Privacy Policy

Your flights, not your life.

Last updated: 16 June 2026

TiToLeave is built to know one thing well: when you should leave for the airport. It is pseudonymous by design. There are no accounts. We never ask for your name, email, or phone number. The main identifier is a random per-install ID; the only exception is Apple's advertising identifier, which we use solely to measure our ads and only if you allow it (see Advertising & measurement). Everything sensitive is processed on your device. Our servers see flight logistics, not lives.

This policy explains exactly what TiToLeave collects, why, where it goes, and the control you have over it.

Who we are

TiToLeave ("we", "us", "the app") is an iOS application operated by an independent developer. For any privacy question or request, contact support@titoleave.com.

What we collect

DataWhat it is
Install IDA random identifier created the first time you open the app. It is not your name, email, or device hardware ID, and it is not shared across apps. It is how your trips stay yours without an account.
Trip detailsFlight number, route, scheduled times, your computed Leave-By and the buffers behind it, the leaving point you pin (its coordinates and place name), and your "left" / "arrived" / "how it felt" markers.
Onboarding answersIf you complete the intro questions (flights per year, traveler type, how you book, buffer habit), we store those answers to tune the product.
Device basicsLanguage, country, and app / OS version, so the app works in your locale and we can debug.
Subscription statusYour purchase is handled by Apple. We store a transaction identifier Apple gives us to know whether your subscription is active. We never see your card or Apple ID.
Advertising identifier (only if you allow it)If you permit tracking when iOS asks, we use Apple's advertising identifier (IDFA) only to measure which ad brought you to TiToLeave. If you decline, we don't use it. We never use it to profile you or to track what you do in other apps. See Advertising & measurement.

Location: read this part

Location is the most sensitive thing a travel app touches, so we are precise about it:

What we deliberately do NOT collect

To be unambiguous, TiToLeave does not collect any of the following:

How we use what we collect

Advertising & measurement

We run ads (for example on Facebook and Instagram) to find new travelers. To know which ads actually work, we share a small set of conversion events with Meta Platforms, Inc.: that an install happened, that a free trial started, and that a subscription began. This lets us measure cost per customer and stop wasting money on ads that don't land.

Who processes your data

ServiceWhat they handle
AppleMaps drive-time queries, App Store purchases, and push notifications. First-party, under Apple's terms.
SupabaseOur database and backend (a processor acting on our instructions). Holds the trip mirror and logs described above, protected by row-level security so rows are scoped to your install. Hosted in the Tokyo region (see transfers below).
PostHogProduct analytics. Receives a defined set of usage events and your onboarding answers, keyed to your install ID. No automatic screen capture, no session recording, no autocapture. Debug builds send nothing.
Meta (Facebook / Instagram)Advertising measurement. Receives the conversion events above (install, trial, subscription) and, only with your permission, your advertising identifier, to attribute them to ads. Never your trips or location. See Advertising & measurement.
Flight-data providerTo fetch live flight status we send flight numbers and dates only, never any identifier tied to you.
SuperwallUsed to present and experiment with the subscription screen. Sees paywall interactions, not your trips.

Where your data lives & transfers

Our database is hosted in Japan, which holds a full EU adequacy decision, so data of EU users is processed lawfully without additional transfer mechanisms. Apple and Superwall operate under their own data-processing terms. Analytics (PostHog) currently runs on US infrastructure under its EU–US Data Privacy Framework certification. Advertising measurement (Meta) is processed in the United States under Meta's standard data-processing terms; as noted above, this measurement does not run for EU/EEA or UK users until a separate consent step is in place.

How long we keep it

Legal bases (EU / UK)

Where the GDPR or UK GDPR applies, we rely on these legal bases:

Your rights & control

We never sell your personal information. The only data we share for advertising is the limited set of conversion events described under Advertising & measurement, and only with your permission. We do not build advertising profiles of you or track your behaviour across other companies' apps and sites. You have the right to:

We don't discriminate against you for exercising any of these rights.

Europe & the UK (GDPR / UK GDPR)

The data controller is the independent developer who operates TiToLeave; reach us at support@titoleave.com. You have all the rights above, plus the right to lodge a complaint with your local data-protection authority. International transfers are covered by the adequacy decision noted under "Where your data lives". Advertising tracking does not run for EU/EEA or UK users until a separate consent mechanism is in place.

California & other US states (CCPA / CPRA)

In the past 12 months we collect these categories: identifiers (a random install ID, and — only with your permission — Apple's advertising identifier), internet or app activity (usage events), geolocation (only the leaving point you pin), and commercial information (subscription status). We do not sell personal information. We "share" (in the CPRA sense, for advertising measurement) only the limited conversion events described under Advertising & measurement, and only if you allow tracking. You can opt out at any time by declining or turning off tracking in iOS Settings, or by emailing support@titoleave.com. You also have the right to know, delete, and correct your data, and we do not discriminate for exercising it.

India (DPDP Act, 2023)

We process your data with notice and, where required, your consent, which you can withdraw anytime. You have the right to access, correct, and erase your data, to grievance redressal, and to nominate someone to exercise your rights on your behalf. Our grievance contact is support@titoleave.com; we aim to resolve grievances promptly.

Diagnostics

The app keeps a local diagnostic log to help fix problems. It stays on your device and is only ever sent to us if you tap "Email diagnostics" in Settings. It rotates automatically and is capped to a few days.

Security

Data in transit is encrypted. Server rows are owner-scoped with row-level security so one install can never read another's. Sensitive parsing (boarding passes, calendar) happens on-device.

Children

TiToLeave is not directed at children and is not intended for use by anyone under the age required to hold an Apple account in their country.

Changes

If we change this policy we'll update the date above and, for material changes, surface it in the app.

Contact

Questions or requests: support@titoleave.com.

© 2026 TiToLeave Home Terms Support