Privacy Policy

Last updated: 3 July 2026

1. Introduction and Data Controller

CrossWays is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you use our application.

  • Data Controller: Ulrik Birkjaer, operating as a private individual in Norway.
  • Contact Email: [email protected]

2. No Real-Time Tracking

CrossWays does not track your physical location in real-time. We do not access your device's background location services, and we do not continuously monitor your movements via GPS.

3. Data We Collect and Why

We only collect personal data that you voluntarily provide to us to perform our contract with you (GDPR Article 6(1)(b)) or based on your explicit consent (GDPR Article 6(1)(a)):

  • Account Information: Email address, username, password, and optional profile details required to create your account.
  • User-Submitted Historical Locations: The past dates, times, and names of locations you voluntarily type into or select within the app. This is necessary to match you with other users who visited the same place at the same time.
  • In-App Communication: Messages, reports, or interactions you exchange with other users through our encrypted in-app messaging system.

4. How We Display and Protect Your Anonymity

When you post a historical location, you can choose to make the post under an anonymous/pseudonymous profile. While other users will see that someone was at that location at that specific time, your account email and real identity are shielded. However, please be mindful that posting highly unique or personal routines (e.g., small local workplaces or private residences) may allow others who know your habits to infer your identity.

5. Data Retention Policy

To comply with the GDPR principle of data minimization, we enforce strict data deletion rules across our databases and servers:

We retain information for as long as necessary to provide the services. We generally retain information associated with your account until you delete it. However, to prevent indefinite storage of old data, we automatically purge all historical posts and anonymize accounts that have been completely inactive for more than twelve (12) consecutive months.

6. International Data Transfers

As CrossWays is an international application, your data may be stored on cloud servers located outside your home country (for example, secure servers within the EU/EEA or the United States). If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to guarantee your data receives an equivalent level of protection.

7. Data Sharing and Third Parties

We never sell your personal information or location history to third-party advertisers or data brokers. We only share data with trusted infrastructure providers (such as our database and hosting service providers) who are legally bound to protect your data solely to run the app. We may disclose data if legally required to do so by law enforcement or a valid court order under Norwegian or international law.

8. Your Data Protection Rights

Regardless of where you live, you have strong rights over your data. Under the GDPR and equivalent regional laws, you can exercise the following rights through your app settings or by emailing us:

  • Right to Access & Portability: You can request a copy of all data we hold about you.
  • Right to Correction (Rectification): You can update your profile and account information at any time.
  • Right to Deletion (To Be Forgotten): You can delete your historical posts or delete your entire account, which triggers a permanent purge of your data from our systems.
  • Right to Withdraw Consent: You can delete any active post at any time, immediately ending the processing of that specific data.

9. Complaints

If you reside in the EU/EEA and believe we have processed your data unlawfully, you have the right to lodge a formal complaint with your local Data Protection Authority or the Norwegian Data Protection Authority (Datatilsynet).