This policy explains what data Convoy (“we”) collects, why we collect it, who we share it with, and how you can review or delete it. The goal of Convoy is to let a small group of people see each other on a shared map and talk over voice in real time. We only collect what is needed to make that work.
Data we collect
1. Account information
When you sign in with Google or Apple we receive your provider-issued user identifier, your name as provided to the sign-in service, your email address (where the provider includes it), and a profile picture URL when one is available. We use these to identify your account on subsequent launches and to label you in convoys. We do not receive or store your Google / Apple password.
2. Precise location
While you are inside an active convoy, the app continuously sends your latitude, longitude, heading, speed, and accuracy to our servers. Other members of the same convoy receive these values in real time so they can see you on the map. Location data is held in memory and broadcast to peers — it is not written to long-term storage on our backend.
Location is only collected while you are inside an active convoy. Leaving the room, force-closing the app, or revoking the system permission stops collection immediately.
3. Microphone audio
If you join voice chat, your microphone audio is streamed to our voice infrastructure (LiveKit) and relayed to the other members of the same convoy. Audio is not recorded, not transcribed, and not stored. The stream ends the moment you leave the room or close the app.
4. Convoy metadata
We persist the convoy code you create or join, your role within it (owner / member), and timestamps for joining, leaving, and being removed. This is required to determine who has access to which convoy and to render the “active convoys” list on the home page.
5. Push notification tokens
When you grant notification permission we register a device-specific push token with Expo’s push service. We use it only to deliver convoy-related notifications (e.g. a room ending, an emergency from another member). The token is revoked when you uninstall the app or sign out.
6. Feedback
Any feedback you submit through the in-app feedback form is stored alongside your user identifier (so we can follow up if needed) and the message text.
7. Diagnostic data
Our backend logs the standard request metadata you would expect from any web service: timestamp, request path, status code, and request duration. These logs include neither the contents of your messages nor your precise location.
Who we share data with
Convoy does not sell your personal data, ever. We share the minimum required with the following processors:
- Google / Apple — for sign-in. We exchange a short-lived ID token with them to authenticate you. We do not share your location, audio, or messages.
- Mapbox — renders the map and computes driving routes. Your latitude / longitude is sent to Mapbox while the app is displaying the map.
- LiveKit — relays voice audio between convoy members. Audio is transient and never recorded.
- Expo Push — delivers push notifications. Receives only the notification payload and your device token.
Retention
Account information, convoy metadata, and feedback are kept for as long as your account exists. Location coordinates and voice audio are not stored beyond live relaying. Push tokens are deleted when you sign out or uninstall.
Deleting your account
You can delete your account at any time from Settings → Delete account inside the app. Deletion:
- Immediately revokes your access — your existing session can no longer call our API.
- Ends every convoy you owned and removes you from convoys you had joined.
- Soft-deletes your account record so that an accidental deletion can be recovered for up to 30 days by contacting us at the address below. After 30 days the record and all derived data is permanently removed.
If you cannot reach the in-app deletion screen for any reason, email urboifox@gmail.com from the address on file and we will delete your account manually.
Children
Convoy is not directed at children under 13 and we do not knowingly collect data from anyone under that age. If you believe a child has created an account, contact us and we will remove it.
Your rights
Depending on where you live you may have the right to access, correct, port, or delete the personal data we hold about you, as well as the right to lodge a complaint with your local data-protection authority. Email us at the address below and we will respond within 30 days.
Security
All traffic between the app and our servers is encrypted in transit (TLS). Voice audio is encrypted by the LiveKit SDK. We do not store passwords because we do not use them — we rely entirely on Google / Apple sign-in.
Changes
If we make material changes to this policy we will publish the new version at this URL and surface a notice in the app on next launch. The “Effective” date above will reflect the current version.
Contact
Questions, requests, or account-deletion fallback: urboifox@gmail.com.