Skip to content
crosser
  • Support

Privacy Policy

Last updated: 2 June 2026

Crosser is a travel app that tells you when your trips overlap with your friends'. This policy explains what we collect, why we collect it, who we share it with, and the choices and rights you have.

Who we are

Crosser ("Crosser", "we", "us") is an independent app built and operated by a solo developer based in the United Kingdom. For the purposes of UK and EU data protection law, we are the data controller for the personal data described in this policy.

The best way to reach us about this policy or your data is by email at support@crosserapp.com.

Information we collect

We collect only what we need to run Crosser and detect when your trips cross with a friend's.

Information you give us

  • Account details — your email address and display name, created when you sign up.
  • Profile photo — an optional avatar image, if you choose to add one.
  • Itineraries and trips — the photos, PDFs, or pasted text you add so we can build your trip map, and the stops, countries, and dates we extract from them.
  • Friend connections — the people you follow or connect with in the app.
  • Chat messages — messages you send to other users through the app.

Information collected automatically

  • Approximate trip locations — to place your stops on a map, we convert the place names in your itinerary into map coordinates. These coordinates are stored with your trip.
  • Push notification tokens — a device identifier that lets us send you crossover alerts, if you allow notifications.
  • Usage and product analytics — basic events such as which screens you open and which actions you take, collected through PostHog (hosted in the EU) and used to operate, secure, and improve the service. We configure PostHog to discard your IP address, so it is not stored with your analytics events.
  • Basic device and technical data — information such as device type and app version, needed to deliver and secure the service. Our hosting provider may briefly process your IP address to deliver and protect the service.

We do not ask for or collect your real-time device location, contacts, payment details, or any special-category data (such as health, religion, or political views).

What we do not keep

The original files you upload to add a trip (photos, PDFs, and pasted text) are used only to extract your stops and dates. We don't store these originals on our servers — they're held only in memory during parsing and sent to our AI processing providers (Anthropic and Google) to perform the extraction, subject to their retention terms (see AI processing below). We keep only the extracted itinerary: cities, countries, dates, and map coordinates.

How we use your information

  • To run the service and build your personal trip map.
  • To detect crossovers — when your trips overlap with a friend's by city or country and by date.
  • To send you crossover alerts and account-related messages.
  • To enable messaging between connected users.
  • To respond to your support requests.
  • To keep Crosser secure, prevent abuse, and fix problems.
  • To understand how the app is used so we can improve it.

We do not sell your personal data, and we do not use it for third-party advertising.

AI processing of uploaded itineraries

When you add a trip by photo, PDF, or pasted text, the file or text is sent to an AI service that reads it and extracts the stops and dates. We use the result to build your itinerary. We use these AI providers as data processors acting on our instructions:

  • Anthropic (the Claude API) — our primary itinerary parser.
  • Google (the Gemini API) — used as a fallback when the primary service is unavailable.

Under our agreements with both providers, your uploaded content is processed only to return a result to us and is not used to train their AI models:

  • Anthropic (Claude API) retains inputs and outputs sent via the API for up to 30 days and then deletes them, and does not train its models on data submitted through the API.
  • Google (Gemini API, paid tier) does not use your prompts or responses to improve its products. It logs prompts and responses for a limited period only to detect and prevent abuse and to meet legal obligations.

This reflects Anthropic's Claude API terms and Google's terms for the paid Gemini API, which we use.

Third-party processors

We share data only with the service providers that help us run Crosser. Each acts on our behalf under a data-processing agreement and may only use your data to provide their service to us.

ProviderRoleData involved
SupabaseHosting, database, authentication, and file storageAccount details, trips, connections, messages, profile photo, usage data
Anthropic (Claude API)Parsing uploaded itineraries (primary)Itinerary files / pasted text you submit
Google (Gemini API)Parsing uploaded itineraries (fallback)Itinerary files / pasted text you submit
OneSignalPush notificationsPush token and device identifiers
MapboxMaps and place-name lookup (geocoding)Place names from your itinerary, to return map coordinates
PostHog (EU)Product and usage analyticsUsage events and device data (IP address discarded, not stored)

We do not sell your personal data.

Legal bases for processing (UK GDPR / EU GDPR)

If you are in the UK or EEA, we rely on the following legal bases:

PurposeLegal basis
Creating your account and providing the core service (trip map, crossover detection, messaging)Performance of a contract with you
Sending crossover alerts and account messagesPerformance of a contract / your consent for push notifications
Securing the service, preventing abuse, and product analyticsOur legitimate interests in running and improving a safe service
Anything you opt into separatelyYour consent, which you can withdraw at any time

Sharing and visibility within the app

Crosser is a social app, so some information is shared with other users by design:

  • Your display name and profile photo are visible to people you connect with.
  • A friend you connect with can see your full route — your stops and dates — and where your trips overlap with theirs.
  • Messages you send are visible to the recipient.

Outside the app, we only disclose personal data to the processors listed above, or where required by law, or to protect the rights and safety of our users and the public.

How long we keep your data

We keep your personal data for as long as your account is active, and delete it when you delete your account, except where we must keep certain records longer for legal or security reasons.

  • Account, trips, connections, and messages — kept while your account is active; removed when you delete your account. We do not keep separate scheduled database backups, so deleted data is not retained in a backup archive.
  • Usage analytics — product-analytics events are retained for up to 1 year, and session recordings for up to 30 days, on PostHog's EU cloud.
  • Support correspondence — kept for as long as needed to handle your request.

Your rights

If you are in the UK or EEA, you have the right to:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate or incomplete.
  • Delete your data (see below).
  • Port your data to another service.
  • Object to, or ask us to restrict, certain processing.
  • Withdraw consent at any time, where we rely on consent.

To exercise any of these rights, email support@crosserapp.com. We will respond within one month. You also have the right to complain to a data protection authority — in the UK, the Information Commissioner's Office (ICO) at https://ico.org.uk; in the EEA, your local supervisory authority.

Deleting your account

You can delete your account at any time from inside the app, in Settings. Deleting your account permanently removes your profile, your profile photo, your trips, your connections, and your messages. Copies that remain in encrypted backups are purged within the backup window described above.

You can also email support@crosserapp.com to request deletion.

International transfers

Your core account data, trips, connections, and messages are hosted in the European Union (Frankfurt, Germany), and your analytics are hosted on PostHog's EU cloud. Some other processors — our AI parsing providers (Anthropic and Google), push notifications (OneSignal), and maps (Mapbox) — may process data in the United States. Where data leaves the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision, as offered by each provider in their data-processing terms.

How we protect your data

We use technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, row-level access controls so that users can only access their own records, and restricted administrative access. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the relevant authority if a breach affects your rights.

Children

Crosser is not intended for children under 16, and we do not knowingly collect personal data from them. If we learn that we have collected data from a child under 16, we will delete it. Please make sure your app-store age rating is set to match.

Changes to this policy

If we make material changes, we will update this page and the "last updated" date above, and where appropriate we will notify you in the app or by email.

Questions about this page? Contact support@crosserapp.com.

Crosser

Reconnect on the road.

Privacy Terms Support support@crosserapp.com

© 2026 Crosser