Privacy Policy

SchengenTracker ("we", "our", "us") operates the website at schengentracker.com and provides Schengen-area travel compliance tools. For GDPR purposes, we are the data controller.

Contact: support@schengentracker.com

Account data — When you register, we collect your email address and display name. This is necessary to provide the service.

Trip and driver data — Dates of entry and exit, nationalities, and driver information you enter into the dashboard. This data is used solely to calculate Schengen allowances for you or your organisation.

Usage data — We use Google Analytics (GA4) and Vercel Analytics to understand how the site is used. This includes pages visited, browser type, device type, and approximate location (country level). We do not use analytics data to identify you personally.

Authentication tokens — Session tokens are stored in secure, HTTP-only cookies managed by Supabase Auth.

We process your personal data on the following legal bases under GDPR Article 6:

• Contract performance (Art. 6(1)(b)) — to provide the account, calculator, and dashboard services you signed up for.
• Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the service through analytics.
• Consent (Art. 6(1)(a)) — where required, for non-essential cookies and marketing communications. You can withdraw consent at any time.

We share data only with the following processors, all bound by data processing agreements:

• Supabase Inc. (USA, EU-US Data Privacy Framework) — database, authentication, and file storage.
• Vercel Inc. (USA, EU-US Data Privacy Framework) — hosting and edge compute.
• Google LLC — Google Analytics 4 for aggregate usage analytics. Data is anonymised at collection; IP addresses are not stored. You can opt out via the Google Analytics Opt-out Browser Add-on.

We do not sell your personal data to any third party.

• Account data — Retained while your account is active and for 30 days after deletion to allow recovery if requested.
• Trip and driver data — Retained while your account is active and deleted immediately upon account deletion.
• Analytics data — Aggregate, anonymised analytics are retained for up to 26 months.
• Server logs — Vercel edge logs are retained for up to 7 days.

As a data subject in the EEA, UK, or Switzerland, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your account and all associated data. You can do this directly from Settings → Delete Account.
• Portability — receive your data in a machine-readable format.
• Restriction — request that we restrict processing of your data.
• Object — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, contact us at support@schengentracker.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

We use the following cookies:

• Authentication cookies — Strictly necessary session tokens set by Supabase Auth. Cannot be disabled while logged in.
• Analytics cookies — Set by Google Analytics to understand aggregate usage. You can disable these via your browser settings or the Google opt-out add-on.

We do not use advertising or tracking cookies.

Your data may be processed in the United States by Supabase and Vercel. Both participate in the EU-US Data Privacy Framework and provide appropriate safeguards under GDPR Chapter V.

SchengenTracker is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us at support@schengentracker.com and we will delete it promptly.

We may update this policy when the service changes or to reflect regulatory requirements. Material changes will be communicated by email to registered users at least 14 days before they take effect. The "Last updated" date below always reflects the current version.