Signed in as:
filler@godaddy.com
Signed in as:
filler@godaddy.com
READY2ROAM
PRIVACY POLICY
Version 2.3 | Effective March 2026
Applies To: Worldwide (App Store); AU/NZ (Google Play)
Primary Jurisdiction: New South Wales, Australia
ABN: 78 694 741 636
1. INTRODUCTION AND COMMITMENT TO PRIVACY
Ready2Roam ("App", "we", "us", "our") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
The App is distributed worldwide on the Apple App Store and in Australia and New Zealand on Google Play. Accordingly, this policy is intended to comply with applicable privacy laws across all regions where the App is available, including (but not limited to):
- Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) - primary jurisdiction
- New Zealand Privacy Act 2020 - for NZ users
- EU General Data Protection Regulation (GDPR) - for users in the EU and EEA
- UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 - for UK users
- California Consumer Privacy Act (CCPA) - for California, USA users
- Personal Information Protection and Electronic Documents Act (PIPEDA) - for Canadian users
Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use the App.
2. INFORMATION WE COLLECT
2.1 Personal Information
- Email address (for account creation)
- Name (optional)
- Profile photo (optional)
2.2 Financial Data
Your financial data (expenses, income, trip budgets, scenarios) is stored on your device and automatically backed up to secure cloud servers when you are signed in. We do NOT have access to your specific financial details.
2.3 Cloud Backup and Sync
When you are signed in, your data is automatically backed up to secure cloud servers powered by Google Firebase. Your data is encrypted in transit using TLS 1.3 and encrypted at rest using Google Cloud's built-in encryption. Access to your data is protected by your authentication credentials. We do not access, review, or use your financial data for any purpose. Only authenticated sessions linked to your account can retrieve your data.
2.4 Usage and Analytics Data
We collect anonymised, aggregated analytics data including:
- App features used (e.g., "expense logged") without any associated values
- Device type, operating system version, and app version
- Crash reports and error logs (no personal or financial data included)
- Session duration and general usage patterns
We do NOT collect or transmit actual financial values (income amounts, expense amounts, budget figures, savings balances) to any analytics system.
2.5 Location Data
The App may request access to your device's location to assist with map features and expense tagging. Location access is optional and requested at runtime. You can revoke location access at any time in your device settings.
2.6 Technical Data
- Device identifiers (for crash reporting and analytics)
- IP address (for security and fraud prevention)
- Authentication tokens (managed securely by Firebase Auth)
3. HOW WE USE YOUR PERSONAL INFORMATION
3.1 Service Delivery and Functionality
- Providing you with access to the App and its features
- Processing and performing calculations based on your input data
- Generating financial modelling scenarios and projections
- Displaying maps, points of interest, and route information
- Storing your preferences and saved scenarios
- Providing cloud backup and sync to protect your data and enable cross-device access
3.2 Technical Operations and Support
- Troubleshooting technical issues and errors
- Monitoring app performance, stability, and security
- Conducting crash analysis and error reporting
- Providing customer support and responding to your inquiries
- Debugging and improving app functionality
3.3 Analytics and Improvement
- Understanding how you use the App
- Analysing user behaviour to improve features and user experience
- Identifying technical problems and areas for enhancement
- Measuring feature adoption and effectiveness
3.4 Lawful Basis for Processing (GDPR/UK GDPR)
For users in the EU, EEA, and UK, we process personal data under the following lawful bases:
Contract Performance (Art. 6(1)(b)): Account creation and management; cloud sync and backup; subscription management.
Legitimate Interests (Art. 6(1)(f)): App performance monitoring; crash reporting; security; anonymised analytics to improve the App.
Consent (Art. 6(1)(a)): Precise GPS location access (requested at runtime); optional analytics if a consent mechanism is presented.
Legal Obligation (Art. 6(1)(c)): Compliance with applicable law; response to lawful legal orders.
4. DATA STORAGE AND SECURITY
4.1 Storage Architecture
Your data is stored using a dual-storage approach:
- Local Storage: All data is stored on your device using an encrypted local database, enabling full offline functionality.
- Cloud Backup: When signed in, data is automatically synchronised to Google Firebase servers located in Australia (australia-southeast1 region).
Note for EU and UK users: Currently, all user data is stored in Google Firebase's australia-southeast1 (Sydney) region. This includes data from EU and UK users. This transfer is covered by Standard Contractual Clauses (SCCs) between Ready2Roam and Google. A dedicated EU Firebase region is planned for a future release to provide EU-local data residency.
4.2 Security Measures
- Local Storage: AES-256 encryption via SQLCipher
- Cloud Storage: Google Cloud server-side encryption for all Firestore data
- Data in Transit: TLS 1.3 for all API calls
- Authentication: Firebase Auth with Apple, Google, and email sign-in
- Key Management: Encryption keys stored in iOS Keychain / Android Keystore
4.3 Data Retention
- Local data remains on your device until you delete it or delete your account
- Cloud data is retained while your account is active
- Upon account deletion, all cloud data is permanently deleted within 30 days
- Anonymised analytics data may be retained indefinitely
5. DATA SHARING AND DISCLOSURE
We do NOT sell your personal information to third parties under any circumstances.
We may share limited data with:
- Google Firebase: Cloud infrastructure provider (data processing agreement in place; SCCs apply for EU/UK transfers)
- RevenueCat: Subscription management (receives only subscription status, not financial data)
- Apple/Google: App Store payment processing for subscriptions
- Analytics providers (Firebase Analytics, Crashlytics): Anonymised usage and crash data only (no financial values)
- Mapbox: Map rendering and geocoding (receives map viewport coordinates; no financial data)
Law enforcement and regulatory disclosure:
We may disclose personal information to law enforcement, government authorities, or regulatory bodies where we are required to do so by applicable law or a valid legal order from a competent authority in any applicable jurisdiction, including Australian, New Zealand, EU/EEA member state, UK, US, and Canadian authorities as applicable. We will, where lawfully permitted, notify you of such requests.
6. YOUR RIGHTS
Under the Australian Privacy Principles (and as expanded for users in other jurisdictions - see Section 13), you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Delete your account and all associated data through the App
- Data Export: Export your data in standard formats from within the App
- Opt-out: Disable analytics collection in App settings
- Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
Users in other jurisdictions have additional rights - please refer to Section 13 for details specific to your region.
7. SUBSCRIPTION MANAGEMENT
If you subscribe to a paid plan (Explorer or Nomad Pro), your subscription is managed by Apple (App Store) or Google (Play Store), not by Ready2Roam. Important points:
- We do not have access to your payment card details
- Subscription cancellation must be done through your Apple ID or Google Play settings
- Deleting your Ready2Roam account does NOT automatically cancel your subscription
- You are responsible for cancelling your subscription separately to avoid continued charges
- Refund requests must be directed to Apple or Google, not to Ready2Roam
8. AGE REQUIREMENT
Ready2Roam is designed for users aged 18 years and older. By creating an account and using the App, you confirm that you are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly.
9. CHILDREN'S PRIVACY
The App is not intended for children under 18 years of age. We do not knowingly collect, use, or disclose personal information from children. If a parent or guardian becomes aware that their child has provided us with personal information, they should contact us at support@ready2roam.com.au.
10. INTERNATIONAL DATA TRANSFERS
Your data is primarily stored on Google Firebase servers in the australia-southeast1 (Sydney) region. Some anonymised analytics and crash data may be processed by third-party providers (e.g., Firebase Analytics servers operated by Google in the US) in other jurisdictions.
Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable privacy law. For EU and UK users, international transfers from the EU/EEA and UK are covered by Standard Contractual Clauses (SCCs) entered into between Ready2Roam and Google LLC as data processor. A copy of Google's applicable SCCs is available at https://cloud.google.com/terms/sccs.
For NZ users, transfers to Australia are subject to the Trans-Tasman mutual recognition framework. Ready2Roam acknowledges its obligations to NZ users under the NZ Privacy Act 2020 as set out in Section 13.1.
11. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Displaying a notice within the App
- Requiring re-acceptance for significant changes
- Updating the version number and effective date
Your continued use of the App after changes constitutes acceptance of the updated policy.
12. CONTACT US
If you have questions about this Privacy Policy or wish to exercise your rights, contact us:
- Email: support@ready2roam.com.au
- Business Name: Ready2Roam
- ABN: 78 694 741 636
- Jurisdiction: New South Wales, Australia
For privacy complaints, you may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. Users in other jurisdictions may contact their applicable supervisory authority as described in Section 13.
13. INTERNATIONAL USERS AND REGIONAL RIGHTS
Ready2Roam is distributed worldwide on the Apple App Store. The following subsections describe the additional rights and obligations that apply to users in specific regions, in addition to the general provisions of this policy.
13.1 New Zealand
Ready2Roam is operated by an Australian entity (ABN 78 694 741 636) and is distributed in New Zealand. NZ users' personal information is handled in accordance with the New Zealand Privacy Act 2020 where applicable, in addition to the Australian Privacy Principles.
Key points for NZ users:
- The NZ Privacy Act 2020 sets out 13 Information Privacy Principles that govern how personal information is collected, stored, used, and disclosed
- Ready2Roam applies these principles to NZ user data to the extent they are consistent with our existing obligations under the Australian Privacy Act 1988
- The Privacy Commissioner of New Zealand has jurisdiction to investigate complaints from NZ users. You may contact the Privacy Commissioner at www.privacy.org.nz
- Transfers of your data to Australia (for cloud storage in Firebase) are governed by the Trans-Tasman data flows framework
- Contact for NZ privacy enquiries: support@ready2roam.com.au
13.2 European Union and European Economic Area (GDPR)
If you are located in the EU or EEA, the General Data Protection Regulation (EU) 2016/679 (GDPR) applies to your personal data. In addition to the rights described in Section 6, you have the following rights under the GDPR:
Right of Access (Art. 15): Obtain a copy of personal data we hold about you and information on how it is processed.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17): Request deletion of personal data where it is no longer necessary, consent is withdrawn, or processing is unlawful.
Right to Restriction (Art. 18): Request that processing be restricted in certain circumstances while accuracy is contested or objection is pending.
Right to Data Portability (Art. 20): Receive your personal data in a structured, machine-readable format for transfer to another controller.
Right to Object (Art. 21): Object to processing based on legitimate interests. We will cease unless we demonstrate compelling legitimate grounds.
Right to Lodge Complaint: Lodge a complaint with your member state supervisory authority (e.g., CNIL in France, BfDI in Germany).
Lawful basis: As described in Section 3.4, we process personal data on the bases of contract performance, legitimate interests, consent, and legal obligation. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Data transfers: Personal data is currently stored in Google Firebase's australia-southeast1 region. This transfer from the EU/EEA to Australia is made under Standard Contractual Clauses (SCCs). Australia is not currently an EU-designated adequate country; accordingly SCCs are required and are in place.
13.3 United Kingdom (UK GDPR)
If you are located in the United Kingdom, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 apply. The UK GDPR is broadly equivalent to the EU GDPR but is a distinct regulation following the UK's departure from the EU. The Information Commissioner's Office (ICO) is the UK supervisory authority.
UK users have the same rights as EU users described in Section 13.2, exercisable under UK GDPR rather than EU GDPR. Key UK-specific points:
- The ICO is your supervisory authority. You may lodge a complaint at www.ico.org.uk
- International transfers from the UK are governed by the UK's International Data Transfer Agreement (IDTA) framework. Transfers of UK user data to Australia use Google's IDTA-compliant processing terms
- The UK has recognised Australia as providing adequate protection through its adequacy regulations for certain transfers; additional safeguards are maintained for Firestore processing
13.4 United States - California (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) may apply to your personal information.
Categories of personal information we collect (in the preceding 12 months):
- Identifiers: email address, name (optional), IP address, device identifiers
- Internet or other electronic network activity: app usage, feature interaction, crash logs
- Geolocation data: approximate (IP-based) and precise (GPS, if permission granted)
- Inferences: anonymised usage patterns derived from app interaction
Sale of personal information: We do not sell, rent, or share your personal information with third parties for monetary consideration or other valuable consideration as defined under the CCPA.
Your California privacy rights:
- Right to Know: You may request disclosure of personal information collected, used, disclosed, or sold about you in the past 12 months
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions
- Right to Correct: You may request correction of inaccurate personal information
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out is required but you may contact us to confirm this at any time
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights
To exercise your California rights, contact us at support@ready2roam.com.au. We will respond within 45 days of a verifiable consumer request.
Law enforcement disclosures: Ready2Roam may be required to disclose personal information in response to lawful requests from US government authorities, including to meet national security or law enforcement requirements. We will, where legally permitted, notify affected users.
13.5 Canada (PIPEDA)
If you are located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws may govern the collection, use, and disclosure of your personal information. Key provisions:
- We collect, use, and disclose personal information with your knowledge and consent (express or implied), or as otherwise permitted by law
- You may access and correct your personal information by contacting us at support@ready2roam.com.au
- Personal information is transferred to Australia for cloud storage. Such international transfers are made under contractual protections consistent with PIPEDA Schedule 1 Principle 7
- You may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca
Version 2.3 | Effective March 2026 | Last Updated: March 2026
Document Type: Privacy Policy | Replaces v2.2 | ready2roam.app