Mile-Shift Privacy Policy
Mile-Shift is a local-first mileage and shift-tracking app with optional cloud features. This document describes exactly what data the app handles, where it is stored, and what network access the app uses.
TL;DR
- Without signing in: zero data leaves your phone. The app works fully offline.
- With sign-in (optional): we store the minimum needed to back up trips across devices, run the trial timer reliably, process subscription payments, and operate the referral program. We never sell your data.
What we collect — by mode
Anonymous mode (no account)
Nothing. The app does not contact our servers at all. No trip data, GPS coordinates, addresses, or device identifiers are sent anywhere.
Signed-in mode (optional, only if you create an account or sign in)
To deliver cloud-sync, server-anchored trial validation, subscription billing, and the referral program, we store the following on AWS infrastructure operated by us in the United States (us-east-1):
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account identifier; verification & password reset | Until account deletion |
| Cognito user ID (UUID, not your name) | Stable identity across email changes | Until account deletion |
| Trial start timestamp | Server-anchored 30-day trial — prevents reinstall reset | Until account deletion |
| Subscription state (active / expired / refunded) | Entitlement check on app launch | Until account deletion + 7 years (tax/billing audit) |
| App Store / Google Play transaction ID | Validates that you really paid; handles refunds | Until account deletion + 7 years |
| Referral code + referrer/referee links | Awards $10 per qualifying paid referral | Until account deletion |
Authentication method (apple / google / email) | Analytics on sign-in flow | Until account deletion |
We do not store: GPS trip data, addresses, trip purposes, working hours, mileage history, or any of your driving behavior. Those stay on your device.
Where your data lives
On your device
All trip data, shift data, addresses, and preferences are stored in a SQLite database inside the app's sandbox:
- iOS:
~/Library/LocalDatabase/mileshift.db - Android:
/data/data/app.mileshift.mobile/databases/mileshift.db
On Android, this file is included in Android Auto Backup to your own Google Drive — Google's own privacy policy applies to that copy. You can disable Auto Backup in your device's Settings.
On our servers (signed-in mode only)
- DynamoDB in AWS region
us-east-1— the table holds the rows listed above (one row per user, plus billing audit history). - Cognito User Pool in AWS region
us-east-1— your email + hashed password + sign-in metadata. - CloudWatch Logs — request logs (no trip data) for debugging, retention 30 days.
We do not use any third-party analytics, ad networks, or tracking SDKs.
Federated sign-in
If you sign in with Apple or Google, those providers send us only your email address — never your name, profile photo, contacts, or social graph. Each provider's own privacy policy governs what they share with us:
Subscription billing
Apple and Google process all subscription payments. We never see your credit card or bank details. They send us only:
- A signed receipt confirming the purchase
- The product ID (yearly or monthly)
- The transaction ID
- The expiration / renewal date
Refunds and cancellations are managed entirely through your App Store or Google Play account.
Referral program
If you share your invite code, we store the link between your Cognito user ID and the new user's Cognito user ID, so that we can credit your account when they pay. We do not collect or share the new user's email address with you, or vice-versa. Self-referral and duplicate-edge attempts are detected and rejected.
The $10 referral payout (currently issued as in-app credit; payout mechanism subject to change) is awarded only on the new user's first qualifying paid subscription.
Permissions the app requests
| Permission | Why | When |
|---|---|---|
| Location (When-In-Use) | Draw your current location on the Today map; record GPS during a manually-started trip. | First time you tap Start trip or open the Today screen. |
| Location (Always) | Detect drives automatically without you having to open the app. | Only when you toggle Auto-detect drives on in Settings. |
| Motion & Fitness (iOS) / Activity Recognition (Android) | Distinguish driving from walking/cycling so we don't record a walk as a trip. | Only when Auto-detect is on. |
| Notifications | Show a small indicator while a drive is being recorded (Android), and trial / billing alerts. | Only after you opt in. |
GPS data is never transmitted off-device.
Reverse-geocoding (address lookup)
When a drive ends, the trip-end notification shows a short "Origin → Destination" line (e.g., "Oak & Main → Pearson Airport"). To convert your start/end GPS points into those readable labels, the app calls your operating system's built-in geocoder:
- Android:
android.location.Geocoder, which Android's own Location Services resolve. We hand the coordinates to that system API, never to a third-party server we operate. - iOS:
CLGeocoder, Apple's built-in geocoder, when iOS background detection ships.
We never store the resolved address, and we never send it off-device. The address is rendered into the notification body and discarded. If the geocoder is unavailable or times out (2-second budget), the notification falls back to the distance-only body without retrying.
What the app exports
You remain in full control of every export:
- Backup → Export in Settings hands a JSON copy of your trip data to your phone's share sheet. You decide what happens next (Files, AirDrop, email).
- CSV export in the Reports tab writes a spreadsheet to your share sheet. Same flow.
We don't see what you do with the file after that.
Account deletion
You can delete your account at any time from Settings → Account → Delete account. On confirmation:
- Your Cognito user record is permanently removed.
- All Mile-Shift DynamoDB rows tied to your sub (trial, subscription audit history, referral data) are deleted within 30 days.
- Trip data on your device is not affected — the app keeps working offline.
Active subscriptions must be cancelled separately through your App Store or Google Play account, since we don't control those billing relationships.
Children
Mile-Shift is not intended for anyone under 13.
Changes to this policy
We will surface any material change in the app before it takes effect. The version date at the top of this document is authoritative.
Contact
Questions about this policy: privacy@mile-shift.com