At Froad, we take your privacy seriously. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have as a user of our service at froad.is.
By using Froad, you agree to the collection and use of information as described in this policy. This policy applies to all users of the Froad web application.
Section 1
Who We Are (Data Controller)
Froad operates the community platform available at froad.is. We are the data controller responsible for your personal data.
For any privacy-related enquiries or to exercise your rights, contact us at:
📧 hello@froad.is
Section 2
Data We Collect
We collect the following categories of personal data:
| Category | Data collected | Purpose |
|---|---|---|
| Account data | Full name, email address, hashed password | Account creation, login, authentication |
| Profile data | Display name, bio, vehicle type, vehicle photo, Instagram handle, profile avatar | Community profile visible to other members |
| Location data | Real-time GPS coordinates (only while location sharing is enabled) | "People" map feature — live position shared with other members |
| Chat messages | Text messages and photos sent in community chat channels | Community communication features |
| Road ratings | Numerical ratings (1–5) per road, linked to your user ID | Calculating average road condition scores |
| Payment data | Transaction confirmation, subscription status | Verifying paid access; processed via Paddle — we do not store card details |
| Technical data | Email verification status, account creation timestamp | Platform security and access control |
We do not collect sensitive personal data (such as health information, political opinions, or biometric data).
Section 3
Legal Basis for Processing (GDPR)
We process your personal data on the following legal bases:
- Contract performance — to provide the Service you have signed up for, including account management and subscription access
- Legitimate interests — to maintain platform security, prevent abuse, and improve the Service
- Consent — for optional features such as location sharing (you can withdraw consent at any time by disabling the feature)
- Legal obligation — where required by applicable law
Section 4
How We Use Your Data
- Creating and managing your Froad account
- Authenticating your identity and securing your account
- Displaying your profile information to other community members
- Showing your real-time location on the "People" map (only when you opt in)
- Enabling community chat and message delivery
- Calculating and displaying average road ratings
- Processing and verifying your subscription payment via Paddle
- Sending account-related emails (password reset, email verification)
- Preventing fraud, abuse, and policy violations
- Improving and maintaining the Service
Section 5
Location Data
Location sharing is entirely opt-in. Your real-time GPS position is only collected and shared with other users when you explicitly enable the location toggle within the app. You can stop sharing your location at any time.
When enabled, your coordinates are stored temporarily in our database and are visible to other authenticated, paying Froad members. Location data is restricted to coordinates within Iceland (latitude 63°N–66.8°N). We do not share location data with third parties and do not retain historical location trails.
Section 6
Data Sharing & Third Parties
We share your data only in the following circumstances:
- Firebase (Google) — We use Firebase Authentication, Firestore database, and Cloud Storage — all provided by Google LLC — to store and process your account data, messages, and uploaded images. Google processes this data on our behalf as a data processor.
- Paddle — Our payment provider Paddle processes your payment information. We receive only a transaction confirmation and subscription status. Paddle stores billing details on your behalf under their own privacy policy (paddle.com/legal/privacy).
- Legal requirements — We may disclose your data if required to do so by law, court order, or government authority.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
Section 7
Data Retention
We retain your data for as long as your account is active or as needed to provide the Service:
- Account & profile data — Retained until you delete your account
- Chat messages — Retained indefinitely to provide continuity of the community experience; you may request deletion
- Location data — Deleted automatically when you disable location sharing
- Road ratings — Retained to maintain accurate community ratings
- Payment records — Retained as required by applicable financial and tax law
To request deletion of your account and associated data, contact us at hello@froad.is.
Section 8
Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or Iceland, you have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restrict processing — ask us to limit how we process your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — for consent-based processing (e.g. location sharing), withdraw at any time
To exercise any of these rights, email us at hello@froad.is. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Section 9
Cookies & Tracking
Froad uses minimal browser storage (localStorage and sessionStorage) to maintain your login session and remember your in-app preferences (such as map view settings). We do not use advertising cookies or third-party tracking pixels.
Firebase may use certain technical identifiers to maintain authentication sessions. These are strictly necessary for the Service to function and are not used for advertising purposes.
Section 10
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include Firebase security rules, role-based access controls, and encrypted data transmission (HTTPS).
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
Section 11
Children's Privacy
Froad is not intended for children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.
Section 12
International Data Transfers
Our service infrastructure is provided by Google (Firebase) and Paddle, which may involve transferring your data outside of Iceland or the EEA. These providers comply with applicable data protection regulations, including standard contractual clauses and adequacy decisions where applicable.
Section 13
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
For significant changes, we will make reasonable efforts to notify you by email or via an in-app notification.
Section 14
Contact & Questions
For any questions, requests, or concerns about your privacy, please contact us: