Privacy Policy
Last updated: 8 June 2026 · Version 1.0
This policy explains which personal data is processed when you use the RailFree app and its servers, for what purpose and on what legal basis. It follows the Swiss Data Protection Act (revFADP) and is designed to also meet the requirements of the EU General Data Protection Regulation (GDPR).
1. Controller
The controller for data processing in connection with RailFree is Roland Bieg. Contact: support@railfree.app. A full business address will be added ahead of the planned market launch in the EU.
2. Scope
This policy applies to the RailFree iOS app and the backend we operate. It does not apply to the independent processing carried out by Apple or Google in the context of the App Store, Sign in with Apple or Google sign-in; their own privacy policies apply to that.
3. What data we process and why
Account data
When you register, we process your email address, a password (stored only as a cryptographic hash using Argon2id, never in clear text), the verification status of your email address and — depending on the sign-in method you choose — the identifier from your sign-in provider (Apple or Google). For “Sign in with Apple” we additionally store an Apple token in encrypted form (AES-256-GCM) so that we can fully revoke your account at your request. Purpose: account management, sign-in, recovery.
Authentication and security data
For your signed-in session we process sign-in tokens (stored only as a hash) and sign-in attempts (time and success/failure — without IP address). Purpose: secure sign-in and abuse prevention.
Subscription data
For the paid features we process your plan, the end of any trial period and your subscription status. Processing of the purchase is handled by Apple (in-app purchase) and our service provider RevenueCat; internally we use a pseudonymous identifier for this. Purpose: unlocking the paid features.
Usage and configuration data
We store the level crossings you have selected so that your list can be shown to you. Purpose: providing the core function.
Calibration observations (anonymous)
When you report in the app that a barrier is “closed now” or “open now”, we store the event type and time together with an anonymous, per-installation identifier. This identifier is not linked to your account. Purpose: improving prediction accuracy.
Diagnostic data
To keep the app stable we collect anonymous crash and error reports through the service Sentry. We deliberately configure Sentry so that no personal data is collected on purpose. Purpose: error diagnosis and stability.
Support communication
If you contact us, we process the content of your message and your sender address in order to respond to your request.
IP address
Your IP address is processed only temporarily when you access our servers, for abuse prevention and rate limiting. It is not stored permanently in our database.
4. Legal bases
We process your data in line with the principles of proportionality and purpose limitation. Where the GDPR applies, we rely on the following bases: performance of the contract (account, provision of the subscription), our legitimate interest (security, abuse prevention, anonymous diagnostics and improvement of the service) and, where applicable, your consent.
5. Recipients / processors
To provide RailFree we use carefully selected processors:
| Service | Provider / location | Purpose |
|---|---|---|
| Apple | Apple Distribution International Ltd. (IE) / Apple Inc. (US) | Sign-in (Sign in with Apple), purchase and subscription handling |
| Google LLC (US) | Sign-in (only if you choose Google sign-in) | |
| RevenueCat | RevenueCat, Inc. (US) | Subscription management |
| Hetzner | Hetzner Online GmbH (DE / EU) | Hosting of servers and database |
| Sentry | Functional Software, Inc. — EU data region | Crash and diagnostics reporting |
| Postmark | ActiveCampaign, LLC / Wildbit (US) | Sending transactional emails (e.g. password reset) |
6. International transfers
Our servers and database run on Hetzner in Germany (EU). Some of the services listed above are located in the USA. Where data is transferred to a country without an equivalent level of data protection, we rely on appropriate safeguards, in particular the Standard Contractual Clauses.
7. Retention
We retain account data for as long as your account exists. After deletion, only a pseudonymous log entry (without any personal reference) remains to document the deletion. Anonymous calibration observations have no personal reference and may continue to be used to improve the service. Sign-in tokens are removed after expiry or revocation.
8. Your rights
You have the right to access, rectification, erasure, restriction and objection, as well as to receive or transfer your data. You can delete your account and the associated personal data yourself at any time: in the app under Settings → Account → Delete account. For any further requests you can reach us at support@railfree.app. You also have the right to lodge a complaint with a supervisory authority — in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC).
9. Data security
We take appropriate technical and organisational measures, including password hashing (Argon2id), encryption of sensitive fields (AES-256-GCM), encrypted transmission (TLS), hashing of sign-in tokens, rate limiting and redaction of sensitive fields in our logs.
10. Children
RailFree is not directed at children. The app is intended for persons aged 16 and over; we do not knowingly collect data from persons under the age of 16.
11. Changes to this policy
We may update this privacy policy. The version published here, with the date stated above, is authoritative. We will provide notice of material changes in an appropriate manner.
12. Contact
For privacy questions you can reach us at support@railfree.app.
See also: Terms of Service · Support