PRIVACY

Privacy Policy

This Privacy Policy describes how PASSPRT ("we", "us", "our") collects, uses, and shares information when you use the PASSPRT mobile application (the "App").By using PASSPRT, you agree to the practices described in this policy. If you do not agree, please do not use the App.

1. Who We Are
PASSPRT is operated by Hodl Labs Pty Ltd (ABN 96 625 524 754), an Australian proprietary limited company trading as PASSPRT.
‍Email: support@passprt.app
‍
‍2. Information We Collect
Information you give us
‍Account details: email address, username, and (optional) profile photo when you sign up.
‍Sign-in details: if you sign in with Google, we receive your email address and Google account identifier (we never receive your Google password). If you sign in with Apple, we receive the private Apple account identifier (the "sub" claim) and the email relay address you selected — we never receive your Apple ID password.
‍Profile information: full name, nationality, and bio if you choose to provide them.
‍Photos you share: if you choose to share or export a passport image, we use your permission to save that image to your device's Photo Library.
Photo Library scanning (Redeem Stamps feature)If you tap Redeem Stamps in the App and grant photo-library access, PASSPRT reads the location metadata only (GPS coordinates and timestamps) from photos and videos in your library. We use that metadata to find places you've already been and add matching stamps to your passport.Your photos themselves never leave your device. We do not upload, view, or store the photos. Only the GPS coordinates and timestamps are sent to our servers, and only to match them against PASSPRT's place catalog.
‍
‍You can opt out at any time by revoking photo library access in iOS Settings → Privacy → Photos → PASSPRT.

‍Coordinates we send are deleted after matching is complete.
Information we collect automatically
‍Location: when you open the App and use features that require it (such as scanning a stamp), we request your device's approximate location to verify you are near the place you're checking in at. Location is only accessed while you are actively using the App — never in the background.
‍
‍Stamp records: when you collect a stamp, we store the place identifier, city, country, and time of collection against your account. This is how your passport stamps are earned and displayed.
‍Device information: basic information about the device and operating system version, used for crash reports and debugging.
‍
‍Usage events (analytics): we use PostHog to collect anonymised events about which features you use (e.g. opened the map, completed a scan, collected a stamp) so we can understand which parts of PASSPRT work well and which need improvement. Events include your account ID, app version, device type (iOS/Android), and the action taken — never the contents of your messages or any private content. We do not use this data for advertising and do not share it with advertising networks.
‍
‍Guest device identifier: if you use the App as a guest (without signing up), we generate a random identifier on your device to remember your guest session and any stamps you collect so you can claim them later by signing up. This identifier is a random string with no link to your real identity and is removed if you delete the App.Information we do NOT collectWe do not track your location in the background.We do not track you across other apps or websites.We do not sell your personal data.We do not use third-party advertising networks.We do not access your photos themselves — only their GPS metadata, and only when you explicitly use Redeem Stamps.

3. How We Use Your Information
We use the information we collect to:Create and maintain your PASSPRT accountVerify check-ins and award the correct stampsMatch imported photo metadata against the PASSPRT place catalog (Redeem Stamps feature)
Display your passport, collected stamps, and visited places in the AppShow aggregated, non-personal information (e.g. popular places, featured cities) to other usersImprove the App and fix bugsCommunicate with you about your account or important App updatesWe do not use your data for advertising or sell it to third parties.4. Sharing Your Information
We share information only in these limited cases:
‍
‍With other PASSPRT users: your username, profile photo, and public passport / stamps are visible to other users of the App. You control what appears on your public profile via Profile → Settings → Privacy.

‍Service providers: we use trusted third-party services to run PASSPRT, including:Cloudflare (hosting and database)Google (Sign-In, Maps, and Places APIs)Apple (App Store and Sign in with Apple)PostHog (product analytics — anonymised usage events; no advertising, no data sale)Resend / Omnisend (transactional email — verification codes, password resets)

‍Legal requirements: we may disclose information if required by law, court order, or to protect the rights and safety of PASSPRT users.We never sell your personal information to advertisers or data brokers.

5. Data RetentionWe keep your account data for as long as your PASSPRT account is active.If you delete your account, we remove your personal profile data and check-in history from our systems within 30 days, except where we are legally required to retain certain records.Anonymised, aggregated data (e.g. total stamps issued, popular places) may be retained indefinitely.

6. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:
‍Access: request a copy of the data we hold about you.
‍Correction: ask us to correct inaccurate data.
‍Deletion: delete your account and personal data directly in the App via Profile → Settings → Delete account, or by emailing support@passprt.app.

‍Portability: request an export of your data.

‍Objection: object to certain uses of your data.
To exercise any of these rights, email us at support@passprt.app. We will respond within 30 days.

7. Children's Privacy
PASSPRT is not intended for children under 13 (or under 16 in some regions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. Security
We take reasonable technical and organisational measures to protect your data, including:Encryption of data in transit (HTTPS)Secure cloud infrastructure (Cloudflare)Limited internal access to user dataNo system is 100% secure. We cannot guarantee the absolute security of your data but we take the protection of it seriously.

9. International Users

PASSPRT is operated from Australia. If you use the App from outside Australia, your information will be transferred to and processed in Australia (and in other countries where our service providers, such as Cloudflare and Google, operate). By using PASSPRT you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you in the App or by email before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

11. Contact Us
Questions about this Privacy Policy?

‍Email: support@passprt.app