Transport-Yak
🇬🇧
Language
🇬🇧 English 🇵🇱 Polski 🇧🇾 Беларуская 🇧🇬 Български 🇧🇦 Bosanski 🇨🇿 Čeština 🇩🇰 Dansk 🇩🇪 Deutsch 🇬🇷 Ελληνικά 🇪🇸 Español 🇪🇪 Eesti 🇫🇮 Suomi 🇫🇷 Français 🇭🇷 Hrvatski 🇭🇺 Magyar 🇮🇹 Italiano 🇱🇹 Lietuvių 🇱🇻 Latviešu 🇲🇰 Македонски 🇳🇱 Nederlands 🇳🇴 Norsk 🇵🇹 Português 🇷🇴 Română 🇷🇺 Русский 🇸🇰 Slovenčina 🇸🇮 Slovenščina 🇦🇱 Shqip 🇷🇸 Српски 🇸🇪 Svenska 🇹🇷 Türkçe 🇺🇦 Українська
Back to home

Transport-Yak Privacy Policy

Effective date: 2026-04-17

§ 1. Data Controller

  1. The controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the "GDPR") is:

    Hojka correspondence address: Poland e-mail: support@transport-yak.com

    (the "Controller")

  2. The Controller has not appointed a Data Protection Officer. For all matters relating to personal data, please contact: support@transport-yak.com.

§ 2. Key information — what you need to know

  1. The App does not require registration, login or the provision of any personal data.
  2. The App does not collect on the Controller's servers any data identifying the User — name, e-mail address, phone number, precise GPS location, persistent device identifier (IMEI/serial).
  3. The App is offered under a freemium model: a) Free version — supported by a banner advertisement and rewarded video ads (unlocking additional axle-calculator features), b) Premium version — a paid subscription (EUR 3 / month or EUR 15 / year) with no ads and unlimited access to App features.
  4. The Free version uses the Google Mobile Ads SDK (AdMob) to serve ads. AdMob processes the Advertising ID and related technical data — see § 3.3 and § 5.
  5. Premium subscription purchases are handled by RevenueCat, Inc., Google Play Billing (Android) and Apple App Store Billing (iOS). The Controller does not receive or store the User's payment-card details — see § 3.4 and § 5.
  6. User settings (selected language, axle configuration, consent flag) are stored locally only on the User's device.

§ 3. Data processed

The App's technical operation requires communication with servers. The following data is processed during this communication:

3.1. Technical data (always)

Data When Purpose
Device IP address Each HTTP request Establishing a TCP/IP connection
User-agent (OS type, version) Each HTTP request Technical diagnostics
Type of request (bans/areas/maps) Each HTTP request Returning the correct data

The IP address is personal data within the meaning of the GDPR. It is visible to the infrastructure providers (see § 5). The Controller does not link the IP address to any other data identifying the User.

3.2. Data stored locally (not transmitted)

Data Location
Selected UI language Android SharedPreferences
Vehicle axle configuration (dimensions, limits) Android SharedPreferences
Ban Data cache (up to 50 MB) Internal App storage
Terms acceptance flag Android SharedPreferences
First-launch date, counter of added cargo sections Android SharedPreferences

Local data is not transmitted to the Controller or third parties. It is deleted when the App is uninstalled or its data is cleared in the system settings.

3.3. Data processed in connection with advertising (Free version only)

Data Purpose
Advertising ID (AAID on Android, IDFA on iOS) Ad targeting, frequency capping, ad-fraud prevention
Device model and manufacturer, OS version, screen resolution Optimisation of ad format
Approximate location (derived from IP address, country/region level) Geo-targeting of ads
Ad-related events (impression, click, exposure time) Settlement with advertisers, campaign optimisation
Interest signals (only where consent has been given) Personalised ad content selection

This data is collected and processed by Google LLC (AdMob) — see § 5.3. The User retains full control:

  • on Android: Settings → Privacy → Ads → reset Advertising ID and disable ad personalisation,
  • on iOS: Settings → Privacy & Security → Apple Advertising (plus App Tracking Transparency prompt on first App launch),
  • in the European Union: a consent dialogue (Google Consent Mode v2 / IAB TCF) displayed on first launch allows the User to choose between personalised and non-personalised ads,
  • at any time: purchasing the Premium subscription fully disables ad serving and stops the collection of the above data for advertising purposes.

3.4. Data processed in connection with Premium subscription purchase

Data Purpose
Anonymous user identifier (UUID generated by RevenueCat) Linking the subscription status to the device / store account
Purchase receipt — encrypted token confirming the store purchase Purchase verification, restoration after reinstall, refund handling
Subscription status (active/inactive, expiry date, trial, billing retry) Granting Premium features to the User
Device type, OS version, store country code Technical support, currency mapping, tax reporting

Payment data (card number, banking information) is not transmitted to the Controller or to RevenueCat. Payment processing is handled entirely by Google Play Billing or Apple App Store Billing, which are the sellers of the subscription for consumer-law purposes. These operators retain purchase receipts under their own tax and accounting obligations (typically 5–7 years).

§ 4. Purposes and legal bases for processing

Purpose Legal basis Retention
Providing the Service — delivery of Ban Data and maps Art. 6(1)(b) GDPR (performance of a contract for the provision of electronic services) For the duration of App use
Ensuring infrastructure security, detecting and preventing abuse Art. 6(1)(f) GDPR (Controller's legitimate interest) Up to 30 days (logs)
Serving non-personalised ads in the Free version Art. 6(1)(f) GDPR (legitimate interest — monetisation of the free Service) Duration of Free-version use
Serving personalised ads in the Free version (for EEA users) Art. 6(1)(a) GDPR (consent given in the Consent Mode v2 dialogue) Until consent is withdrawn
Purchasing and managing the Premium subscription Art. 6(1)(b) GDPR (performance of a contract) Duration of subscription and complaint period
Preventing subscription abuse, refund handling Art. 6(1)(f) GDPR (legitimate interest) Up to 90 days after subscription expiry
Tax and accounting obligations related to subscription sales (by store operators) Art. 6(1)(c) GDPR (legal obligation — accounting and tax law) 5–7 years (per store operator's tax obligations)
Handling complaints and enquiries Art. 6(1)(b) and (c) GDPR Until matter resolved, max. 3 years
Defence or pursuit of claims Art. 6(1)(f) GDPR Until the statutory limitation period expires

§ 5. Recipients of data — processors

The data described in § 3 is transmitted to the following processors necessary for the technical operation of the App:

5.1. Cloudflare, Inc.

  • Seat: USA (101 Townsend St, San Francisco, CA 94107)
  • Role: infrastructure provider (Cloudflare Workers) for the API delivering Ban Data (ab.tbsny.workers.dev)
  • Scope of data: IP address, user-agent, HTTP request parameters
  • Privacy policy: https://www.cloudflare.com/privacypolicy/
  • Basis for transfer outside EEA: EU standard contractual clauses (SCC) + EU-U.S. Data Privacy Framework certification

5.2. OpenFreeMap

  • Seat: Switzerland (country recognised by the European Commission as providing an adequate level of protection)
  • Role: map tile provider (tiles.openfreemap.org)
  • Scope of data: IP address, tile-request parameters
  • Policy: https://openfreemap.org/

5.3. Google LLC / Google Ireland Ltd.

  • Seat: USA (Google LLC) and Ireland (Google Ireland Ltd. — controller of EEA user data for most services)
  • Multi-purpose role:
    • handling the App rating dialogue (Google Play In-App Review),
    • distributing the App via the Google Play Store,
    • Premium subscription payment processing (Google Play Billing) — Google is the seller of the subscription, responsible for payment processing, VAT collection, payout to the Controller and retention of receipts,
    • serving ads in the Free version (Google Mobile Ads / AdMob) — processing Advertising ID, device data, ad-interaction signals, approximate IP-based location.
  • Consent mechanisms: Google Consent Mode v2, IAB Transparency & Consent Framework — details: https://support.google.com/admob/answer/9760862
  • Privacy policy: https://policies.google.com/privacy
  • Advertising policy: https://policies.google.com/technologies/ads
  • Basis for transfer outside EEA: EU standard contractual clauses + EU-U.S. Data Privacy Framework

5.4. RevenueCat, Inc.

  • Seat: USA (44 Tehama St, San Francisco, CA 94105)
  • Role: subscription-management infrastructure — purchase-receipt verification, synchronisation of subscription status across the User's devices, refund and cancellation handling
  • Scope of data: anonymous user UUID, purchase receipts (encrypted tokens), device metadata, store country code
  • RevenueCat does not receive payment data or data directly identifying the User.
  • Privacy policy: https://www.revenuecat.com/privacy/
  • Basis for transfer outside EEA: EU standard contractual clauses

5.5. Apple Distribution International Ltd. (iOS version only)

  • Seat: Ireland (EU member state — no transfer outside EEA for EEA users)
  • Role: Premium subscription payment processing on iOS (App Store Billing) — seller of the subscription, payment processing, receipt retention, VAT collection, payout to the Controller
  • Policy: https://www.apple.com/legal/privacy/

The Controller does not sell, rent or transfer the User's data for marketing purposes to any entities other than those listed above.

§ 6. Transfer of data outside the European Economic Area

Some entities listed in § 5 (Cloudflare, Google LLC, RevenueCat) are seated in the United States. Transfers of data to the USA take place on the basis of:

  1. the European Commission's adequacy decision under the EU-U.S. Data Privacy Framework of 10 July 2023 (for certified entities — Cloudflare, Google),
  2. standard contractual clauses (SCC) approved by the European Commission by Decision 2021/914 (for other entities, including RevenueCat).

Apple Distribution International Ltd. (Ireland) does not constitute a transfer outside the EEA.

The User has the right to request a copy of these safeguards from the Controller — contact: support@transport-yak.com.

§ 7. User rights

Under the GDPR, the User has the following rights:

  1. Right of access to their data (Art. 15 GDPR).

  2. Right to rectification of data (Art. 16 GDPR).

  3. Right to erasure — "right to be forgotten" (Art. 17 GDPR).

  4. Right to restriction of processing (Art. 18 GDPR).

  5. Right to data portability (Art. 20 GDPR).

  6. Right to object to processing based on legitimate interest (Art. 21 GDPR) — in particular against the serving of non-personalised ads (the consequence being discontinuation of the Free version or upgrade to Premium).

  7. Right to withdraw consent (Art. 7(3) GDPR) — in particular consent for personalised advertising; withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

  8. Right to lodge a complaint with the supervisory authority:

    President of the Personal Data Protection Office (UODO) ul. Stawki 2, 00-193 Warsaw, Poland https://uodo.gov.pl

To exercise these rights, please contact: support@transport-yak.com. The Controller shall respond without undue delay and in any case within one month of receipt of the request.

For rights relating to data processed directly by Google (AdMob) or RevenueCat, the User may also address their request directly to those entities — the contact details are provided in their respective privacy policies (§ 5.3, § 5.4).

§ 8. Retention period

Data type Retention
Local data (settings, cache, install date, section counter) Until uninstallation or manual clearance
Processor-side server logs (IP address) Typically up to 30 days — per provider's policy
Advertising data (AAID, metadata) held by Google Up to 13 months (Google Ads default policy); less upon AAID reset
Anonymous user identifier in RevenueCat Throughout the App installation lifetime; after uninstall — up to 180 days of inactivity
Purchase receipts held by store operators (Google Play / App Store) 5–7 years (seller's tax and accounting obligation)
E-mail correspondence Until the matter is resolved, max. 3 years
Data processed to pursue or defend claims Until expiry of the limitation period

§ 9. Automated decision-making and profiling

  1. The Controller does not itself engage in automated decision-making producing legal effects on the User, nor does it carry out profiling within the meaning of Art. 22 GDPR.
  2. Google (AdMob) — when serving personalised ads in the Free version — uses automated ad-matching mechanisms based on: a) the Advertising ID, b) demographic signals inferred from the User's behaviour in other Google apps and services, c) interest categories assigned to the advertising profile, d) approximate geographical location.
  3. These decisions do not produce legal or similarly significant effects on the User within the meaning of Art. 22 GDPR — they relate solely to the choice of the advertising content displayed in the App.
  4. The User may at any time: a) withdraw consent for personalised ads (Consent Mode v2 dialogue in the App; Android system settings: Privacy → Ads → Limit ad tracking; iOS: Settings → Privacy → Apple Advertising), b) reset the Advertising ID in the operating-system settings, c) upgrade to the Premium version — where no ads are displayed and advertising data is not collected at all.

§ 10. Data security

  1. Communication with the Controller's servers and with processors takes place exclusively via encrypted HTTPS (TLS).
  2. The App does not accept cleartext traffic (cleartext-traffic is disabled in Android's network security configuration).
  3. Local data is stored in the App's private directory, inaccessible to other applications.
  4. Purchase receipts are cryptographically verified by RevenueCat and by the store operators — the Controller has no technical ability to fabricate a subscription status.

§ 11. Children

  1. The App is intended for persons at least 13 years of age. The Controller does not knowingly collect data of persons under 13.
  2. If such data is identified, it will be promptly deleted.
  3. Ads in the Free version are served in "non-child-directed" mode — meaning the App is not directed to children and does not use the mode compliant with the U.S. COPPA regulation. Parents/guardians of persons under 13 should not provide the App to such persons.

§ 12. Changes to the Privacy Policy

  1. The Controller reserves the right to amend this Privacy Policy, in particular in the event of changes in the law, changes in the App's functionality or changes in the scope of cooperation with processors.
  2. The User will be notified of material changes within the App at least 14 days before they take effect.
  3. The current version of the Privacy Policy is available within the App under "More → Privacy Policy" and at: https://transport-yak.com/privacy-policy.

§ 13. Contact

For questions concerning the processing of personal data, please contact:

E-mail: support@transport-yak.com

This Privacy Policy is effective from 2026-04-17.