Skip to main content

City Commute — iOS App Privacy Policy

Learn how we collect, use, and protect your information when you use the City Commute iOS app

⚠️ DRAFT — pending legal review. This document is a draft prepared for internal and external legal review. It is not yet a final, legally binding policy. Do not rely on, distribute, or publish this version as the definitive privacy policy for the City Commute iOS app until it has been reviewed and approved by counsel.

Last Updated: June 25, 2026 Effective Date: June 25, 2026

Introduction

This Privacy Policy explains how Innovaiden Inc. ("Innovaiden," "we," "us," or "our") collects, uses, shares, and protects personal information when you use the City Commute iOS application (the "App"). City Commute is a Stockholm public-transit companion that provides live departures, a transit map, a trip planner, a parking-sign scanner, an AI assistant, saved places, and alarms and widgets.

Innovaiden is the data controller for the personal information processed through the App.

Please read this Privacy Policy carefully. By downloading, installing, or using the App, you agree to the practices described here. If you do not agree, please do not use the App.

This policy applies specifically to the City Commute iOS app. Our general website and platform privacy practices are described in our main Privacy Policy.

1. Personal Information We Collect

We collect only the information needed to operate the App and provide its features. Specifically:

1.1 Account Information

Email address. When you create an account or sign in, we collect your email address. We use AWS Simple Email Service (SES) to send a verification message to confirm your address. Your email is linked to your account so you can sign in across devices and so we can secure and support your account.

If you use Sign in with Apple, Apple may provide a private relay email address rather than your real email. We treat the relay address the same way we treat any account email.

Legal basis (GDPR): Performance of a contract — Article 6(1)(b). We need your email to create and operate the account you have requested.

1.2 Location Information

Precise (GPS) and coarse location. With your permission, the App accesses your device location to power features such as nearby departures, trip planning, and location-aware AI assistant requests.

Your location is sent transiently to our backend only at the moment a feature needs it (for example, to find the stops nearest to you). We do not store your location against your account, we do not build a location history, and we do not use your location for tracking or advertising.

Legal basis (GDPR): Consent — Article 6(1)(a), captured through the iOS location permission prompt; and our legitimate interest in providing the transit features you request — Article 6(1)(f). You can withdraw consent at any time in the iOS Settings app.

1.3 Microphone and Speech

Voice input. If you use the voice features of the AI assistant, the App accesses your microphone to capture your spoken request. Speech is processed to fulfil your request, and on-device speech recognition is used where the device supports it. We do not store your voice recordings or transcripts against your account.

Legal basis (GDPR): Consent — Article 6(1)(a), captured through the iOS microphone and speech-recognition permission prompts.

1.4 Camera

Parking-sign scanner. If you use the parking-sign scanner, the App accesses your camera so we can read and translate the sign in front of you. Captured images are processed to produce the result and are not retained afterward.

Legal basis (GDPR): Consent — Article 6(1)(a), captured through the iOS camera permission prompt.

1.5 User Content

To provide the service, we store content you create in the App, linked to your account:

  • Saved places (home, work, and other favourites)
  • Your departures board configuration
  • Trip history and saved trip templates

Legal basis (GDPR): Performance of a contract — Article 6(1)(b). This content is what makes the App useful to you across sessions and devices.

1.6 No Tracking

City Commute does not track you. Specifically, the App:

  • Does not use the Advertising Identifier (IDFA)
  • Does not present an App Tracking Transparency (ATT) prompt, because we do not track
  • Does not include third-party advertising or third-party analytics SDKs
  • Does not sell or share your personal information for advertising

2. How We Use Personal Information

We use the information described above only to:

  • Create, secure, and manage your account, and verify your email address
  • Provide the App's features: live departures, transit map, trip planner, parking-sign scanner, AI assistant, saved places, and alarms and widgets
  • Respond to your AI assistant, voice, and camera requests
  • Store the content you choose to save (places, board, trip history and templates)
  • Maintain the security and integrity of the App and prevent abuse
  • Comply with our legal obligations

We do not use your information for advertising or for cross-app or cross-site tracking.

3. How We Share Personal Information

We do not sell, rent, or lease your personal information. We share information only with the processors needed to run the App, and only as necessary to provide the service:

3.1 Service Providers (Processors)

  • Amazon Web Services (AWS) — cloud hosting and infrastructure that runs the App's backend (United States region).
  • AWS Simple Email Service (SES) — sending account verification and transactional email.

These providers are contractually bound to protect your information and to process it only on our instructions.

3.2 Legal Requirements

We may disclose personal information where required by law, such as in response to valid legal process, to comply with regulatory requirements, or to protect the rights, property, or safety of Innovaiden, our users, or the public.

4. Data Retention

  • Account data (including your email, saved places, board, and trip history) is retained until you delete it or delete your account.
  • Location data is transient and processed in the moment a feature needs it. It is not retained against your account.
  • Voice and camera input is processed to fulfil the request and is not retained afterward.

When you delete your account, the associated account data is permanently deleted as described in Section 7.

5. International Data Transfers

Innovaiden is based in the United States, and the App's backend is hosted on AWS infrastructure in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal information will be transferred to and processed in the United States.

We rely on the following safeguards for these transfers:

  • EU Standard Contractual Clauses (SCCs), as incorporated into the AWS GDPR Data Processing Addendum.
  • AWS's certification under the EU-U.S. Data Privacy Framework (and the UK and Swiss extensions, where applicable).

These measures are intended to provide an adequate level of protection for your personal information when it is transferred outside the EEA, the United Kingdom, or Switzerland.

6. Security

We implement technical and organizational measures to protect your personal information, including:

  • Encryption in transit using TLS for all communication between the App and our backend
  • Encryption at rest for stored data, using AWS Key Management Service (KMS)
  • Authentication using signed JSON Web Tokens (JWT) to secure access to your account
  • Access controls and monitoring to limit and detect unauthorized access

No system is completely secure, but we take reasonable measures to protect your information. Please keep your account credentials confidential and contact us if you suspect unauthorized access.

7. Your Privacy Rights (GDPR)

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR (Articles 15–22):

  • Right of access (Art. 15) — confirm whether we process your personal data and receive a copy.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your data. The App includes an in-app Delete Account function that permanently deletes your account, including your saved places and trip history.
  • Right to restriction (Art. 18) — limit how we process your data in certain situations.
  • Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent (such as location, microphone, or camera), withdraw it at any time without affecting prior processing. You can withdraw permissions in the iOS Settings app.

Right to lodge a complaint. You have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, "IMY") — https://www.imy.se. You may also contact the supervisory authority in your country of residence.

To exercise any of these rights, contact us at privacy@innovaiden.com. We may request information to verify your identity before acting on a request, and we will respond within the timeframe required by applicable law.

8. Children's Privacy

The App is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@innovaiden.com.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the App, or legal requirements. When we make material changes, we will update the "Last Updated" and "Effective Date" above and, where appropriate, provide notice within the App. Your continued use of the App after changes become effective constitutes acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices for the City Commute iOS app, please contact us:

Innovaiden Inc. Privacy Officer

Email: privacy@innovaiden.com

For data subject rights requests, please use the email address above and provide sufficient detail to verify your identity and process your request.

This Privacy Policy is effective as of June 25, 2026.

Subscribe