Motocamp EU — Privacy Policy

Last updated: 14 July 2026

Overview

Motocamp EU is a trip-planning and mapping app for motorcyclists, vans and overlanders in Europe and the UK. This policy explains what personal data we process, why, on what lawful basis, how long we keep it, who else it reaches, and the rights you have over it.

It is written to meet the EU General Data Protection Regulation (GDPR) and the UK GDPR. Where those laws use the word controller — the party that decides why and how your data is processed — that party is us.

Who We Are (Controller)

Motocamp EU, operator of motocamp.eu. For any privacy question, or to exercise any of the rights below, contact privacy@motocamp.eu. We answer data-subject requests within one month, as the GDPR requires. Our full legal and postal details are available on request from the same address.

Data We Process

The app is account-gated and paid, so — unlike a purely local map — we do process personal data. Specifically:

DataWhyLawful basis
Account — username, hashed password, account status, recovery code hash, sign-in timestamps To create your account, sign you in, gate the app, and let you recover access. Sign-in uses a username, not an email address. Contract (Art. 6(1)(b)) — we cannot give you the service you signed up for without it.
Subscription — subscription state, plan, trial and renewal dates, and the customer/subscription identifiers Stripe gives us To take payment and to know whether your access is active. Contract (Art. 6(1)(b)); and legal obligation (Art. 6(1)(c)) for tax and accounting records.
Payment card details Handled entirely by Stripe on Stripe's own pages. We never see, receive or store your card number. Contract (Art. 6(1)(b)), processed by Stripe as its own controller for payment and fraud purposes.
Saved routes — the start, end and waypoints of routes you choose to save to your account So your routes follow you between devices. Contract (Art. 6(1)(b)). Routes you don't save never leave your device.
Server and security logs — IP address, timestamp, request path, user agent, held by our hosting provider To keep the service up, to block abuse, and to investigate incidents. Legitimate interests (Art. 6(1)(f)) — securing and operating the service. You may object; see your rights below.

We do not run analytics, advertising, or tracking of any kind. There is no Google Analytics, no Meta pixel, no ad network, and no profiling. We do not sell or share your data with anyone for marketing.

Location and Sensor Data

The app requests your device's GPS location to centre the map, show speed, heading, altitude and lean angle on the ride dashboard, measure distance to campsites and services, and run compass navigation. It may also read motion sensors (accelerometer, gyroscope, compass) for the dashboard.

Your location and sensor data are processed on your device and are never sent to our servers or stored by us. The app works without them: you can deny the permission and use the map by hand.

One consequence worth stating plainly: when a map tile, a weather forecast, a search result or a route is fetched, the request necessarily tells that third-party service roughly where on the map you are looking. That is inherent to an online map. Download an offline area in advance and the map works with no requests at all.

Data Stored on Your Device

The app stores the following locally, using browser storage (localStorage, IndexedDB, Cache API):

You can erase all of it at any time by clearing this site's data in your browser or device settings.

Third-Party Services

These are the services the app and its backend actually use. Each of them may see your IP address, and — for the mapping services — the coordinates or search terms you request.

ServiceWhat it doesWhat it sees
SupabaseprivacyAccount authentication and database (our processor)Your username, hashed password, subscription state, saved routes
StripeprivacySubscription payments and billing portalYour card and billing details, which it holds as its own controller. We receive only the identifiers and subscription status.
CloudflareprivacyHosting, CDN and backend functions (our processor)IP address and request logs
Stadia MapsprivacyMap tilesIP address, the tiles you request
OpenStreetMap / Overpass APIprivacyThe underlying map data, and the live POI layers (fuel, water, huts, and the rest)IP address, the map area you are querying
Open-MeteotermsWeather forecasts and elevationIP address, the coordinates you ask about
RainViewerprivacyLive rain-radar tilesIP address, the tiles you request
Photon / NominatimprivacyPlace search (geocoding)IP address, what you type into the search box
BRouter / OSRMRoute calculationIP address, the start, end and waypoints of a route you plan

We have no control over how these providers handle data. Where one acts as our processor (Supabase, Cloudflare) it is bound by a data-processing agreement and may only act on our instructions. Where a provider stores data outside the EEA or the UK, that transfer is made under an approved transfer mechanism such as the Standard Contractual Clauses or the UK Addendum.

How Long We Keep It

Your Rights

Under the GDPR and UK GDPR you have the right to:

To exercise any of these, email privacy@motocamp.eu from the account you want to act on, or include enough detail for us to identify it. We will respond within one month and will not charge you for it.

You also have the right to complain to a supervisory authority — in the EU, the data-protection authority of the country you live or work in; in the UK, the Information Commissioner's Office. We would rather you came to us first, but that right is yours regardless.

Security

Traffic to the app is encrypted in transit (HTTPS). Passwords are stored only as hashes — we cannot read yours. Access to the production database is restricted to the operator. If a breach ever puts your rights at risk, we will notify the supervisory authority within 72 hours and tell you directly where the law requires it.

Cookies & Tracking

We use no cookies for analytics, advertising or tracking. The only data kept in your browser is what the app needs to work — the items listed under "Data Stored on Your Device" — which is why the app does not ask for cookie consent.

Automated Decision-Making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

Children's Privacy

The app is not directed at children and we do not knowingly process data from anyone under 16.

Changes to This Policy

We may update this policy. The "last updated" date at the top will change, and we will tell you in the app if the change is material.

Contact

Questions, requests or complaints: privacy@motocamp.eu