WheelingTrips
Get started free

Legal

Privacy Policy

Last updated:

Short version: trips are private by default, we pass payment data to our payment processor and routing data to our mapping provider, and we don't sell anything to advertisers. The long version is below. Including the parts that say what we don't do, because that's usually what you actually want to know.

Who runs WheelingTrips

WheelingTrips is operated by Lithium Holdings, LLC, an Iowa limited liability company, doing business as WheelingTrips. References to "we," "us," or "WheelingTrips" in this policy mean Lithium Holdings, LLC.

What we collect

We only collect what we need to run the service. Specifically:

  • Account info. Your name, email address, and a hashed password. If you turn on two-factor authentication, we store the secret used to verify your codes.
  • Trip data you create. Trip names and dates, waypoints (coordinates and address text), routes, segments, activities, fuel cost overrides, and the vehicle profiles you build in your garage (year, make, model, MPG, tank size).
  • Optional buddy contact info. If and only if you choose to share it with the buddies on your trips. Phone number, mailing address, and social handles are all off by default and can be turned on per field. You can revoke them at any time, per field.
  • Billing metadata. A customer ID issued by our payment processor, the plan and price you're on, and the subscription status. Credit card numbers and billing addresses live with the payment processor; we don't see them.
  • Standard server logs. IP address, browser user-agent, and request timestamps, retained for security and debugging. These are not used to build a profile of you or to advertise to you.

How we use it

  • Show you your own trips, your garage, and your settings.
  • Share trip data with the buddies you invite, at the permission level you chose for each.
  • Generate revocable read-only share links when you ask for one.
  • Calculate fuel cost estimates from your vehicle's MPG and the route mileage.
  • Send transactional email. Verify your email, confirm a password reset, deliver a buddy invite, receipt a payment.
  • Process subscription payments through an external payment processor.
  • Plot routes and search for places through an external mapping provider.
  • Investigate security incidents and fix bugs.

Who we share it with

We hand off specific pieces of data to a small set of vendors that make the service possible. That's the list. Nobody else.

  • Our payment processor. Handles all payment processing. When you subscribe, the processor sees your card number, billing address, and any related payment data. We see only an internal customer ID and the subscription status. PCI compliance is the processor's problem, not ours.
  • Our mapping provider. Handles route plotting, geocoding, and place search. When you drop a waypoint or search for a place, the mapping provider sees the coordinates and the search query. Requests are routed server-side, so the provider does not see your account identity.
  • Our transactional email provider. Handles outbound email. When we send a verification, reset, invite, or receipt, the email provider sees the recipient address, subject, and body.
  • Current vendor list. The specific companies behind the categories above can change over time as we move infrastructure. You can request the current list at privacy@wheelingtrips.com.
  • Buddies on your trips and people you give share links to. They see the trip data you've authorized them to see. Buddies see other buddies' names and any contact info each buddy has opted in to share. Public share-link viewers see buddies as "First L." with no contact info or email addresses.
  • Legal compliance. If we're served a valid legal demand, we may have to disclose data. We'll push back where we can.

What we don't do

The point of listing these is that you can verify them. If any of these change, this policy gets updated first.

  • We don't sell your data. Not to advertisers, not to data brokers, not to anyone.
  • We don't run third-party analytics, advertising pixels, or cross-site trackers. No Google Analytics, no Meta pixel, no Hotjar, none of that.
  • We don't publish your trips. A trip becomes visible to anyone only if you explicitly generate a public share link, and we mark those pages noindex so they don't end up in search engine caches after you revoke the link.
  • We don't send marketing email. Only transactional. Verify your address, password reset, buddy invite, payment receipt, account notice.
  • We don't sell, rent, or trade buddy contact info, even for buddies who have opted to share their phone number or social handles with their trip group.

Cookies and session storage

WheelingTrips uses one first-party session cookie to keep you signed in and to protect against cross-site request forgery (CSRF). We don't use third-party tracking cookies. The browser also uses local storage for small UI preferences like your dark-mode setting; that data stays on your device.

How long we keep your data

  • Account and trip data. Kept while your account is active.
  • After you delete your account. Your trips, garage, gear lists, and personal profile data are removed from our live systems immediately. Encrypted backups age out within thirty days, after which the personal data is gone for good.
  • Uploaded photos and media. When you remove a photo or delete your account, the photo is detached from your trip and your profile but is not deleted from our storage. Detached media is no longer linked back to you and is retained under the license described in section 6 of the Terms of Service for ongoing service improvement and marketing. If you want a specific photo fully deleted from our storage, email privacy@wheelingtrips.com from the address on your account and we'll honor the deletion.
  • Billing records. Kept for as long as we're legally required to keep them for tax and accounting purposes, even after account deletion.
  • Server logs. Typically thirty days.

Deleting your account

You can delete your account at any time from your account settings. If you can't get to the settings page, email privacy@wheelingtrips.com from the address on your account and we'll do it for you.

Deletion is permanent. We can't restore a trip or a vehicle profile after the backups age out.

Your rights

Depending on where you live, you may have specific rights under privacy laws like GDPR, UK GDPR, CCPA, or similar regional rules. Including the right to access, correct, export, or delete your personal data, and to object to certain processing. To exercise any of these rights, email privacy@wheelingtrips.com from the address on your account.

We won't retaliate against anyone for exercising a legal privacy right.

Children's privacy

WheelingTrips is not directed at children under 13, and we don't knowingly collect personal information from anyone under 13. If you believe a child has signed up, email privacy@wheelingtrips.com and we'll delete the account.

Where your data is stored

WheelingTrips is operated from the United States. By using the service, you understand that your data will be processed in the United States, which may have different privacy protections than your home country.

Changes to this policy

If we change anything material. Adding a new third-party service that sees user data, changing what we collect, changing retention. We'll update the "last updated" date at the top and email account holders before the change takes effect. The current version always lives at this URL.

Contact

Privacy questions, complaints, or requests to access or delete your data: privacy@wheelingtrips.com.