Privacy Policy
Last updated: July 3, 2026
1. Who we are
Sotu is a journey-journaling app for riders and drivers, operated from Türkiye. For anything in this policy: hello@sotuapp.com.
2. Data we collect
- Identity. When you sign in with Apple or Google we receive your name, email address, and a sign-in identifier. With Sign in with Apple you can hide your real email.
- Profile. Display name, bio, avatar, and the vehicles you add to your garage.
- Precise GPS ride tracks. When you record a ride, Sotu collects precise location continuously — including in the background while your screen is off — and stores the track with your account. This is the core of the product: your rides become your journal and canvas. Recording only happens when you start a ride.
- Photos and content. Photos you attach to roads, vehicles, clubs, or messages; road stories and ratings; canvas editions; club chat and direct messages.
- Direct messages and club chats are stored on our servers so they can be delivered and synced. They are not end-to-end encrypted; they are encrypted in transit and at rest.
- Push tokens. A device token, if you enable notifications.
- Share and usage events. When you share a road card and when a shared link is opened on sotuapp.com.
3. Where your data lives and who processes it
- Supabase hosts our database, authentication, and file storage. Sotu's project is hosted in the United States (AWS us-east-1). Your data is therefore transferred to and stored in the US.
- Apple / Google handle sign-in; their privacy policies apply to that step.
- Mapbox serves the Journey canvas map tiles: your IP address and map viewport reach Mapbox when the canvas loads. MapKit (Apple) serves other maps in the app.
- Weather. Ride-area coordinates are sent to a weather provider through our own proxy server, which shields your IP address and identity from the provider.
- Analytics and crash reporting. We use (or may enable) TelemetryDeck — privacy-first, anonymized usage analytics with no advertising or cross-app tracking — and Sentry for crash reports, which include device model, OS version, and the technical state of the app at the moment of a crash. Opening a shared road page on sotuapp.com records an anonymous "link opened" event.
We do not sell your data, run ads, or share your data with data brokers.
4. Public data
Public roads, their stats and ratings, road stories, and share events are visible to other users in the app. Shared road pages (sotuapp.com/r/…) are visible to anyone on the web, without an account. Your precise ride tracks are private to you unless you choose to share them; followers-only visibility applies where the app says so.
5. Retention and deletion
Your data is kept while your account exists. Deleting your account in the app (Profile → Account → Delete) permanently removes your account, profile, rides, messages, photos, and tokens through a cascading server-side deletion. Public roads that other riders' content depends on may be retained in anonymized form (no longer linked to you).
6. Your rights
Under Türkiye's KVKK, the EU GDPR (where applicable), and similar laws, you can request access to, correction of, or deletion of your personal data, object to processing, and request portability. Most of this you can do directly in the app; for everything else email hello@sotuapp.com and we'll respond within the legally required time.
7. Children
Sotu is not directed at children and requires users to be at least 17 years old.
8. Changes
We'll update this policy as the Service evolves and announce material changes in the app or on this page. The "Last updated" date above always reflects the current version.