Privacy Policy
Politique de Confidentialité
Last updated / Dernière mise à jour: January 2026
Your Rights at a Glance / Vos Droits
🇬🇧 Under GDPR:
- Access your data
- Request correction
- Request deletion
- Export your data
🇫🇷 Sous le RGPD:
- Accéder à vos données
- Demander une correction
- Demander la suppression
- Exporter vos données
Exercise your rights in Settings or contact privacy@crospath.app
1. Introduction
CrossPath ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").
CrossPath is operated as a micro-entreprise registered in France. We process personal data in compliance with the General Data Protection Regulation (GDPR/RGPD) and the French "Informatique et Libertés" law.
Data Controller: CrossPath, contact: legal@crospath.app
2. Legal Basis for Processing / Base Légale
We process your personal data based on the following legal grounds:
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Account data (email, name) | Contract | Service provision |
| Profile photos | Consent | Profile display |
| Location data | Consent | Nearby matching |
| Messages | Contract | Communication |
| Analytics | Legitimate Interest | Service improvement |
3. Information We Collect
Personal Data
We collect information that you voluntarily provide when registering:
- Name and email address
- Date of birth and gender
- Nationality and spoken languages
- Profile photos
- Travel preferences and interests
- Current location and travel plans
Location Data
With your explicit consent, we collect location data to connect you with nearby travelers and activities. You can disable location services at any time through your device settings or in-app privacy controls.
Automatically Collected Data
We use privacy-focused analytics (Plausible) that do not track individuals or use cookies. We collect aggregate, anonymized data about usage patterns to improve the service.
4. How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Match you with compatible travelers
- Show relevant activities in your area
- Enable messaging between users
- Send important updates about the Service (transactional emails only)
- Improve and personalize your experience
- Ensure the safety and security of our community
5. Data Sharing & International Transfers
We do not sell your personal information. We may share your information with:
- Other users (as part of your public profile)
- Service providers who assist our operations (listed below)
- Law enforcement when required by law
Service Providers
- Supabase (Singapore) - Database and authentication
- Hostinger (Cyprus/EU) - Web hosting
- Cloudflare (US) - CDN and security
- Resend (US) - Transactional emails
- Plausible (EU) - Privacy-focused analytics
For transfers outside the EU/EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or adequacy decisions.
6. Your Rights (GDPR/RGPD)
Under GDPR/RGPD, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Data Portability: Export your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Lodge a Complaint: File a complaint with a supervisory authority
How to Exercise Your Rights:
- Export your data: Settings → Your Data → Export My Data
- Delete your account: Settings → Danger Zone → Delete Account
- Email: privacy@crospath.app
- French supervisory authority: CNIL
7. Data Retention
We retain your personal information for as long as your account is active. When you delete your account:
- Your data is anonymized immediately
- A 30-day recovery window is provided
- After 30 days, all personal data is permanently deleted
- Anonymized, aggregate data may be retained for analytics
8. Security
We implement appropriate technical and organizational measures to protect your data:
- All data encrypted in transit (TLS 1.3) and at rest
- Row Level Security (RLS) for database access control
- Regular security audits and updates
- Access logging and monitoring
9. Age Restriction
CrossPath is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe we have collected data from a minor, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights: