Privacy Policy

Last updated: January 6, 2026

Introduction

Thru (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the “Service”).

Please read this privacy policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you create an account, we may collect:

  • Email address
  • Username and trail name
  • Profile photo (optional)
  • Password (encrypted)

Health and Fitness Data

With your explicit consent, we collect health data from connected services including:

  • Apple Health (HealthKit)
  • Google Fit
  • Garmin Connect

This data may include: steps, distance traveled, elevation gain/loss, heart rate, sleep duration and quality, and active calories burned.

Important: Health data is stored locally on your device and optionally synced to our secure cloud servers. We never sell health data to third parties or use it for advertising purposes.

Location Data

With your permission, we collect location data to:

  • Tag journal entries with location
  • Show your position on trail maps
  • Calculate trail progress
  • Enable Trail Intel features

User-Generated Content

We store content you create, including:

  • Journal entries and notes
  • Photos and images
  • Ratings (difficulty, scenery)
  • Gear lists and loadouts
  • Forum posts and comments
  • Direct messages

Automatically Collected Information

We automatically collect certain information when you use the Service:

  • Device type, operating system, and version
  • App version
  • Usage statistics and feature engagement
  • Crash reports and error logs
  • IP address (anonymized)

How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Sync your journal entries and data across devices
  • Enable social features (with your consent)
  • Send important service notifications
  • Respond to support requests
  • Analyze usage to improve user experience
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

With Your Consent

When you make journal entries public or share content with other users.

Service Providers

We work with trusted third-party service providers:

  • Supabase: Database hosting and authentication
  • Cloud Storage: Photo and backup storage
  • Analytics: App performance monitoring

Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of Thru, our users, or others.

Data Security

We implement appropriate security measures to protect your data:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest
  • Secure authentication practices
  • Regular security audits
  • Access controls and monitoring

Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time. Some data may be retained in anonymized form for analytics or as required by law.

Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and data
  • Export: Download your journal entries and photos
  • Withdraw Consent: Revoke permissions for health data or location access
  • Opt-Out: Disable optional features like social sharing

Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

European Privacy Rights (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to access, rectify, port, and erase your data, as well as the right to restrict and object to certain processing of your data. To exercise these rights, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: townsendhtanner@gmail.com
  • Phone: (919) 801-2934