Sound Trip — Privacy Policy

Sound Trip Ads("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

Quick Reference Guide

This Privacy Policy complies with multiple privacy regulations. Find information relevant to you:

California Residents (CCPA/CPRA): See Section 10 for your rights and Section 1.4 for sensitive personal information
European Residents (GDPR): See Section 11 for your rights and legal basis for processing
California Residents (CalOPPA): See Section 12 for Do Not Track and cookie disclosures
Parents/Guardians (COPPA): See Section 7 for children's privacy protections
All Users: See Section 5 for general privacy rights and Section 14 to contact us

Notice at Collection (CCPA/CPRA)

This section provides a summary of the categories of personal information we collect and the purposes for which we use it, as required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of Personal Information We Collect

Identifiers: Name, email address, phone number, device identifiers, IP address
Personal Information: Name, address, phone number, payment information
Commercial Information: Purchase history, payment information (for advertisers)
Internet or Network Activity: Usage data, interaction with our Service
Geolocation Data: Precise location data during active rides
Sensory Data: Audio playback data, device motion data
Professional Information: Business information (for advertisers)
Inferences: Preferences, characteristics, behavior patterns

Purposes for Collection

To provide and improve our Service
To deliver contextual audio content and advertisements
To process payments and manage accounts
To communicate with you
To ensure security and prevent fraud
To comply with legal obligations
To analyze usage and improve our services

Categories of Third Parties with Whom We Share Information

Service Providers: Cloud hosting (Supabase, AWS), analytics (Google Analytics, Sentry, LogRocket), payment processors (Stripe)
Advertising Partners: Aggregated, non-personal campaign performance data only
Legal/Government: When required by law or to protect rights

For detailed information about our data practices, please read the full Privacy Policy below.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when you:

Create an Account: Name, email address, phone number, and authentication credentials
Update Your Profile: Profile preferences, notification settings, and communication preferences
Contact Us: Any information you include in communications with our support team
Join Our Waitlist: Name, email, company information, and marketing preferences
Advertiser Accounts: Business name, business type, business address, website URL, contact person name, contact email, phone number, billing information, payment method details (processed securely through Stripe)
Driver Accounts: Name, phone number, address, country, payment and payout information for driver earnings

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

Location Data: Real-time GPS location during active rides to provide contextual audio content and relevant advertisements
Trip Information: Ride start time, estimated arrival time, destination area (not exact address), and trip duration
Device Information: Device type, operating system, unique device identifiers (including device ID, advertising ID), mobile network information, IP address, browser type and version
Usage Data: Features accessed, content listened to, time spent in the app, interaction patterns, session duration, crash reports, error logs
Audio Playback Data: Which audio content was played, completion rates, skip patterns, playback timestamps
Motion Data: Device motion activity (walking, vehicle, bicycle) for better location accuracy
Technical Data: App version, platform version, language preferences, time zone

1.3 Information from Third Parties

We may receive information from:

Authentication Services: When you sign in using third-party services (Google, Apple, etc.), we may receive your name, email address, and profile picture
Analytics Providers: Aggregated usage statistics and performance metrics from Google Analytics, Sentry, and LogRocket
Advertising Partners: Campaign performance metrics (aggregated, not personal)
Payment Processors: Payment transaction information from Stripe (we do not store full payment card details)
Cloud Services: Data stored and processed through Supabase and AWS

1.4 Sensitive Personal Information (CPRA)

Under the California Privacy Rights Act (CPRA), we may collect the following categories of sensitive personal information:

Precise Geolocation: Real-time GPS coordinates during active rides (used only for service delivery)
Account Login Credentials: Email address and authentication tokens (stored securely and encrypted)
Financial Information: Billing address and payment method information (processed securely through Stripe, not stored by us)

We do not use sensitive personal information for purposes other than those disclosed in this policy, and we do not sell or share sensitive personal information for cross-context behavioral advertising.

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 To Provide and Improve Our Service

Deliver personalized audio content during your rides
Provide contextually relevant audio advertisements
Improve our algorithms and content delivery
Develop new features and functionality
Analyze usage patterns and optimize performance

2.2 For Contextual Advertising

Display location-based advertisements for nearby businesses
Time-targeted ads (e.g., lunch specials during lunch hours)
Trip-context advertising (e.g., dinner spots near your destination)
Measure ad performance and campaign effectiveness

2.3 To Communicate With You

Send service-related notifications and updates
Respond to your inquiries and support requests
Send marketing communications (with your consent)
Notify you of changes to our Service or policies

2.4 For Safety and Security

Detect and prevent fraud, abuse, and security incidents
Monitor and analyze security threats
Enforce our Terms of Service
Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Service Providers

We share information with third-party service providers who perform services on our behalf:

Cloud hosting and storage providers (Supabase, AWS)
Analytics services (Google Analytics, LogRocket)
Email and communication services
Customer support platforms
Payment processors (for advertiser payments)

These providers are contractually obligated to protect your information and use it only for the specified purposes.

3.2 With Advertising Partners

We share limited, aggregated information with advertisers:

Number of ad impressions and plays
General geographic areas where ads were played (city/neighborhood level, not precise location)
Time periods when ads were delivered
Aggregate demographic information (if available)
Campaign performance metrics (completion rates, engagement statistics)

We do NOT share: Your name, email, phone number, exact location coordinates, device identifiers, or any personally identifiable information with advertisers.

We do NOT sell your personal information: Sound Trip does not sell personal information to third parties. We do not engage in the sale of personal information as defined under CCPA/CPRA.

We do NOT share for cross-context behavioral advertising: We do not share personal information with third parties for cross-context behavioral advertising purposes.

3.3 For Legal Reasons

We may disclose your information if required to:

Comply with applicable laws, regulations, or legal processes
Respond to government requests or law enforcement
Protect our rights, property, or safety
Prevent fraud or security issues
Enforce our Terms of Service

3.4 Business Transfers

If Sound Trip is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your information for as long as necessary to:

Provide you with our Service
Comply with legal obligations
Resolve disputes and enforce agreements
Maintain business records

Specifically:

Account Information: Retained until you delete your account, plus 30 days
Location Data: Real-time location is not stored long-term; trip summaries are retained for 90 days
Audio Playback Data: Retained for 1 year for analytics purposes
Usage Analytics: Aggregated data may be retained indefinitely

5. Your Privacy Rights

Depending on your location, you may have the following rights:

5.1 Access and Portability

Request a copy of the personal information we hold about you
Receive your data in a structured, machine-readable format (e.g., JSON, CSV)
Know the categories and specific pieces of personal information we collect
Understand the sources from which we collect your information

5.2 Correction and Updates

Update or correct inaccurate personal information
Modify your profile settings and preferences
Request correction of any errors in your data

5.3 Deletion

Request deletion of your personal information
Delete your account and associated data
Request deletion of data collected from third parties

Note: We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

5.4 Opt-Out Rights

Opt out of marketing communications (email, push notifications)
Disable location services (note: this will limit Service functionality)
Opt out of non-essential data collection
Opt out of sharing personal information for cross-context behavioral advertising
Opt out of the sale of personal information (we do not sell personal information)
Limit the use of sensitive personal information

5.5 Objection and Restriction

Object to certain data processing activities based on legitimate interests
Request restriction of processing in specific circumstances
Object to automated decision-making

5.6 How to Exercise Your Rights

To exercise these rights, please contact us:

Email: privacy@kindleform.com
Data Protection Officer: dpo@kindleform.com
Mail: Sound Trip Privacy Requests, [Company Address]

We will respond to your request within the timeframes required by applicable law (typically 30-45 days, or 90 days for complex requests). We may ask you to verify your identity before processing your request to protect your privacy and security.

5.7 Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not:

Deny you goods or services
Charge you different prices or rates
Provide you a different level or quality of services
Suggest that you may receive different treatment for exercising your rights

6. Location Data and Permissions

Sound Trip requires location access to function properly. Here's how we use it:

6.1 Why We Need Location Data

Detect when you're in an active ride-share trip
Calculate estimated time to destination
Deliver contextually relevant audio content
Show advertisements for nearby businesses

6.2 Location Permissions

"Always" Permission: Allows us to detect rides and provide seamless audio even when the app is in the background
"While Using" Permission: Limits functionality; requires keeping the app open during rides

6.3 Location Data Storage

Real-time GPS coordinates are processed in memory and not stored long-term
We store only generalized location data (city, neighborhood level)
Trip summaries include start/end zones, not exact addresses

You can modify location permissions in your device settings at any time.

7. Children's Privacy (COPPA Compliance)

Sound Trip is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

7.1 COPPA Compliance

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under 13 years of age without verifiable parental consent. Our Service is not directed to children under 13.

7.2 Age Verification

If you are under 13 years of age, you must not use our Service or provide any personal information to us. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will:

Immediately delete the information from our systems
Terminate the child's account (if applicable)
Notify the parent or guardian if we have contact information

7.3 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@kindleform.com. Parents have the right to:

Review their child's personal information
Request deletion of their child's personal information
Refuse to allow further collection or use of their child's information
Revoke consent at any time

7.4 Information We Do Not Collect from Children

We do not knowingly collect the following from children under 13:

Name, email address, phone number, or other contact information
Location data
Device identifiers
Any other personal information

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.

We take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy, including:

Standard contractual clauses approved by regulatory authorities
Data processing agreements with our service providers
Compliance with applicable data protection frameworks

9. Security Measures

We implement appropriate technical and organizational security measures to protect your information:

Encryption: Data is encrypted in transit (TLS/SSL) and at rest
Access Controls: Strict access controls and authentication requirements
Monitoring: Continuous monitoring for security threats and vulnerabilities
Regular Audits: Periodic security assessments and penetration testing
Employee Training: Regular privacy and security training for our team

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. California Privacy Rights (CCPA & CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

10.1 Your CCPA/CPRA Rights

Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal information)
Right to Delete: Request deletion of your personal information, subject to certain exceptions
Right to Correct: Request correction of inaccurate personal information we maintain about you
Right to Opt-Out of Sale: Opt out of the sale of personal information (note: we do not sell personal information)
Right to Opt-Out of Sharing: Opt out of sharing personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Personal Information: Request that we limit our use of sensitive personal information to what is necessary for the service
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Data Portability: Receive your personal information in a structured, commonly used, and machine-readable format

10.2 Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

Identifiers: Name, email address, phone number, device identifiers, IP address
Personal Information Categories: Name, address, phone number, payment information
Protected Classification Characteristics: Not collected
Commercial Information: Purchase history, payment information (for advertisers)
Biometric Information: Not collected
Internet or Network Activity: Usage data, interaction with our Service, browsing history within the app
Geolocation Data: Precise location data during active rides
Sensory Data: Audio playback data, device motion data
Professional or Employment Information: Business information (for advertisers)
Non-Public Education Information: Not collected
Inferences: Preferences, characteristics, behavior patterns

10.3 Categories of Personal Information We Disclose

We disclose the following categories of personal information to service providers:

Identifiers (to cloud hosting providers, analytics services)
Internet or Network Activity (to analytics services)
Geolocation Data (to service providers for service delivery)
Commercial Information (to payment processors)

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

10.4 How to Exercise Your California Privacy Rights

To exercise your rights, you may:

Email: privacy@kindleform.com
Mail: Sound Trip Privacy Requests, [Company Address]
Phone: [Toll-free number - to be added]

We will verify your identity before processing your request. We may ask you to provide:

Your email address associated with your account
Additional information to verify your identity

We will respond to your request within 45 days (or 90 days if we need additional time). We will not charge you for exercising your rights unless your request is excessive, repetitive, or manifestly unfounded.

10.5 Authorized Agents

You may designate an authorized agent to make a request on your behalf. The authorized agent must provide proof of your written permission to act on your behalf, or proof of power of attorney. We may also require you to verify your identity directly with us.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

11.1 Legal Basis for Processing

We process your personal data based on the following legal bases:

Contract (Article 6(1)(b)): To provide the Service you've requested, including ride detection, audio content delivery, and advertising services
Consent (Article 6(1)(a)): When you've given explicit consent (e.g., marketing emails, location tracking, analytics cookies)
Legitimate Interest (Article 6(1)(f)): For analytics, security, fraud prevention, and service improvement
Legal Obligation (Article 6(1)(c)): To comply with applicable laws, regulations, and legal processes

For sensitive personal data (special categories), we rely on:

Explicit Consent: For precise geolocation data
Necessary for Service: Location data is necessary for the core functionality of our Service

11.2 Your GDPR Rights

As a data subject under GDPR, you have the following rights:

Right of Access (Article 15): Request access to your personal data and information about how we process it
Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing (Article 18): Request restriction of processing in certain circumstances
Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, and machine-readable format
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint (Article 77): Lodge a complaint with your local supervisory authority

11.3 Data Controller Information

Sound Trip acts as the data controller for personal data collected through our Service. Our contact information is provided in Section 14.

11.4 Data Processors and Subprocessors

We use the following categories of data processors:

Cloud Infrastructure: Supabase (data hosting and processing), AWS (storage and computing)
Analytics: Google Analytics, Sentry, LogRocket
Payment Processing: Stripe (payment processing and billing)
Communication: Email service providers

All processors are bound by data processing agreements that comply with GDPR requirements.

11.5 Automated Decision-Making

We use automated processing to:

Detect active rides based on location and motion data
Select and deliver contextually relevant audio content and advertisements
Calculate estimated arrival times

We do not use automated decision-making that produces legal effects or significantly affects you without human intervention. You have the right to object to automated processing and request human review.

11.6 International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with all processors
Compliance with applicable data protection frameworks

11.7 How to Exercise Your GDPR Rights

To exercise your GDPR rights, please contact us at:

Email: privacy@kindleform.com
Data Protection Officer: dpo@kindleform.com

We will respond to your request within one month (may be extended by two months for complex requests). We may ask you to verify your identity before processing your request.

11.8 Supervisory Authority

If you are not satisfied with our response to your privacy request, you have the right to lodge a complaint with your local data protection supervisory authority. A list of supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

12. Cookies and Tracking Technologies (CalOPPA Compliance)

We use cookies and similar tracking technologies on our website and in our mobile application:

12.1 Types of Cookies We Use

Essential Cookies: Required for the website to function properly (cannot be disabled)
Analytics Cookies: Help us understand how visitors use our website (Google Analytics)
Preference Cookies: Remember your settings and preferences
Performance Cookies: Collect information about how you use our website to help us improve it

12.2 Third-Party Tracking

Our website and services use the following third-party tracking technologies:

Google Analytics: Website analytics and usage statistics (privacy policy: https://policies.google.com/privacy)
LogRocket: Session replay and debugging (privacy policy: https://logrocket.com/privacy/)
Mautic: Marketing automation tracking (privacy policy: https://www.mautic.org/privacy-policy)
Sentry: Error tracking and performance monitoring (privacy policy: https://sentry.io/privacy/)

12.3 Do Not Track (DNT) Signals

California Online Privacy Protection Act (CalOPPA) requires us to disclose how we respond to Do Not Track signals. Currently, we do not respond to Do Not Track browser settings or signals. However, you can control tracking through:

Your browser's privacy settings
Opting out of analytics cookies (where available)
Using browser extensions that block tracking
Adjusting your device's advertising ID settings

12.4 Mobile App Tracking

In our mobile application, we may use:

Device identifiers for analytics and service delivery
Location tracking (with your permission) for ride detection
Crash reporting and error tracking (Sentry)

You can control these through your device settings or app permissions.

12.5 How to Control Cookies and Tracking

You can control cookies and tracking technologies through:

Browser Settings: Most browsers allow you to refuse or delete cookies
Mobile Device Settings: Adjust location permissions, advertising ID, and app tracking permissions
Opt-Out Links:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Network Advertising Initiative: http://optout.networkadvertising.org/
- Digital Advertising Alliance: http://optout.aboutads.info/

Note: Disabling cookies or tracking may limit your ability to use certain features of our website and services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

Post the updated Privacy Policy on this page
Update the "Last Updated" date at the top of this policy
Notify you of material changes via email or in-app notification
Obtain your consent for material changes if required by law

Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

General Privacy Inquiries: privacy@kindleform.com
Data Protection Officer (GDPR): dpo@kindleform.com
California Privacy Rights (CCPA/CPRA): privacy@kindleform.com
COPPA Inquiries (Children's Privacy): privacy@kindleform.com
Website: https://soundtrip-ads.com
Mailing Address: [Company Address - To be updated]

We will respond to your inquiry within the timeframes required by applicable law:

GDPR Requests: Within 1 month (may be extended by 2 months for complex requests)
CCPA/CPRA Requests: Within 45 days (may be extended by 45 days for complex requests)
General Inquiries: Within 30 days

14.1 Privacy Request Process

When you submit a privacy request, we will:

Verify your identity to protect your privacy and security
Process your request in accordance with applicable privacy laws
Provide you with updates on the status of your request
Respond within the required timeframe

If we cannot verify your identity or if your request is excessive, repetitive, or manifestly unfounded, we may:

Request additional information to verify your identity
Refuse to act on the request (with explanation)
Charge a reasonable fee (only if permitted by law and the request is excessive)

15. Additional Disclosures

15.1 Data Categories and Purposes

For a detailed breakdown of the categories of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it, please refer to Sections 1, 2, and 3 of this Privacy Policy.

15.2 Data Retention Periods

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods are detailed in Section 4.

15.3 Updates to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Post the updated Privacy Policy on this page
Update the "Last Updated" date
Notify you via email or in-app notification
Obtain your consent for material changes if required by law

15.4 Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

15.5 Business Transfers

If Sound Trip is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.

Privacy Policy