Your data, explained clearly.

BorderSmart uses an anonymous device profile. You do not need an account, a name, or an email address to use the app.

Last updated: April 25, 2026

At a glance

The short version

✓ We never sell your data to anyone.
✓ We don't share your data with advertisers for targeted advertising. Banner ads are non-personalized by default.
✓ We don't build profiles linked to a real-world identity. You're an anonymous device ID.
✓ We don't store payment information. Purchases go through Apple, Google, and RevenueCat.
✓ We don't collect raw GPS or location data in shipped builds.

Section 1

Information We Collect

BorderSmart does not require an account, name, or email address for core app use. To make the app work without a login, we still create and store anonymous identifiers and device state such as app_user_id, device_id, installation key, and session data. If you send optional feedback or support messages, we may also collect your email address and the message content you provide.

Stays on your device

Language choice and appearance mode
Cached crossing and lane detail reads
Installation key (restores your anonymous profile)
In-progress crossing state

Stored on our API

Anonymous app_user_id and device_id
Favorite crossings and sort preference
Alert rules and quiet hours
Push notification token and enabled status
Ad-free entitlement state
Optional feedback email address and message content you send us
Crash and diagnostic logs from client errors

Telemetry & analytics

The app sends named analytics events and client error logs to our own API by default. Examples include screen views, lane detail opens, alert creation, crossing start and finish, ad impressions, purchase events, and crash reports. Each event includes your anonymous device_id, app_user_id, app version, platform, and related context such as lane ID or ad placement.

The mobile app does not call third-party analytics providers directly. All telemetry flows through our own API.

Crossing query history & contribution logs

Crossing query history is retained on our servers for up to 90 days, then automatically purged. If you log a crossing, that record is stored durably. If you later reset your device profile, crossing records are de-identified. Your app_user_id and device_id are removed from those rows instead of deleting the record entirely, so historical operations data remains useful.

Location data

BorderSmart does not collect raw GPS or background location data in shipped builds. You manually select your crossing, and no location permission is required.

Section 2

How We Use Your Information

✓ Provide, operate, and improve the BorderSmart app and its features
✓ Deliver push notifications you have requested
✓ Diagnose and fix bugs and technical issues
✓ Understand usage patterns and improve forecast quality
✓ Display non-personalized banner advertisements to users who have not purchased the one-time ad-free upgrade
✓ Manage in-app purchase entitlements
✓ Comply with applicable legal obligations

Section 3

Data Retention

Crossing query history: Retained for a maximum of 90 days, then automatically purged.
Crossing contribution logs: Retained durably. If you reset your device profile, records are de-identified but not deleted.
Alert preferences and saved preferences: Retained until you remove them in the app or request deletion.
Anonymous device profile: Retained until you explicitly delete it via Settings → Privacy & data use → Delete saved data and reset.
Crash and diagnostic logs: Retained for up to 30 days for debugging purposes.
Local device data: Removed when you uninstall the app.

Section 4

Third-Party Services

The following third parties are involved in operating BorderSmart. Forecasts may combine public border wait-time data, historical patterns, server-side traffic context, and optional crossing reports.

U.S. CBP API

We fetch public wait-time data from the CBP public data feed. No user information is sent to CBP; these are read-only requests.

Google Routes API

Our backend uses Google Routes server-side to incorporate real-time traffic signals into crossing forecasts. The mobile app does not call Google directly, and no user identifiers are sent.

Google Mobile Ads (AdMob)

Displays banner ads to users who have not purchased the one-time ad-free upgrade. Ads are requested in non-personalized mode by default. The embedded AdMob SDK may still automatically process device or account identifiers, IP-derived general location, app interaction data, and diagnostics for ad delivery, measurement, analytics, and fraud prevention. BorderSmart also logs ad impression, load failure, and click events to its own analytics pipeline. Purchase the one-time ad-free upgrade to remove ads entirely.

RevenueCat

Manages in-app purchase entitlements. When you make a purchase, RevenueCat receives your anonymous app_user_id and the store transaction token from Apple or Google to verify your entitlement.

Expo / Push Notifications

If you enable push notifications, an Expo push token is registered with our API. Expo routes notifications through Apple APNs or Google FCM on our behalf.

Cloudflare

Our backend infrastructure runs on Cloudflare's network. Cloudflare processes request metadata (IP addresses, request times) as part of normal network operations.

Apple App Store / Google Play

These platforms handle app distribution and in-app purchases. They operate under their own privacy policies.

Section 5

Your Rights and Choices

Deleting your data: The fastest way is directly in the app: go to Settings → Privacy & data use and tap "Delete saved data and reset." This immediately removes your anonymous device profile, saved preferences, alerts, and push registration from our API and clears local storage on your device. Note that crossing contribution records are de-identified rather than deleted. You may also contact us to request deletion; we'll process it within 30 days.
Analytics and client errors: Usage analytics and client error logs are sent to our API by default so we can understand usage and diagnose issues.
Opting out of ads: You can remove banner ads entirely by purchasing the one-time ad-free upgrade within the app. Ads are served in non-personalized mode by default, so no extra action is required to avoid personalized advertising.
Push notifications: You can revoke push notification permissions at any time through your device's system settings (iOS: Settings → BorderSmart → Notifications; Android: Settings → Apps → BorderSmart → Notifications).

Section 6

Legal

California Consumer Privacy Act (CCPA): If you are a California resident, you have the right to know what personal information we collect, the right to request its deletion, and the right to opt out of the sale of your personal information. BorderSmart does not sell personal information. To exercise any CCPA right, contact us. We will respond to verifiable requests within 45 days.
Children's Privacy: BorderSmart is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.
Security: We use industry-standard measures to protect the data we store, including HTTPS/TLS in transit and access controls on our backend. No method of transmission or storage is 100% secure. We will notify affected users promptly in the event of a data breach that affects personal information.
Changes to This Policy: We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, provide notice within the app. Continued use of BorderSmart after changes are posted constitutes your acceptance of the updated policy.
Contact Us: Questions about this Privacy Policy or your data? Visit our support page for contact information. We respond to all privacy-related inquiries within a reasonable time.