Xopoz

1. Introduction

Xopoz ("we", "us", "our") is a privacy-first GPS team tracking application for Android. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

Xopoz is developed by Tiritix. By using the Xopoz application, you agree to the practices described in this policy.

2. Data We Collect

2.1 GPS & Location Data

• Real-time GPS positions from your device's native GPS hardware (not Google Play Services).
• Position history with a configurable retention period (1 – 30 days).
• All GPS coordinates are encrypted on your device before transmission. The server stores only ciphertext and holds no decryption keys.

2.2 Device Information

• Device name and security identifier (SecId).
• GPS hardware capabilities, compass heading, and movement sensor data.
• Battery level, power state, and Android OS version.

2.3 Account & Team Data

• Email address (required for registration — no phone number needed).
• Display name and optional device emoji/avatar.
• Team membership status and role (Creator, Admin, or Member).

2.4 Usage Data

• Map preferences (zoom level, tile server, navigation mode).
• Points of Interest you save (private or team-shared). POIs are never created automatically — you must explicitly save each one. Once saved, private POIs synchronise across all your devices, and team-shared POIs synchronise across all team members' devices. Note: POI coordinates (both private and shared) are stored unencrypted on the server to enable server-side proximity features and search.
• Geofence configurations and entry/exit events.
• Emergency SOS alerts (encrypted, including your position).

3. Data We Do NOT Collect

• Phone numbers or contact lists.
• Calendar, SMS, or call data.
• Advertising identifiers or analytics tracking.
• Browsing history or app-usage profiling.
• Data from third-party data brokers.

4. How We Protect Your Data

4.1 End-to-End Encryption

Every GPS position is encrypted on your device using team-specific AES-CBC encryption with a 16-byte key before it leaves your phone. The server receives and stores only encrypted data — it cannot read your location.

4.2 Team-Based Key Isolation

Each team has its own independent encryption key, stored in the Android Keystore on your device. Keys are never transmitted to or stored on the server. If you belong to multiple teams, the same position is encrypted separately for each team.

Important: The encryption key is static for the lifetime of a team. It is embedded in the Group Ticket (join token) used to invite new members. Anyone in possession of a valid Group Ticket can join the team and decrypt all team members' positions. It is the responsibility of team members to keep their Group Ticket confidential and share it only with trusted individuals.

4.3 Credential Security

Passwords and security tokens are hashed (HMAC-SHA256). Authentication data is stored encrypted on-device using AES-CBC with a device-specific key.

4.4 Secure Deletion

When data is deleted — either by you or automatically — we take reasonable steps to overwrite files and database entries before removal, including writing over stored coordinates with fake values. Due to the nature of flash storage and wear leveling on mobile devices, complete erasure cannot be guaranteed at the hardware level, but this represents a best-effort measure. Deletion is permanent; there are no automated backup systems.

4.5 No Cloud Backups

All Android backup mechanisms (Google Drive, Samsung Cloud, device-to-device transfer) are disabled. No location data, encryption keys, or databases are included in system backups.

5. Full-Trust Team Model

Xopoz operates on a full-trust principle within each team. Every member of a team can see the real-time and historical location of every other member. There is no mechanism to hide your position from specific team members or to exclude individual members from viewing others.

If a person should not have access to another person's location, they must not be in the same team. Use separate teams to enforce access boundaries.

6. How We Use Your Data

• Team coordination: sharing your encrypted position with team members who have the decryption key.
• Geofence alerts: notifying you and your team when devices enter or leave defined areas.
• Emergency SOS: broadcasting your encrypted location to your team in emergencies.
• Position history: allowing you to review your past movements within your configured retention window.

We do not sell, rent, or share your data with any third party. We do not use your data for advertising, profiling, or analytics.

7. Data Retention

• You control retention via the app's Settings (1 – 30 days).
• Data is retained only while you are a member of a team.
• When you leave a team, all your position data for that team is deleted (cascade delete).
• Uninstalling the app removes all local data. Server-side data follows the same retention policy.

8. Your Privacy Controls

Xopoz provides dual independent privacy controls:

• Local Save Permission: controls whether your position is stored on your own device.
• Push Location Permission: controls whether your position is sent to the server for team sharing.

These two controls operate independently, giving you four privacy modes — from full tracking to maximum privacy. You also have intraday tracking controls (configurable active hours, default 1:00 AM – 11:00 PM) for business-compliant time-based location sharing.

9. Your Rights (GDPR)

Processing is based exclusively on your explicit consent (GDPR Article 6(1)(a)). You have the following rights:

• Right to Access: view your data within the app at any time.
• Right to Rectification: update your profile and device information directly.
• Right to Erasure: delete your data through the app or by leaving a team. A dedicated "Delete my position from server" button removes all your position history from the server across all teams immediately. However, team members whose devices have already downloaded and cached your position history will retain that data locally until their automatic deletion cycle runs — up to a maximum of 30 days.
• Right to Data Portability: export your position history and Points of Interest as GPX, CSV, or JSON.
• Right to Withdraw Consent: disable location sharing or storage at any time without losing access to the app.

Mandatory privacy consent checkboxes are required when creating or joining a team. All consent actions are logged with timestamps.

10. Consent

Before sharing your position with any team, you must explicitly accept the following:

• "I accept to share my position with team members" — required when creating a team.
• "I accept to share my position with team members" — required when joining an existing team.

By design, it is impossible to send GPS data to the server without being a member of a team. All positions are encrypted with a team-specific key — if you do not belong to any team, no encryption key exists and no GPS data can be pushed to the server.

You can withdraw this consent at any time by disabling Push Location Permission or leaving the team.

11. Third-Party Services

• OpenStreetMap: map tiles are loaded from OpenStreetMap tile servers (or your configured custom tile server). Tile requests transmit your approximate viewport area but not your precise GPS position.
• Custom Tile Servers: if you configure a personal tile server, tile requests are sent to that server under your responsibility.

No other third-party services, SDKs, or analytics frameworks are integrated.

12. Data Storage Location

All Xopoz data is processed and stored on a single dedicated server located in Germany. No data is transferred to third countries or to any other server. There are no cross-border data transfers.

13. Cookies & Web Tracking

Xopoz does not use cookies, web tracking, or local storage for analytics or advertising purposes. No tracking technologies of any kind are integrated into the application or its web pages.

14. Children's Privacy

Xopoz is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us so we can delete it.

15. No Guarantee of Reliability

Xopoz is a location monitoring aid and does not claim to be 100% reliable. Xopoz cannot be held responsible for incidents, accidents, or any adverse outcome arising from reliance on its features. Real-life situations — particularly emergencies — involve unpredictable factors entirely outside the application's control, including but not limited to:

• User stress: under pressure, users may tap incorrect buttons, miss confirmation steps, or misread on-screen information.
• Insufficient battery: a device with low or depleted battery cannot send or receive alerts or maintain background services.
• Network connectivity: poor, intermittent, or absent mobile data or Wi-Fi will prevent position sharing and alert delivery.
• GPS signal quality: dense buildings, underground locations, heavy foliage, or adverse weather can degrade or block GPS reception.
• Operating system behaviour: Android and modified Android distributions (such as EMUI, MIUI, ColorOS, OneUI) may exhibit unpredictable behaviour regarding real-time scheduling, background service management, and GPS access.
• Device limitations: hardware defects, insufficient storage, or other device-specific issues.
• Human factors: failure to charge the device, forgetting to enable location permissions, not joining the correct team, or misconfiguring settings.
• This list is not exhaustive. Other unforeseen factors may affect the application's operation.

Users must always treat Xopoz as a supplementary tool and maintain independent safety plans. See our Terms of Service for full details.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated effective date. We encourage you to review this policy periodically.

17. Contact

If you have questions about this Privacy Policy or your data, contact us at:

Data Controller: Tiritix, operated by Thierry Bremard, Nuremberg, Germany.

Email: xopoz@tiritix.com

Website: tiritix.com