ArGo Privacy Policy
How we collect, use, and protect your personal data in the ArGo app.
1. Introduction
ArGo (“we”, “us”, “our”) is developed and operated by North Star Group (“NSG”), a company registered in Switzerland. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the ArGo mobile application (“App”) and related services.
We take your privacy seriously. ArGo is designed for the Swiss market and complies with:
- Swiss Federal Act on Data Protection (nFADP / revDSG), in force since 1 September 2023
- EU General Data Protection Regulation (GDPR), applicable to EU residents
If you have questions about this policy, contact us at: privacy@northstargroup.ch
2. Data Controller
North Star Group
Switzerland
privacy@northstargroup.chIf you are in the EU/EEA, North Star Group also acts as the data controller under GDPR.
3. Data We Collect
3.1 Account Data
When you create an account (via Apple Sign In), we receive:
- Apple User ID (an opaque, anonymized identifier Apple provides)
- Email address (if you choose to share it with us)
- Display name (if you choose to provide one)
3.2 Profile Data (Optional)
- Profile photo / avatar
- Dietary preferences (used to inform trip planning)
- Emergency contact information
3.3 Trip Data
- Trip details: title, description, destination, dates, cover images
- Sub-events and itinerary items
- RSVP status and attendance preferences
- Documents you upload (boarding passes, tickets, etc.)
3.4 Expense Data
- Expense entries: amounts, currency, category, description
- Payment records and settlement status
- Exchange rate data (fetched from a third-party API, no personal data sent)
3.5 Transport / Carpooling Data
- Ride details: departure location, destination, seats, departure time
- Route information for carpooling (via Apple MapKit — processed on-device)
3.6 Communication Data
- Chat messages sent within trips
- Push notification tokens (APNs)
3.7 Technical Data
- Device model, OS version, app version
- Crash reports (anonymous stack traces, no PII in crash reports)
- Anonymous usage analytics (feature interactions, session duration, screen flows)
3.8 Data We Do NOT Collect
- Precise location data (we never request continuous GPS access)
- Contacts from your phone address book
- Browsing history or data from other apps
- Advertising identifiers (no ad tracking)
4. How We Use Your Data
| Purpose | Legal Basis (GDPR) | Legal Basis (nFADP) |
|---|---|---|
| Provide and operate the App | Contract performance (Art. 6(1)(b)) | Contractual necessity |
| Push notifications for trip updates | Consent (Art. 6(1)(a)) | Consent |
| Diagnose crashes and fix technical issues | Legitimate interest (Art. 6(1)(f)) | Legitimate interest |
| Measure app usage (anonymous analytics) | Legitimate interest (Art. 6(1)(f)) | Legitimate interest |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) | Legal obligation |
| Improve the product based on usage patterns | Legitimate interest (Art. 6(1)(f)) | Legitimate interest |
We do not use your data for advertising, profiling, or selling to third parties.
5. Data Storage and Transfers
5.1 Where Your Data Is Stored
All ArGo user data is stored on Supabase, hosted in the EU (Frankfurt, Germany) region on AWS infrastructure. Frankfurt is within the EU/EEA, ensuring GDPR compliance for all data transfers.
5.2 Data Transfers Outside EU/EEA
- Sentry (crash reporting): Sentry Inc. (US). IP anonymization applied; PII scrubbed from crash reports. Transfer covered under Standard Contractual Clauses (SCCs).
- PostHog (analytics): PostHog Inc. (US/EU). Used in self-hosted EU mode where possible; if cloud, SCCs apply.
- Apple (Sign In with Apple, APNs):Apple's global operations covered by their GDPR commitments and SCCs.
We do not transfer data to any other third parties.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Trip data | Until trip creator deletes it, or account deletion |
| Expense data | Until account deletion |
| Chat messages | Until trip is deleted or account deletion |
| Crash reports | 90 days (Sentry auto-purge) |
| Analytics data | 12 months (aggregated, anonymized after 90 days) |
| Backup data | 7 days rolling backup (Supabase) |
After the retention period expires, data is permanently and irreversibly deleted.
7. Sharing Your Data
We share data within ArGo with other trip participants as the normal function of the app (e.g., your RSVP status is visible to your trip co-participants).
We do not sell your data. We share data outside the app only with:
- Supabase (hosting/database) — as a data processor under DPA
- Sentry (crash reporting) — anonymized crash data only
- PostHog (analytics) — anonymized usage data only
- Apple (Sign In, APNs) — as required for app functionality
- Legal authorities — only if required by Swiss law or a valid court order
8. Your Rights
Under nFADP and GDPR, you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Obtain a copy of your personal data | Settings → Privacy → Request Data Export |
| Rectification | Correct inaccurate data | Edit your profile in-app |
| Erasure | Delete your account and all associated data | Settings → Privacy → Delete Account |
| Restriction | Limit how we process your data | Email privacy@northstargroup.ch |
| Portability | Receive your data in machine-readable format | Settings → Privacy → Request Data Export |
| Objection | Object to processing based on legitimate interest | Email privacy@northstargroup.ch |
| Withdraw consent | Withdraw consent for push notifications | iOS Settings → Notifications → ArGo |
We respond to all privacy requests within 30 days. For complex requests, we may extend by 60 additional days with notification.
You also have the right to lodge a complaint with:
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch
- EU/EEA: Your local supervisory authority
9. Data Deletion Mechanism
9.1 Account Deletion (Full)
Accessible via: Settings → Privacy → Delete Account
When you request deletion:
- A confirmation prompt is shown with a clear explanation of what will be deleted
- You confirm by entering your name or tapping a destructive confirm button
- Deletion is processed immediately (not deferred)
- All your personal data is hard-deleted from the primary database
- Backups are purged within 7 days (Supabase backup retention)
- Trip data where you are the sole creator is deleted
- Trip data where other users participate: your identity is replaced with “Deleted User”; expense entries are retained as anonymous records; RSVP history is removed; chat messages replaced with “[Message deleted]”
- A confirmation email is sent to your registered email address
9.2 Trip Data Deletion
Trip creators can delete entire trips from trip settings. This removes all associated data (RSVP, expenses, transport, chat) for all participants.
9.3 Selective Data Deletion
Users can delete individual:
- Profile photos
- Emergency contact information
- Dietary preferences
- Specific expense entries (if they are the expense creator)
10. Children's Privacy
ArGo is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, contact privacy@northstargroup.ch and we will delete it promptly.
11. Security
We implement the following security measures:
- All data in transit is encrypted via TLS 1.3
- All data at rest is encrypted using AES-256 (managed by Supabase/AWS)
- Row-Level Security (RLS) policies ensure users can only access their own trip data
- Authentication via Apple Sign In (no passwords stored by ArGo)
- Regular security audits of RLS policies
- No storage of sensitive financial data (we track settlements but do not process payments)
12. Cookies and Tracking
ArGo is a mobile app. We do not use cookies. We use:
- PostHog analytics SDK: Tracks anonymous in-app interactions (no PII)
- Sentry SDK: Captures crash reports (PII scrubbed before transmission)
You can opt out of analytics in: Settings → Privacy → Analytics Preferences
13. Changes to This Policy
We will notify you of material changes to this Privacy Policy via:
- In-app notification before the change takes effect
- Email notification (if you have provided your email)
Continued use of ArGo after the effective date constitutes acceptance of the updated policy. If you do not agree, you may delete your account.
14. Contact
North Star Group
Privacy Team
privacy@northstargroup.chFor EU/EEA residents with GDPR inquiries, you may also contact our Data Protection representative at the same address.