The short version
On The Dot reads your Google Calendar events and uses your location to fetch real-time traffic estimates. Your data is never sold, never shared with advertisers, and never stored on our servers. Everything stays on your device except the traffic query sent to our routing backend.
What data the app accesses
Google account identity (name, email, user ID)
When you sign in with Google, the OAuth ID token contains your name, email address, and an opaque Google user ID (sub claim).
The token is attached as an Authorization: Bearer header on requests to our routing backend so the backend can authenticate the call.
Your name and email are validated in-memory and then discarded — they are not stored server-side.
Your opaque Google user ID is stored in our database (AWS DynamoDB) solely to enforce per-user daily rate limits on traffic API calls. This ID cannot be used to look up your name, email, or any other personal information.
Purchase history (On The Dot Pro)
If you buy the one-time On The Dot Pro unlock, the transaction is processed directly through the App Store (iOS) or Google Play Billing (Android). No third-party purchase middleware is used. We do not receive your payment method or billing address. A local record of your Pro status is cached on your device to avoid unnecessary store checks. Purchase records are retained by Apple under Apple's Privacy Policy and by Google Play under Google's Privacy Policy.
Device identifiers
Firebase Crashlytics generates a random installation ID tied to the app install (not to you personally) to group crash reports. This ID resets when the app is reinstalled and is never used for advertising.
Google Calendar events
The app reads your upcoming calendar events (title, start time, end time, location) via the Google Calendar API using OAuth 2.0. This data is read-only — the app never creates, modifies, or deletes events. Event data is stored only in your device's memory while the app is running and is never uploaded to our servers.
Location
The app requests your device location (or uses a home address you enter manually) as the origin for traffic calculations. Your location is used only to request a travel-time estimate from our routing backend. It is not stored, logged, or associated with your identity.
Event location / destination
The destination address from your calendar event is sent to our routing backend to calculate drive time. This request contains only the origin coordinates and destination string — no account identifiers or personal details.
App preferences
Settings such as your prep time, arrival buffer, and home address are stored locally on your device using encrypted storage. They are never transmitted to any server.
How your data is used
- ✓ Calendar events are read to determine which events need departure alerts.
- ✓ Your location and event destination are sent to our routing backend (AWS Lambda proxy) solely to calculate a live travel-time estimate.
- ✓ Traffic estimates are displayed in the app and used to time your departure notifications. Drive times are not stored or logged — they are used only for the current session.
- ✓ We use Firebase Crashlytics to collect anonymous crash reports (device model, OS version, app version, stack traces) to improve app stability. This data does not identify you personally and is never used for advertising.
- ✗ We do not sell, share, or license your data to any third party.
- ✗ We do not display advertising.
Third-party services
Google Calendar API
Used to read your calendar events. Governed by Google's Privacy Policy. Access can be revoked at any time at myaccount.google.com/permissions.
Google Maps (Android) / Apple Maps (iOS)
Used via a backend proxy to calculate travel time. On Android, requests are routed through our AWS Lambda proxy so your Google Maps API key is never exposed in the app. On iOS, MapKit is called on-device. No user identity is transmitted.
AWS Lambda (routing proxy) & DynamoDB
Our backend proxy receives an origin coordinate, a destination string, and your Google user ID token to fetch a travel-time estimate. The same backend also verifies your Pro entitlement status: on app launch we send your Google ID token to confirm whether your account holds the On The Dot Pro unlock. Your opaque Google user ID is stored in AWS DynamoDB solely to enforce daily rate limits — no other personal data is stored, and your email is never retained server-side. Standard server logs may be retained for a limited period for security and reliability purposes, after which they are automatically deleted.
Firebase Crashlytics
Used to collect anonymous crash reports (device model, OS version, app version, stack traces) to diagnose and fix bugs. No personally identifiable information is included in crash reports. Governed by Firebase's Privacy Policy.
Apple App Store / Google Play Store
Process in-app purchases directly using native StoreKit (iOS) and Google Play Billing (Android). No third-party purchase middleware is used. Apple or Google handle your payment details — we never see your name, email, or payment information.
Data retention & deletion
Calendar data is held only in device memory while the app is open and is never uploaded to our servers. Preferences are stored locally on your device. Your opaque Google user ID and daily request count are stored in AWS DynamoDB for rate limiting; these records are automatically overwritten each day and are not used for any other purpose. To delete all locally stored data, use Settings → Delete My Data inside the app, or uninstall the app. To revoke Google Calendar access, visit myaccount.google.com/permissions and remove On The Dot.
Google API Services User Data Policy
On The Dot's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Legal basis for processing (EU/EEA users)
Under GDPR Article 6, we process your data on the following legal bases:
- • Consent (Art. 6(1)(a)): You grant explicit consent when you authorise calendar access via Google OAuth or Apple Calendar permissions. You may withdraw consent at any time by revoking access in your device or Google account settings.
- • Contract performance (Art. 6(1)(b)): Processing your location and calendar data is necessary to deliver the departure alerts you purchased.
- • Legitimate interests (Art. 6(1)(f)): Crash reports are collected to maintain app stability and fix bugs. This processing is minimal, anonymous, and does not override your privacy rights.
Children's privacy
On The Dot is not directed at children under 13. We do not knowingly collect any information from children.
Changes to this policy
If we make material changes to this policy, we will update the "Last updated" date above and notify you in-app. For EU/EEA users, material changes that alter the scope or purpose of data processing will require fresh consent where applicable.
Contact
Questions about this privacy policy? Email us at [email protected].