Privacy Policy

Effective date: 27 April 2026 · Last updated: 11 May 2026

Public Beta. The Service is currently in beta. Data-handling practices, retention periods, and processor relationships described below may evolve as we add features. We will update this Policy and the "Last updated" date when material changes happen; continued use after the change constitutes acceptance.

This Privacy Policy explains how DPG spol. s r.o. trading as Banana Labs ("we", "us", "our") collects, uses, stores and shares personal data through the Where Is Tereza? service (the "Service"), accessible at app.whereistereza.com. By using the Service you agree to the practices described below. If you do not agree, please do not use the Service.

1. Who we are

The Service is operated by DPG spol. s r.o., a limited-liability company registered in the Czech Republic, trading under the brand Banana Labs. The in-app Support form (Org Admin → Support) is the primary contact channel for all account, billing and privacy-related enquiries.

2. What data we collect

2.1 Account data

Email address — used as your login identifier and for transactional emails (magic-link sign-in, billing receipts, trip notifications).
Display name and profile photo (optional) — what you choose to show on your public trip pages.
Organization metadata — name, slug, custom domain (if configured), team membership.

2.2 GPS and location data

Latitude / longitude / timestamp sent by your tracking app or device.
Optional context from the device: speed, accuracy, altitude, battery level, motion activity.
Trip metadata you create: name, dates, description, segments, photos.

2.3 Technical data

IP address, user-agent string, viewport size — used for rate limiting and to attach context to bug reports.
Session cookie (wit_session) and CSRF cookie (wit_csrf) — required to keep you signed in.
Application logs (no GPS data, no email addresses) — kept up to 14 days for diagnostics.

2.4 Payment data

If you subscribe to a paid plan, payment is processed by Stripe. We never see or store full card numbers; Stripe issues us a customer ID we use to load and update your subscription. Cardholder data is held by Stripe under their own privacy policy and PCI-DSS compliance.

3. How we use the data

To run the Service: store your trips, render the live map, send notifications you have opted in to.
To authenticate you (magic-link emails, session cookie).
To bill you (Stripe), including sending receipts.
To improve the Service: aggregated, anonymous analytics on feature usage.
To investigate abuse, fraud, or violation of the Terms of Service.
To respond to legal obligations (court orders, GDPR data-subject requests).

We do not sell your data. We do not use your GPS data for advertising. We do not share your trip data with third parties unless required by law.

4. Legal basis (GDPR Art. 6)

Contract performance — running the Service for you (Art. 6(1)(b)).
Legitimate interest — fraud prevention, rate limiting, system stability (Art. 6(1)(f)).
Consent — for non-essential cookies, marketing emails (Art. 6(1)(a), withdrawable any time).
Legal obligation — tax records, law-enforcement orders (Art. 6(1)(c)).

5. Where data is stored

The platform is hosted on Railway (Google Cloud, region eu-west4, the Netherlands). Backups are encrypted at rest. GPS data lives in JSON files inside a per-organization directory; metadata and account info live in PostgreSQL. Photos uploaded to trips are stored on the same persistent volume.

6. Third-party processors

Provider	Purpose	Data shared
Stripe (Ireland Ltd.)	Subscription billing	Email, name, billing address, card via Stripe Elements
Resend (Delaware, USA)	Transactional email	Recipient email, subject, body
Mapbox (USA)	Route snap-to-roads	Anonymized GPS coordinates of the trip being matched
Open-Meteo (Switzerland)	Weather lookup	Latitude / longitude only
Nominatim / OpenStreetMap (UK)	Reverse geocoding	Latitude / longitude only
CARTO (Spain)	Map basemap tiles	Map viewport coordinates
Railway (USA, EU hosting)	Application hosting	All of the above as part of normal operation

Where a processor sits outside the EEA, transfers rely on Standard Contractual Clauses approved by the European Commission. Processors only receive what's strictly necessary; none of them receive your account password (we don't store passwords — we use magic-link tokens).

7. Cookies

wit_session — strictly necessary, keeps you signed in (30 days, HttpOnly, Secure, SameSite=Lax).
wit_csrf — strictly necessary, prevents cross-site request forgery on write actions (30 days, Secure, SameSite=Lax).
No third-party tracking cookies are set by the Service itself.

8. How long we keep data

GPS data — retained for the duration set by your subscription plan (currently up to 5 years on the Nomad plan). Deleted automatically by the daily retention loop after that.
Account + organization metadata — kept while your account is active and for 30 days after cancellation, then deleted unless you explicitly request earlier removal.
Tax records (invoices, receipts) — retained for 10 years per Czech VAT law, even after account deletion.
Application logs — 14 days, then rotated.

9. Your rights

Under GDPR you have the right to:

Access — request a copy of all data we hold about you. The org admin includes a "Backup" button that downloads your full org data as a ZIP.
Rectification — correct inaccurate data via the org admin or by emailing us.
Erasure ("right to be forgotten") — delete your account and all associated data. Subject to the tax-record retention above.
Portability — receive your data in a machine-readable format (JSON, included in the Backup ZIP).
Object to processing where the legal basis is legitimate interest.
Withdraw consent any time for processing based on consent.
Lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, uoou.gov.cz).

To exercise any of these, submit a request via the in-app Support form (Org Admin → Support). We respond within 30 days.

10. Children

The Service is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us data, please contact us and we will delete it promptly.

11. Security

All traffic uses HTTPS (TLS 1.2+). Sessions are signed and time-limited. Cards are tokenised by Stripe and never touch our servers. Backups are encrypted at rest. Access to the production database is restricted to platform admins and audit-logged.

12. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to all account holders at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the latest revision.

Contact: in-app Support form (Org Admin → Support) · Terms of Service · Back to app