Who we are
Rada is a Tallinn public transport app. In this policy, Rada,
we, us, and our mean the current
publisher and operator of the Rada app and the backend domain
https://api.radaapp.ee. Final corporate registration details may be
published later, but this policy already applies to the live service.
Data we process
The tables below summarize the main categories of data we process in the launch version of the app.
| Category | What it includes | Why we process it | Retention |
|---|---|---|---|
| Core location data | Your current location when you grant While Using App location permission. | To center the map, show nearby stops, and use your current location as a trip origin. | Feature-scoped. We do not use this core location permission as a general background tracking feed. |
| Transit search and planning requests | Stops, routes, place queries, trip-planning requests, and related request metadata. | To return route planning, stop departures, timetable data, route details, and place search results. | Short-lived request handling and service caching. Depending on the feature, cache windows are typically measured in seconds, minutes, or up to about one hour. |
| Local app data | Favorite places, favorite stops, favorite routes, recent searches, routing preferences, and active-trip state stored on your device. | To remember your preferences and make repeat journeys faster. | Stored on your device until you delete the data, reset the app, or remove the app. |
| Product analytics | Launch analytics events such as screen views, stop opens, route opens, itinerary requests and selections, favorite additions, search result type and context, and error presentation events. | To measure app quality, understand feature usage, and improve the product. | Up to 180 days for event-level analytics, followed by aggregated reporting where needed. |
| Optional mobility insights | Foreground-only mobility contribution events based on an H3 tile, a 15-minute bucket, an accuracy band, a transport mode, and a rotating session hash. No raw GPS coordinate history is uploaded. | To support opt-in mobility research and future aggregate mobility insights. | Up to 7 days in the local queue if upload is delayed, up to 30 days for raw server-side events, and longer only for anonymized aggregate outputs. |
| Security and anti-abuse processing | IP addresses, request paths, timing, rate-limiting state, and operational logs. | To secure the API, enforce rate limits, investigate incidents, and keep the service reliable. | Rolling operational retention, kept only as long as reasonably needed for security and troubleshooting. |
Product analytics
Rada uses PostHog with EU-region hosting for launch analytics. We configure analytics to avoid session replay and to avoid intentionally sending exact coordinates or raw free-text search content as analytics properties.
Optional mobility insights
Mobility insights are a separate, optional program and are off by
default. If you enable them in Settings, collection is limited to times when
the app is active and location access is granted. The app uploads coarse
tile_id and bucket_start values rather than a raw breadcrumb
trail.
Data we do not intentionally upload for mobility insights
- Raw latitude and longitude history
- 24/7 background location tracking
- Stable device advertising identifiers for the mobility research panel
- Nearby sponsored offers or marketing data, which are not active in this build
Service providers and sharing
We use service providers to run the product. At launch, the main providers are:
- Hetzner, which hosts the backend infrastructure in the EU.
- PostHog EU, which processes product analytics events.
- Public transport and search upstreams that our backend routes to, including services used for trip planning, geocoding, and Tallinn transport data.
We do not sell raw personal movement data. We may disclose data if needed to comply with law, protect the service, or enforce our terms. If we later introduce new data processors or monetization products, we will update this policy before that change takes effect.
Retention
- Favorites, recent searches, and routing preferences stay on your device until you delete them.
- Queued optional mobility events older than 7 days are discarded on device.
- Raw optional mobility events on the server are retained for up to 30 days.
- Event-level product analytics are retained for up to 180 days.
- Anonymous or aggregated statistics may be kept longer when they no longer identify you.
Security
We use HTTPS, reverse-proxy protections, API authentication, rate limiting, and access controls intended to protect the service. No system is perfectly secure, but we design the backend to minimize data collection and restrict access to the data we do hold.
Your choices and rights
Depending on where you live, you may have rights to access, correct, delete, or object to certain processing of your personal data. We will handle requests according to applicable law, including the GDPR where it applies.
- Use iOS settings to control While Using App location permission.
- Use the app's Settings screen to clear search history and reset local app data.
- Use the app's Settings screen to disable mobility insights at any time.
- If you previously enabled mobility insights, use the app's Delete contributed mobility data action to clear queued events and send erasure requests for retained session hashes.
- Contact us at support@radaapp.ee for privacy requests.
This section may also be used as the linked User Privacy Choices page in App Store Connect.
Contact
Privacy questions and data rights requests: support@radaapp.ee
General support: support@radaapp.ee
If our operator name or contact details change, we will update this page and show the new details here.