Drup Trails is operated by me, Audun Larsen Oddekalv. I operate the service using european tools, and I am subject to Norwegian law, one of the strongest privacy laws in the world.

• Account data: name, email address, and team membership needed to authenticate users and enforce access rules.
• Tracker data: tracker identifier, tracker token, and relation to teams.
• Location data: coordinates, timestamps, and related metadata sent by OwnTracks from your device.
• Operational metadata: request logs, usage metrics, and security events used to protect and maintain the service.

• Provide maps, history, and team views for authorized members.
• Route incoming OwnTracks reports to the right tracker and team scope.
• Monitor performance and detect abuse or unauthorized access attempts.
• Improve reliability and fix platform issues.

• Your location data is visible to members of teams that your tracker is attached to.
• We do not sell location data to advertisers or data brokers.
• We may share limited information with processors that host infrastructure or provide security services, only as needed to run the platform.
• We may disclose data when legally required by valid process.

• Transport uses secure HTTPS endpoints. You are responsible for securing your devices and account credentials.
• Tracker tokens should be treated like passwords and rotated if exposed.
• Data retention depends on operational needs and policy decisions of the deployment operator.

• Manage tracker-to-team assignments to control who can access location streams.
• Request export or deletion where available under applicable law and deployment policy.
• Contact your operator for correction of account data and privacy requests.