Privacy Policy
Last updated: 2026-05-20
Mile-Shift is a local-first mileage and shift-tracking app. Your trip and shift data lives on your device and is never sent to a server operated by us. This document describes exactly what data the app handles, where it lives, and what network access exists.
TL;DR
- Your trip data (GPS, addresses, mileage, shifts) never leaves your device. We do not have a server-side copy.
- To use the app you must accept Apple's introductory subscription offer (30 days free, then $4.99/month or $39.99/year) via Apple's standard in-app purchase sheet. Apple — not us — manages the trial, the payment, and your Apple ID. Apple does not share your Apple ID with us.
- Optional Mile-Shift account: if you choose to create one, you unlock cross-device sync and the $10 referral program. We then store the minimum data listed below.
1. What we collect — by mode
Apple-IAP-only mode (default — no Mile-Shift account)
No data leaves your device to our servers. The only network call the app makes during normal use is to Apple's StoreKit (or Google Play Billing on Android), to verify that your subscription is active.
We do not know your Apple ID, name, email, or payment method. Apple gives us only a signed transaction receipt and an obfuscated transaction ID. See "Subscription billing" below.
Signed-in mode (optional, only if you create a Mile-Shift account)
To deliver cloud-sync and the referral program, we store the following on AWS infrastructure operated by us in the United States (us-east-1):
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account identifier; verification & password reset | Until account deletion |
| Cognito user ID (UUID, not your name) | Stable identity across email changes | Until account deletion |
| Subscription state (active / expired / refunded) | Entitlement check on app launch | + 7 years (tax/billing audit) |
| App Store / Google Play transaction ID | Validates that you really paid; handles refunds | + 7 years |
| Referral code + referrer/referee links | Awards $10 per qualifying paid referral | Until account deletion |
We do not store: GPS trip data, addresses, trip purposes, working hours, mileage history, or any of your driving behavior. Those stay on your device.
2. Subscription billing
Apple's Introductory Offer (iOS): when you tap "Start free trial" in the app, Apple's StoreKit sheet authenticates you using your Apple ID (Face ID / Touch ID / password). Apple charges $0 for the first 30 days, then auto-renews at $4.99/month or $39.99/year depending on which plan you selected. You can cancel anytime in Settings → [your name] → Subscriptions on your iPhone — if you cancel before day 30, you are never charged. Apple manages this entire flow; we are not informed of your Apple ID and we never see your credit card or bank details.
Auto-renewal disclosure (Apple App Store rule 3.1.2(a)): subscriptions automatically renew unless you cancel at least 24 hours before the end of the current period. Your Apple ID is charged for the renewal within 24 hours of the period end. Refunds and cancellations are managed entirely through your App Store account.
3. Where your data lives
On your device
All trip data, shift data, addresses, and preferences are stored in a SQLite database inside the app's sandbox:
- iOS:
~/Library/LocalDatabase/mileshift.db - Android:
/data/data/app.mileshift.mobile/databases/mileshift.db
On our servers (signed-in mode only)
- DynamoDB in AWS
us-east-1— one row per user, plus billing audit history. - Cognito User Pool in AWS
us-east-1— your email + hashed password + sign-in metadata. - CloudWatch Logs — request logs (no trip data), retention 30 days.
We do not use any third-party analytics, ad networks, or tracking SDKs.
4. Permissions the app requests
| Permission | Why | When |
|---|---|---|
| Location (When-In-Use) | Draw your current location on the Today map; record GPS during a manually-started trip. | First time you tap Start trip. |
| Location (Always) | Detect drives automatically without you having to open the app. | Only when you toggle Auto-detect drives on in Settings. |
| Motion & Fitness (iOS) | Distinguish driving from walking/cycling so we don't record a walk as a trip. | Only when Auto-detect is on. |
| Notifications | Show a small indicator while a drive is being recorded, and trial / billing alerts. | Only after you opt in. |
GPS data is never transmitted off-device.
5. Account deletion
You can delete your Mile-Shift account at any time from Settings → Account → Delete account. On confirmation:
- Your Cognito user record is permanently removed.
- All Mile-Shift DynamoDB rows tied to your account (subscription audit history, referral data) are deleted within 30 days.
- Trip data on your device is not affected — the app keeps working offline.
Active Apple subscriptions must be cancelled separately through Settings → Apple ID → Subscriptions, since Apple controls that billing relationship.
6. Children
Mile-Shift is not intended for anyone under 13.
7. Changes to this policy
We will surface any material change in the app before it takes effect. The version date at the top of this document is authoritative.
8. Contact
Questions about this policy: privacy@mile-shift.com