Privacy Policy
1. Information We Collect
MyMilesAI is an automatic mileage tracker, so location is at the heart of what we collect. If you turn on automatic tracking, we collect GPS location data in the background — including while the app is closed or your phone is locked — so drives can start, record, and end without you touching your phone. For each drive we collect the start and end locations and addresses, the route path you drove, the distance, and timestamps. We also collect your trip classifications and notes, your account email address, and a device push-notification token (used to deliver trip and reminder notifications). Your phone’s motion & fitness activity is used on your device to detect when a drive starts and stops (this saves battery versus GPS alone); the motion signals themselves are not uploaded. If you set up Bluetooth car detection, we store an identifier of your paired car audio device in your account so trips can auto-start when your phone connects to your car. We also collect minimal telemetry needed to operate the service (e.g. error reports tied to your user ID so we can fix bugs). You can turn automatic tracking off at any time in the app; while it is off, no background location is collected.
2. On-Device Processing
Trip classification (business vs personal) runs on your device. The classifier uses local heuristics — your named locations, time of day, and prior classifications at the same destination — to suggest a category, and you confirm or correct it. The classification decision itself never requires sending your location anywhere. Your trip records — including start and end locations and addresses, the full route path of each drive (so your dashboard and reports can draw the drive on a map), distance, times, classification, and your notes — sync from your device to your private cloud account.
3. Cloud Storage
Your trip data — including the route paths of your drives — is stored in your own private account on Supabase (PostgreSQL on AWS infrastructure), encrypted in transit (TLS) and at rest. Row-level security means only you can read your data. Cloud storage exists so your history survives a lost phone, so you can sign in on a new device, and so you can access your dashboard at mymilesai.com/app/. We do not run analytics on your trip data.
Data retention. We retain your trip and account data for as long as your account is active. When you delete your account, your data is permanently and immediately purged (see §7); individually deleted trips are recoverable for 30 days before permanent removal. Diagnostic data is retained for up to 90 days.
4. How We Use Your Data
We use your data exclusively to provide mileage tracking, generate your tax reports, and sync your account across your devices. We do not use your data for advertising and do not share it with third parties except as listed in §5.
5. Subprocessors
We use the following subprocessors to operate the service: Supabase Inc. (managed PostgreSQL, authentication, and Realtime); Functional Software, Inc. d/b/a Sentry (crash, error, and performance diagnostics); RevenueCat, Inc. (subscription and in-app-purchase management); Apple Inc. (App Store payments & receipts, and — via MapKit / Apple Maps — geocoding of trip start and end locations and route matching); Resend (Resend, Inc.) (transactional and reminder email delivery); Cloudflare, Inc. (website hosting/CDN and Turnstile bot-protection on web forms); FormSubmit (formsubmit.co) (relays our website Contact form and iOS-waitlist form submissions — the name, email address, optional phone number, and message you enter — to our support inbox); and Google LLC and Apple Inc. (OAuth sign-in providers, only if you choose to use them). We do not use Stripe at this time. We do not sell your data to anyone.
6. Speedometer
The in-app speedometer is for reference only and is not calibrated to DMV, state, or federal standards. Do not rely on it for legal purposes.
7. Your Rights
You may export all of your data at any time as PDF or CSV from the web dashboard, or as PDF, CSV, Excel, or QuickBooks CSV from the iOS app. You may delete individual trips (recoverable for 30 days) or delete your entire account from Settings. Account deletion is immediate and permanent: after you confirm with the 6-digit code we email you, all of your cloud data is erased right away and cannot be recovered. Two narrow exceptions survive deletion: (1) we keep a minimal, pseudonymous deletion-audit record (an internal account identifier and timestamp — no name, email, location, or trip data) and pseudonymous payment-webhook logs, for security and financial-audit purposes; and (2) records of your App Store subscription transactions are held by Apple and by our subscription processor RevenueCat under their own retention policies — deleting your MyMilesAI account does not delete Apple’s transaction records. EU/UK residents may exercise GDPR rights (access, rectification, erasure, portability) by emailing privacy@mymilesai.com; California residents may exercise CCPA/CPRA rights at the same address. We do not sell personal information.
8. Contact
Questions about this policy? Email privacy@mymilesai.com. Harijas LLC, Manteca, CA.