Effective date: 2026-06-07 Last updated: 2026-06-07
This Privacy Policy explains how the ZenDriver mobile application (the "App") collects, uses, shares, and protects information when you use it. The App is provided by Evgenii Zhulkov, an independent developer operating under the trade name "ZenDriver" ("ZenDriver", "we", "us", or "our").
We have designed ZenDriver to be privacy-respecting by default: you do not need to create an account, we do not ask for your name or email address, and the raw motion data captured during your drive never leaves your device. The sections below describe in detail what we do and do not collect.
1. Summary at a Glance
| What | Where it lives | Why we have it |
|---|---|---|
| Driving sessions (duration, distance, carefulness score, harsh-event counts) | On your device | Show your history and let you review past drives |
| Raw accelerometer / gyroscope readings | On your device only — never uploaded | Compute the score in real time during the session |
| Approximate location (GPS) | On your device during the session; start-of-session coordinates and a country code may be uploaded | Calculate speed; tag sessions with a region for aggregated analytics |
| Anonymous installation ID, cohort, app version, locale | On your device and on our analytics / sync services | Understand product usage in aggregate |
| Subscription status | Handled by Apple / Google and RevenueCat | Unlock paid features |
| Crash and error reports | Sent to our error-monitoring service | Diagnose and fix bugs |
We do not collect your name, email address, phone number, contact list, photos, microphone, or advertising identifier. We do not sell or rent your information, and we do not use it to serve targeted advertising.
2. Information We Collect
2.1 Information you provide
The App does not require an account. You may choose to contact us by email (see Section 11) — when you do, we receive the information you include in that message.
2.2 Information collected automatically
When you use the App, we and/or the third-party services listed in Section 4 may automatically collect:
- Device motion data. Accelerometer and gyroscope readings are read while a driving session is active. These are processed locally to compute speed, acceleration, steering, and the carefulness score. Raw readings are not transmitted off your device. A coarse, downsampled summary of motion samples for a completed session may be uploaded to our cloud sync service if the trip exceeds a minimum duration and distance (see Section 4.3).
- Location data. With your permission, the App reads your GPS location during a driving session to estimate vehicle speed and to determine the country in which the session began. The start-of-session latitude and longitude and a country code may be uploaded with completed sessions. We do not record a continuous location track and we do not store location while you are not in an active session.
- Anonymous identifiers. On first launch, the App generates a random installation UUID and a cohort identifier (based on first-launch date). These identifiers are not tied to your real-world identity and are not shared across other apps on your device.
- Device and app metadata. App version, platform language, locale country, device type, and operating-system version are collected for analytics and error reporting.
- Usage events. Anonymous events such as "session started", "session stopped" (with duration, distance, score, and harsh-event counts), "paywall shown", "subscription purchased", and "onboarding completed". These events do not include raw motion or detailed location data.
- Crash and error reports. If the App crashes or encounters an error, technical diagnostics (stack trace, device model, OS version, app state) are sent to our error-reporting service.
- Subscription information. When you purchase a subscription, Apple or Google processes the payment and informs us, via RevenueCat, whether your subscription is active. We never see your payment details.
2.3 Information we do not collect
We do not collect your name, email address, phone number, postal address, contacts, photos, microphone audio, camera images, calendar entries, health data, or advertising identifiers (IDFA / GAID).
3. Permissions We Request
| Permission | Purpose | What you can do |
|---|---|---|
| Motion & Fitness (iOS) / High-frequency sensors (Android) | Read accelerometer and gyroscope during a session | Optional — required only for the core scoring feature |
| Location ("When in Use" and, on iOS, also background) | Measure vehicle speed during a session and tag the session with a country | You can deny this; the App will still run with reduced functionality |
| Background execution | Keep a session recording while another app is open or the screen is locked | You can stop a session at any time |
You can revoke these permissions at any time in your device's system settings.
4. Third-Party Services
The App uses a small number of third-party services. Each is named below with the information shared and a link to that provider's privacy policy.
4.1 Amplitude — product analytics
We use Amplitude to understand, in aggregate, how the App is used. Amplitude receives anonymous installation and cohort identifiers, device metadata, app version, locale, and the usage events listed in Section 2.2. Amplitude is configured to receive no name, email, payment information, raw motion data, or precise location — only a country code derived from your session's start coordinates.
Provider policy: https://amplitude.com/privacy
4.2 Sentry — crash and error reporting
We use Sentry to receive automated crash and error reports. Sentry receives diagnostic data (stack trace, device model, OS version, app state at time of error). Sentry does not receive your motion data, location, or subscription status.
Provider policy: https://sentry.io/privacy/
4.3 Supabase — encrypted cloud sync
For sessions that exceed a minimum length, the App uploads a record of the completed session to a private database hosted on Supabase. The record contains: an anonymous installation UUID, cohort number, app version, country code, session start and end timestamps, duration, distance, average speed, carefulness score, harsh-event counts, the latitude and longitude where the session started, and a downsampled summary of motion samples for the session. The record does not contain your name, email, contact information, or a real-time location track. Sessions shorter than 5 minutes or 1 kilometre are never uploaded.
Provider policy: https://supabase.com/privacy
4.4 RevenueCat — subscription management
We use RevenueCat to verify subscription status with Apple and Google. RevenueCat receives an anonymous installation UUID and the transaction information returned by the App Store or Google Play. We do not see or store your payment-card details — these are handled by Apple or Google.
Provider policy: https://www.revenuecat.com/privacy/
4.5 Apple App Store / Google Play
When you purchase or cancel a subscription, the transaction is processed by Apple or Google under their respective terms and privacy policies. We receive a notification of the outcome through RevenueCat but do not access payment details.
4.6 Geocoding and maps
To derive a country code from your session's start coordinates, the App uses the geocoding service built into your device's operating system. To display map views inside the App on iOS, the App uses Apple Maps, governed by Apple's privacy policy.
5. How We Use Information
We use the information we collect to:
- compute the carefulness score and other session metrics on your device;
- show you the history of your past sessions;
- provide and improve the App, including diagnosing crashes and fixing bugs;
- understand, in aggregate, how the App is used so that we can prioritise product improvements;
- operate and verify subscriptions;
- communicate with you when you contact us; and
- comply with legal obligations and enforce our Terms of Service.
We do not use your information to build advertising profiles, to share with data brokers, or to make automated decisions that produce legal or similarly significant effects about you.
6. Legal Bases (EEA / United Kingdom)
If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:
- Contract — to provide the App's core features, manage subscriptions, and operate cloud sync.
- Legitimate interests — to keep the App secure, diagnose errors, prevent fraud, and understand aggregate usage. We have assessed these interests and consider that they are not overridden by your fundamental rights.
- Consent — for sensor and location permissions, which you grant through system prompts and can revoke at any time.
- Legal obligation — when we must process information to comply with applicable law.
7. Sharing Your Information
We do not sell or rent personal information. We share information only:
- with the third-party providers listed in Section 4, acting as processors on our behalf and bound by appropriate data-protection terms;
- with competent authorities when required by law, court order, or to protect rights, property, or safety; and
- in connection with a merger, acquisition, or sale of assets, in which case we will give reasonable notice before your information is transferred and becomes subject to a different privacy policy.
8. International Data Transfers
The third-party services we use may process information in the United States, the European Union, or other regions. Where personal data is transferred outside your country of residence, we and our providers rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) where required by applicable law.
9. Data Retention
- On-device data (sessions, settings) is retained on your device until you delete the session, uninstall the App, or clear the App's storage. Deleting a session removes it from your device.
- Cloud-synced sessions are retained on our Supabase database for as long as the App is active for analytics purposes. You can request deletion at any time (see Section 10).
- Analytics events are retained by Amplitude according to our configured retention policy (currently up to 24 months).
- Crash reports are retained by Sentry for up to 90 days.
- Subscription records are retained for as long as required by Apple, Google, RevenueCat, and applicable tax / accounting law.
10. Your Rights
Depending on where you live, you may have the right to: access the personal information we hold about you; correct inaccurate information; delete information; object to or restrict certain processing; withdraw consent; receive a portable copy of your information; and lodge a complaint with a data-protection authority.
Because we identify your data only by an anonymous installation UUID, please include that identifier when you contact us so that we can locate the right records. You can find your installation UUID in the App's Settings → About screen.
To exercise any of these rights, email us at support@zendriver.app. We will respond within the timeframes required by applicable law.
California residents (CCPA / CPRA): you have the right to know what categories of personal information we collect, to request deletion, and to opt out of "sale" or "sharing" — we do not sell or share personal information as those terms are defined under California law.
11. Children's Privacy
The App is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under that age. If you believe a child has provided information through the App, please contact us and we will take steps to delete it.
12. Security
We use technical and organisational measures to protect information against unauthorised access, alteration, disclosure, or destruction. These include transport encryption (TLS) for data in transit, access controls on our cloud services, and reliance on Apple's and Google's secure in-app purchase infrastructure for payments. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
13. Do Not Track and Tracking Transparency
The App does not use cross-app tracking or the iOS Advertising Identifier (IDFA), and so does not present an App Tracking Transparency prompt. We do not respond to browser "Do Not Track" signals because the App is not a web service.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date above and, where appropriate, provide additional notice (for example, an in-App message). Your continued use of the App after changes take effect constitutes acceptance of the updated policy.
15. Contact
For privacy questions, requests, or complaints, please contact:
ZenDriver — Evgenii Zhulkov Email: support@zendriver.app