not on the Navigate tab.
• Motion & Fitness: Required to compute lean angle, acceleration, and other riding-dynamics metrics during a ride.
• Camera: Used to scan maintenance receipts. Text extraction runs on-device.
• Photo Library: Used to attach images to ride logs and maintenance records.
• Contacts: Optional. Lets you pick a navigation destination by searching your contacts. Matches happen on-device; contact data is not sent to ApexTracker servers.
• Notifications: Used for maintenance reminders, weather alerts, and trip-session resumption prompts.
• Background modes: Location (continuous ride/navigation tracking), audio (uninterrupted voice prompts), and remote notifications (timely reminders).
• CarPlay: Lets the App display navigation and ride status on supported in-vehicle displays.

6. How We Use Information

We use information only to operate and improve the App, and only as described above. Specifically, we use information to:

• Run the features you invoke (record a ride, navigate to a destination, scan a receipt, fetch a forecast, dispatch a crash SMS, etc.)
• Diagnose crashes and performance regressions (Sentry, in production builds)
• Enforce per-device rate limits on our API to prevent abuse
• Respond to support requests and beta-program enrollment
• Comply with legal obligations and protect the safety of riders, our users, and the public

7. Mapping Platform & Acceptable Use

ApexTracker's map, search, routing, and round-trip features are powered by Mapbox. By using the App you agree to comply with Mapbox's end-user terms in addition to ApexTracker's Terms of Service. In particular, you agree not to:

• Scrape, mass-download, redistribute, or cache map tiles, search results, route geometry, or other Mapbox content outside of the App's normal use
• Reverse-engineer or extract API keys from the App or its network traffic
• Use the App for real-time fleet tracking, dispatch, or other commercial use cases that require a separate Mapbox plan
• Use ApexTracker, its API, or any third-party services it relies on (OpenAI, Twilio, Mapbox, NHTSA, etc.) to harass, defraud, or endanger any person, or to violate any law
• Send fraudulent or test crash alerts, or otherwise abuse the emergency-SMS pathway
• Attempt to circumvent rate limits, authentication, or other security controls on our API

ApexTracker provides navigation, weather, and crash-detection features as aids to a properly licensed and equipped rider. They are not a substitute for safe riding practices, attention to road conditions, or local traffic law. You ride at your own risk.

8. Data Retention & Deletion

• On-device data: Persists until you delete it from within the App or uninstall the App. Uninstalling removes the local database; data already synced to your iCloud will remain in iCloud unless you also remove it from iCloud (Settings > Apple ID > iCloud > Manage Storage > ApexTracker).
• Beta signup / contact form submissions: Retained while we are running the beta and responding to your inquiry, then deleted on request or when no longer needed.
• Sentry crash and error reports: Retained according to Sentry's default retention (typically 90 days for events).
• API request logs: Retained for a short operational window (typically 30 days or less) for abuse prevention and debugging.
• Crash-alert SMS metadata: Retained only as long as needed to confirm delivery and investigate failures.

9. Security

• All network requests from the App use HTTPS/TLS.
• Third-party API keys (Mapbox, TomTom, OpenAI, Twilio) are held server-side as Cloudflare Worker secrets, not embedded in shipped client code where possible.
• Our API requires a shared application key and enforces per-device rate limits.
• Data on your device is protected by iOS's Data Protection (file-level encryption tied to your device passcode/biometrics). We strongly recommend enabling a passcode and Face ID/Touch ID.
• iCloud sync is encrypted in transit and at rest by Apple.

No system is perfectly secure. If we become aware of a breach involving personal information that we hold, we will notify affected users and applicable regulators in line with the timelines required by law.

10. Your Privacy Rights

10.1 Universal Controls (no request needed)

• View, edit, or delete in-app data: Garage, Rides, Service, and Settings tabs let you remove individual motorcycles, rides, maintenance records, saved addresses, emergency contacts, etc.
• Export your data: Use Settings > Export Data to produce a portable copy of your records.
• Disable iCloud sync: iOS Settings > Apple ID > iCloud > Apps Using iCloud > ApexTracker.
• Revoke any permission: iOS Settings > ApexTracker.
• Disable crash detection or weather alerts: Settings tab inside the App.
• Cancel your subscription: Settings > Manage Subscription, which opens Apple's subscription manager.
• Uninstall the App: Removes the local database. Combine with disabling iCloud sync (or removing the App's iCloud data) to fully clear your records.

10.2 Rights Under GDPR, UK GDPR, and Similar Laws

If you are in the EEA, the United Kingdom, Switzerland, or another jurisdiction with comparable data-protection laws, you have the right to:

• Access the personal information we hold about you (which is generally limited to beta-signup, contact-form, support, and any crash-alert log entries)
• Have inaccurate information corrected
• Request erasure of your information
• Object to or restrict processing
• Receive a copy of your information in a portable format
• Withdraw any consent you previously granted
• Lodge a complaint with your local supervisory authority

The legal bases on which we rely are: performance of a contract (providing the service you requested), our legitimate interests (security, abuse prevention, product improvement), your consent (where required for permissions or marketing emails), and compliance with legal obligations.

10.3 Rights Under the CCPA / CPRA (California)

California residents have the right to know what personal information we collect and disclose, to request deletion of personal information we hold, to correct inaccurate information, to limit use of sensitive personal information, and to not be discriminated against for exercising those rights. We do not sell or share personal information for cross-context behavioral advertising.

10.4 How to Exercise These Rights

Email hello@onemoretab.software from the address associated with your request. We aim to respond within 30 days. We may need to verify your identity before acting on a request. Most App data lives on your device or in your iCloud and is not in our possession; we will tell you if a request is outside our reach and how to act on it yourself.

11. Children's Privacy

ApexTracker is intended for licensed motorcyclists. The App and Website are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

12. International Users

ApexTracker is operated from the United States. If you use the App or Website from outside the United States, information described in this policy may be processed in the United States and in the regions where our service providers operate (including Cloudflare's global edge network, Mapbox, Apple, OpenAI, Twilio, and Sentry). Where required, we rely on appropriate transfer mechanisms (such as the Standard Contractual Clauses) for international transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top and, for material changes, post a notice in the App or on the Website. Your continued use after the change takes effect indicates acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or you would like to exercise a privacy right, please contact us:

Acknowledgment

By using ApexTracker, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please do not use our services.