Legal

Privacy Policy

Last updated: May 8, 2026

ZoRove is built on a simple promise: your trips are yours. We don't sell your data, we don't run advertising trackers, and we don't share anything with third parties beyond what we need to run the service.

1. Who we are

ZoRove is operated as a sole proprietorship based in Texas, United States. For any privacy-related questions or requests, contact hello@zorove.com.

2. What we collect

Account information

When you create an account, we store your email address, a username you choose, and a password (hashed by our authentication provider — we never see your raw password). If you upgrade to Pro, our payment processor stores your payment details and gives us back an anonymous customer ID; we never see card numbers.

Content you create

  • Saved places (coordinates, name, description, attributes, photos, reviews, likes, stays, favorites)
  • GPS tracks (recorded coordinates, distance, duration)
  • Note pins (private text and photo notes pinned to a coordinate)
  • Garage entries (vehicle details, VIN, service history)
  • Tribe and Chapter content (memberships, notice posts, comments, event RSVPs, reports)
  • Feature requests, votes, and comments on the feedback board

Public content (places marked public, public Tribe notices, feedback posts) is visible to other users. Everything else is private to your account.

Location data

The app accesses your device's location only when you actively use a feature that needs it — centering the map on your position, dropping a pin where you stand, or starting a GPS track. Live location is processed on your device and is never sent to our servers unless you explicitly save it (as a place, track, or note). We don't run continuous background location tracking.

Server logs

Our hosting provider keeps standard web server logs (IP address, user agent, request paths) for roughly 30 days for security and debugging. We don't analyze them for behavioral profiling.

What we do not collect

  • No third-party analytics — no Google Analytics, no Plausible, no Mixpanel, no Vercel Analytics, no Cloudflare Web Analytics.
  • No advertising trackers, pixels, or behavioral targeting.
  • No device fingerprinting.
  • No social media tracking pixels.
  • No cross-site tracking cookies.

3. How we use your data

  • Run the service: authenticate you, sync your saved content across devices, render your tracks and pins on the map.
  • Show public content: if you mark a place public or post in a Tribe, other relevant users see it.
  • Process payments for Pro subscriptions through our payment processor.
  • Send transactional email — account confirmation, Pro receipts, Tribe digests for chiefs. We do not send marketing email.
  • Respond to support requests when you email us.

We do not sell, rent, or trade your data with anyone. Ever.

4. Who we share data with

We use the following service providers strictly to run ZoRove. Each receives only what they need to do their job:

  • Supabase — database and authentication (stores account + content)
  • Cloudflare R2 — map tile and photo storage
  • Vercel — application hosting
  • Stripe — payment processing (Pro subscriptions only)
  • Resend — transactional email delivery

We may also disclose data if compelled by valid legal process (subpoena, court order). We will give you notice of such requests when legally permitted to do so.

5. Public-data overlays

The map overlays you see (BLM, USFS, NPS, NIFC, NOAA, OpenStreetMap, USGS PAD-US) come from public agencies and open datasets. We fetch them on your behalf, but those agencies do not receive any account or location information from us.

6. Cookies and local storage

We use a small number of cookies and browser-storage entries strictly to keep you signed in and remember your preferences (last map position, downloaded offline state packs, UI toggles). No advertising cookies, no analytics cookies.

7. Your rights and controls

  • View, edit, or delete your places, tracks, notes, vehicles, photos, reviews, and Tribe content from inside the app.
  • Cancel Pro at any time from your account page; access continues until the end of the billing period.
  • Delete your account: email hello@zorove.com from the address on file. We'll erase your profile and all associated content within 30 days, except records we're required to keep (Stripe transaction history, fraud-prevention logs).
  • Request a copy of your data: email hello@zorove.com and we'll export it.
  • California, EU, UK, and other regional users have additional rights under their local privacy laws (CCPA, GDPR, UK GDPR). You can exercise these by emailing the address above.

8. Children

ZoRove is not directed at children under 13, and we do not knowingly collect data from anyone under 13. If you believe a child under 13 has created an account, contact us and we'll remove it.

9. Security

Passwords are hashed and never stored in plain text. All connections to ZoRove use TLS encryption. Database access is gated by row-level security so users can only read and write their own private content. No system is bulletproof, but we treat your data with the care we'd want for our own.

10. Data retention

We keep your account and content until you delete them or close your account. Server logs are kept ~30 days. Stripe transaction records follow Stripe's retention policy (typically several years for tax and fraud-prevention reasons).

11. International transfers

ZoRove's infrastructure is hosted in the United States. If you use the app from outside the US, your data is processed in the US under standard contractual safeguards offered by our service providers.

12. Changes to this policy

If we make material changes, we'll post the updated policy here and show an in-app notice on your next visit. Minor wording changes (typos, clarifications) will be updated silently with a new "Last updated" date.

13. Contact

Questions, requests, or complaints: hello@zorove.com.