Privacy Policy

Welcome to Cee, a driver navigation and safety application developed by Orbital Point. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

By using Cee, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our application.

We are committed to protecting your privacy and ensuring transparency about our data practices. This policy applies to all users of Cee, including the main iOS app, CeeWatch companion app for Apple Watch, and any future companion apps (CeeTrail, CeeWalk).

Our app uses a hybrid backend architecture combining Supabase (database, authentication, storage, real-time features) and Firebase (push notifications, crash reporting, analytics) to provide our services securely and reliably.

We collect several types of information to provide and improve our services. The data we collect falls into the following categories:

Account Information

• Email address (when signing in with Apple or Google)
• Display name and profile avatar
• Unique user identifier (UUID)
• Authentication provider information
• Anonymous device identifier (for guest accounts)

Device Information

• Device model and operating system version
• Unique device identifier (vendor ID)
• App version and build number
• Device name
• Push notification token (FCM token)

Driving Statistics

• Total distance traveled
• Total number of trips
• Total driving time
• Maximum speed recorded
• Total alerts received
• Total reports submitted

Gamification & Engagement Data

• Experience points (XP) and trust tier (Bronze to Diamond)
• Sparks balance (virtual currency)
• Current and longest activity streaks
• Unlocked trophies and achievements
• Activity history (daily check-ins, reports, trips)

User-Submitted Reports

• Report location (GPS coordinates)
• Report type (speed cameras, police, hazards, traffic)
• Direction/heading at report location
• Optional voice recording (uploaded to secure storage)
• Speed limit information
• Report timestamp

Preferences & Settings

• Language preference (English, Kurdish, Arabic, Turkish)
• Alert sound and vibration settings per report type
• Muted reports list
• Notification preferences and quiet hours
• Location sharing toggle
• Selected car model, cursor, and map style

Purchase History

• Store purchases (cars, cursors, ceedometers, map styles)
• Price paid in Sparks
• Purchase timestamps
• Premium subscription status

Location data is essential to Cee's core functionality. We collect and process location information to provide navigation, speed trap alerts, and trip tracking features.

Types of Location Data

• Precise GPS coordinates (latitude and longitude)
• Road-snapped location (adjusted to road network via Mapbox)
• Speed and heading (direction of travel)
• Altitude and elevation data
• Geohash (geographic hash for proximity features)
• Location timestamps

When We Collect Location Data

• When the app is open and in use (foreground)
• When navigating to a destination
• During active trip recording sessions
• In the background to provide timely alerts (premium users with permission)
• Periodically via silent push notifications (approximately every 15 minutes) for regional features

Location Update Frequency

• Standard mode: Updates when you move 50+ meters or every 30 seconds
• Location sharing mode: More frequent updates (10+ meters or every second) when sharing with friends
• Navigation mode: Continuous real-time updates for accurate turn-by-turn guidance

Why We Need "Always Allow" Permission

For optimal functionality, Cee requests "Always Allow" location permission. This enables us to alert you about approaching speed cameras and hazards even when your phone screen is off or the app is in the background. You can change this permission at any time in your device settings, though this may limit certain features.

Important: Location Data Collection

Your location is uploaded to our servers for regional notification features (such as alerting nearby users about new reports) regardless of your location sharing setting. The location sharing toggle only controls whether your friends can see your location - it does not stop server-side location collection for core app functionality.

Most location processing for alerts happens locally on your device. Route matching, speed calculations, and alert triggering are computed on-device without sending each location update to our servers.

We use the collected information for various purposes to provide and improve our services:

Core Navigation & Alerts

• Display your location on the map and provide turn-by-turn navigation
• Alert you about speed cameras, police checkpoints, and road hazards
• Calculate your speed and compare with speed limits
• Provide P2P (Point-to-Point) average speed zone warnings
• Pre-fetch reports along your navigation route for faster alerts
• Real-time report updates via geohash-based subscriptions

Trip Recording & Statistics

• Record trip routes with full GPS coordinates
• Track trip duration, distance, and speed statistics
• Log encountered alerts during trips
• Store elevation gain/loss data
• Record acceleration data (in Full Motion mode)
• Progressive trip replay with encountered reports

Gamification & Rewards

• Award XP for activities (check-ins, reports, verified reports, trips)
• Calculate and display trust tiers (Bronze, Silver, Gold, Platinum, Diamond)
• Track activity streaks and award streak bonuses
• Unlock trophies and achievements
• Spawn collectible coins along your predicted path
• Award Sparks currency for engagement
• Provide premium subscriber bonuses (Gold tier minimum, monthly Sparks)

Push Notifications

• Nearby report alerts (when approved reports appear within 5km)
• Report approval notifications (when your report is approved)
• Report feedback notifications (when others confirm/remove your reports)
• Tier upgrade celebrations
• Streak reminders (when your streak is at risk)
• Friend request and acceptance notifications
• Location viewed notifications (when friends view your location)

Social & Community Features

• Share your real-time location with accepted friends
• Display friends' locations and 3D car models on your map
• Show friend activity feeds and statistics
• Process friend requests and manage friendships
• Enable community report verification through feedback

Service Improvement

• Analyze usage patterns to improve app performance
• Identify and fix bugs via crash reporting
• Develop new features based on user behavior
• Optimize battery usage and app efficiency
• Monitor app stability and performance

We use a combination of local and server-side storage to provide our services while prioritizing your privacy.

Data Stored Locally on Your Device

• Trip history with full route coordinates (SwiftData database)
• Personal preferences and alert settings (UserDefaults)
• Muted reports and customizations
• Cached map tiles and 3D car models
• Downloaded voice notes from reports (limited cache)
• Unsaved trip snapshots (auto-saved on app background)
• Quick feedback records
• Coin collection records

Data Stored on Our Servers (Supabase)

• Account information (email, display name, avatar URL)
• User statistics (distance, trips, alerts, reports)
• Gamification data (XP, tier, streaks, trophies, Sparks)
• Activity history (90-day rolling window)
• User-submitted reports with location data
• Report feedback (likes/dislikes)
• Friend relationships and requests
• Device information and FCM tokens
• Location data for regional features (geohash, coordinates)
• Notification history and preferences
• Store purchase history
• Language preferences

Data Stored with Third Parties

• Voice recordings (Supabase Storage)
• Subscription data (RevenueCat)
• Crash reports (Firebase Crashlytics)
• Analytics events (Firebase Analytics)
• Push notification tokens (Firebase Cloud Messaging)

Data Synchronization

When you sign in, your data is synchronized between your device and our servers using intelligent merge strategies. XP and Sparks use additive merging (values from multiple devices combine). Streaks use intelligent merging (recognizes consecutive days across devices). Trophies use union merging (unlocked on any device stays unlocked).

If you switch accounts on a device, all local data is reset to prevent cross-account data leakage. Your new account's data is then downloaded from the server.

Cee integrates with trusted third-party services to provide its functionality. Each service has its own privacy policy governing data use.

Supabase

Our primary backend infrastructure uses Supabase for database storage, user authentication, file storage, and real-time data synchronization. Your account data, reports, gamification progress, and social features are powered by Supabase. Row Level Security (RLS) ensures you can only access your own data and data explicitly shared with you (like friends' profiles).

Firebase (Google)

• Firebase Cloud Messaging (FCM): Delivers push notifications to your device
• Firebase Crashlytics: Collects crash reports to help us fix bugs
• Firebase Analytics: Helps us understand app usage patterns

RevenueCat

We use RevenueCat to manage premium subscriptions. RevenueCat tracks your subscription status, handles payment processing through the App Store, and enables cross-device subscription access. Your Supabase user ID is linked to RevenueCat to restore purchases across devices.

Mapbox

We use Mapbox for maps, navigation, traffic data, and road-snapped location. When you use the map, Mapbox receives location data to load map tiles and calculate routes. Mapbox's Electronic Horizon feature predicts your likely path for coin spawning. Privacy policy: mapbox.com/legal/privacy

Google Places

Location search is powered by Google Places API. When you search for a destination, your query is sent to Google to retrieve results. Free users are limited to 10 searches per day. Privacy policy: policies.google.com/privacy

Google AdMob

We display advertisements through Google AdMob for non-premium users. Ad types include app open ads, banner ads, interstitial ads, and rewarded video ads. With your consent (via App Tracking Transparency), AdMob may use your advertising identifier for personalized ads. Privacy policy: policies.google.com/privacy

Apple Services

• App Store: Distribution, in-app purchases, and subscription management
• Apple Push Notification Service: Delivery infrastructure for notifications
• Sign in with Apple: Secure authentication option
• WatchConnectivity: Synchronization with CeeWatch on Apple Watch
• SKAdNetwork: Privacy-preserving ad attribution (47 network identifiers)

Cee displays advertisements to support the free version of the app. We respect your privacy choices regarding ad personalization.

Ad Types

• App Open Ads: Displayed when you open or return to the app
• Banner Ads: Shown on the home screen and speedometer screen
• Interstitial Ads: Full-screen ads shown at natural transitions (e.g., after viewing trip details)
• Rewarded Video Ads: Optional ads you can watch to earn 20 minutes of ad-free time

App Tracking Transparency

On iOS, we request your permission through Apple's App Tracking Transparency (ATT) framework before collecting your advertising identifier (IDFA). You can choose to:

• Allow Tracking: Receive personalized ads based on your interests across apps
• Ask App Not to Track: Receive non-personalized, contextual ads only

You can change your tracking preference at any time in iOS Settings > Privacy & Security > Tracking.

SKAdNetwork Attribution

We participate in Apple's SKAdNetwork for privacy-preserving ad attribution. This allows advertisers to measure campaign effectiveness without tracking individual users. Our app includes 47 SKAdNetwork identifiers for various ad networks.

Premium Users

Premium subscribers enjoy a completely ad-free experience. No advertising data is collected for premium users, no ads are displayed, and no ad-related tracking occurs within the app.

Ad-Free Rewards

Free users can watch a rewarded video ad to receive 20 minutes of ad-free time. This ad-free period is tracked locally and expires automatically. Each rewarded video watched grants a new 20-minute window.

What Advertisers May Receive

If you allow tracking, advertisers may receive: Device advertising identifier (IDFA), general location (city-level), app usage category, and ad interaction data (impressions, clicks). They do NOT receive: Your name, email, precise GPS location, trip history, report submissions, or any other personally identifiable information from our app.

We do not sell your personal information. We may share data only in the following limited circumstances:

Community Reports

When you submit a report (speed camera, police checkpoint, hazard), the report location, type, and direction are shared with other Cee users to improve road safety. Reports are associated with your user ID internally but displayed anonymously to other users. Your display name is not shown on reports.

Report Feedback

When you provide feedback on reports (confirm or remove), your feedback is recorded with your user ID. This helps us calculate report accuracy and award XP to report creators. Other users can see aggregated feedback counts but not individual voter identities.

Nearby User Notifications

When a report is approved near other users (within 5km), those users receive a push notification. This requires us to query user locations via geohash to find nearby devices. The report creator's identity is not shared in these notifications.

Service Providers

We work with service providers who assist in operating our app (Supabase for database/auth, Firebase for notifications/analytics, RevenueCat for subscriptions, Mapbox for maps). These providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change via the app or email.

With Your Consent

We may share your information for other purposes if you provide explicit consent.

Cee includes optional social features that allow you to connect with friends and share your driving experience. These features require explicit opt-in.

Friend Connections

You can add friends using unique invite codes (XXX-XXX-XXX format). When you send or accept a friend request, both users can see each other's profile information including display name, avatar, and invite code.

What Friends Can See

• Your profile: Display name, avatar, trust tier
• Your statistics: Total distance, trips, alerts received, reports submitted, max speed
• Your gamification: XP, current tier, streak, trophies
• Your activity feed: Recent activities (daily check-ins, trips completed, reports submitted) - 90 days
• Your location (only if location sharing is enabled): Real-time GPS coordinates, heading, speed, selected 3D car model

Location Sharing

Location sharing with friends is disabled by default. When you enable it, ALL your accepted friends can see your real-time location on their map. This is a global toggle - you cannot share with specific friends only.

When location sharing is enabled, updates are more frequent (every 10 meters or 1 second) to provide smooth real-time tracking. Your selected 3D car model and cursor are also visible to friends.

You can disable location sharing at any time. When disabled, your location is hidden from friends but still uploaded to our servers for regional notification features.

Location Viewed Notifications

When a friend views your location on their map, you may receive a notification (if enabled in your notification settings). This notification includes the friend's name, avatar, and selected car model.

Ghost Mode

Ghost mode is a privacy primitive that stops your real-time location from being shared with friends and removes you from their maps within seconds of being enabled. While Ghost mode is active, friends see you as offline and cannot see your position, heading, speed, or car model.

Ghost mode is a control over friend-facing visibility. It does NOT block our internal Safety Operations capability described in the next section. See "Safety Operations" below for the full disclosure.

Friend Data Security

Row Level Security (RLS) policies ensure that only accepted friends can view your profile, statistics, and location. Pending, rejected, or blocked friend requests do not grant access to your data.

Cee includes a safety primitive that allows authorized administrators at Orbital Point to silently request a one-time location capture from a specific device on a case-by-case basis. This capability is intentionally separate from the friend-sharing toggle and from Ghost mode. We disclose it here in full so you can make an informed decision about using Cee.

What it does

• An authorized administrator can send a silent notification to your device
• On receipt, your device captures a single high-accuracy location fix (one-shot, not continuous)
• The fix is sent to our server and recorded in an internal audit table
• No alert, sound, badge, banner, toast, or in-app indicator is shown — the capture happens without any visible cue on your device
• No friend or other Cee user is notified or shown your captured location

Why this exists

This is a safety primitive, not a product feature. It exists so that Orbital Point can respond to genuine safety situations — for example, when a Cee user is reported missing by a family member or emergency contact, when a vehicle (with the user's phone in it) is stolen and law enforcement needs a current fix, or when a welfare check is requested on a driver who has not been heard from in hours.

This capability is NOT used for advertising, analytics, marketing, product telemetry, debugging, QA, or inferring user activity patterns. Misuse is enforceable through the internal audit log, which records every dispatch.

Relationship to your privacy controls

Safety Operations operates even when you have set the friend-sharing toggle to OFF and even when Ghost mode is active. This is intentional: the friend-sharing toggle and Ghost mode are controls over what friends see, not over what Orbital Point can request in a safety situation.

Safety Operations CANNOT operate if any of the following are true: you have revoked Cee's permission to access your location at the operating system level, your device is offline (no network reachability), your device is in airplane mode, you have uninstalled Cee, or your device has been killed by the operating system due to a recent crash loop. Operating-system-level controls always take precedence.

Audit log and retention

Every Safety Operations dispatch creates a row in an internal audit log that records the requester, the resolved target set, the request payload, and the result. The audit log is retained indefinitely. The captured location fixes are retained for up to 90 days and then automatically deleted, except for failed / denied / timeout records, which contain no location data and are retained indefinitely for forensic purposes.

Your right to be informed

If you would like to know whether your account has been the subject of a Safety Operations capture, contact us at hello@ceemap.com with the subject line "Safety Operations Inquiry" and include your account email address. We will verify your identity and respond within 30 days with the audit and capture records for your account, if any.

If you do not want this capability to exist on your device, the only effective controls are: revoking Cee's location permission at the operating system level (this disables most core app features as well), or uninstalling Cee. There is no in-app setting to disable Safety Operations, and we will not add one — disabling it on a per-user basis would defeat the safety purpose for the cases where it matters most.

You have control over your data. Depending on your location, you may have the following rights:

Access & Portability

• Request a copy of the personal data we hold about you
• Export your trip history from within the app
• Export the report database (145,000+ records) as CSV
• Receive your data in a portable format

Correction & Deletion

• Edit your profile information (display name, avatar)
• Request correction of inaccurate personal data
• Delete your trip history directly within the app
• Delete individual trips
• Request deletion of your account and all associated server data

Control & Restrictions

• Toggle location sharing with friends on/off
• Configure notification preferences per notification type
• Set quiet hours for notifications
• Mute specific reports you don't want alerts for
• Customize alert sounds and vibrations per report type
• Opt out of personalized advertising via ATT
• Block specific friends to prevent access to your data
• Change or revoke app permissions in device settings

How to Exercise Your Rights

For most actions, you can use the in-app settings. To make a formal privacy request, request data export, or delete your account, contact us at hello@ceemap.com. We will respond within 30 days.

Regional Rights

If you are in the European Union (GDPR), California (CCPA/CPRA), or other jurisdictions with privacy laws, you may have additional rights including the right to object to processing, right to restrict processing, and right to lodge a complaint with a supervisory authority. Contact us to learn more about exercising these rights.

Cee is designed for drivers and is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction, such as 16 in some EU countries).

We do not knowingly collect personal information from children. The app's core functionality (driving alerts, navigation, trip tracking) is intended for licensed drivers.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at hello@ceemap.com.

If we discover that we have collected personal information from a child without appropriate parental consent, we will take steps to delete that information promptly and terminate the associated account.

We retain your data only as long as necessary to provide our services and fulfill the purposes described in this policy.

Retention Periods

• Trip Data: Stored locally on your device until you delete it (no cloud sync)
• Activity History: 90 days on our servers, then automatically deleted
• Notification History: 30+ days, cleaned weekly
• User Reports: Retained indefinitely in our database (contributes to community safety)
• Report Feedback: Retained for the lifetime of the associated report
• Account Data: Retained until you delete your account
• Gamification Data (XP, trophies, streaks): Retained until account deletion
• Purchase History: Retained for the lifetime of your account
• Device Tokens (FCM): Removed on sign-out, refreshed on app updates
• Voice Recordings: Retained with associated reports
• Asset Cache (cars, cursors): Auto-cleaned when exceeding 200MB (cars) or 50MB (cursors)
• Voice Note Cache: Auto-cleaned when exceeding 50MB (LRU policy)
• Crash Reports: Retained per Firebase Crashlytics policy
• Analytics Data: Aggregated and anonymized per Firebase Analytics policy
• Support Correspondence: Retained for 2 years after resolution

Account Deletion

When you delete your account, we remove: Your profile information, statistics, gamification data, friend relationships, notification history, device registrations, and preferences from our servers.

Reports you submitted remain in the database to maintain community safety but are no longer linked to your identity. Trip data stored locally on your device is not affected by account deletion - you must delete it separately or uninstall the app.

App Uninstallation

When you uninstall Cee, all locally stored data is deleted including trip history, preferences, cached maps, and downloaded assets. Server-side data remains associated with your account and can be accessed if you reinstall and sign in again.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures

• Device-level encryption for locally stored data (SwiftData, UserDefaults)
• Secure HTTPS/TLS connections for all network communication
• Row Level Security (RLS) policies in Supabase ensuring data isolation
• Authentication tokens with secure session management
• Supabase authentication with Apple and Google OAuth
• Regular security assessments and updates
• Minimal data collection (privacy by design)
• Data isolation on account switching (prevents cross-account data leakage)
• Secure file storage for voice recordings (Supabase Storage with access controls)

Account Security

• Sign in with Apple or Google for secure, passwordless authentication
• Anonymous guest accounts with device-based identification
• Secure account upgrade flow (anonymous to authenticated) preserving data
• Identity conflict detection when linking accounts

Your Role in Security

You can help protect your data by: Keeping your device's operating system updated, using a strong device passcode or biometric authentication, being cautious about sharing your device with others, and signing out of Cee on shared devices.

While we strive to protect your information using industry-standard security practices, no method of transmission or storage is 100% secure. If you have concerns about the security of your data or suspect unauthorized access, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

How We Notify You

• Post the updated policy within the app (Settings > Privacy Policy)
• Update the "Last Updated" date and version number at the top of this policy
• Send a push notification for significant changes (if you have notifications enabled)
• Display an in-app notice for material changes affecting your rights

Version History

This is version 2.1 of our Privacy Policy, last updated May 25, 2026. Changes in v2.1: added the "Ghost Mode" subsection under Social & Friends Features, and added the new "Safety Operations" section disclosing our administrative force-locate capability and its relationship to Ghost mode. Previous versions: v2.0 (December 14, 2025), v1.0 (January 15, 2025).

We encourage you to review this policy periodically. Your continued use of Cee after changes are posted constitutes your acceptance of the updated policy.

If you do not agree with the changes, please discontinue using the app and contact us to delete your data.

When you visit ceemap.com we collect a minimal set of analytics in our own self-hosted database. We do not use Google Analytics, Meta Pixel, or any third-party tracker. There are no advertising cookies and no cross-site identifiers.

What we collect

• A truncated IP address — IPv4 has its last octet zeroed (/24) and IPv6 is reduced to the first three hextets (/48) before storage. We never persist your full IP.
• An approximate city and country derived from an offline MaxMind GeoLite2 database running on our own server (no third-party calls).
• Your browser, operating system, device type, screen size, viewport, color scheme, and preferred language — parsed from the standard User-Agent string.
• Pages you visit on ceemap.com, the referring URL, and any UTM campaign parameters present in the link you arrived on.
• Time spent on each page, the deepest scroll position you reached, and clicks on calls-to-action and outbound links.
• Basic performance metrics (Largest Contentful Paint, Cumulative Layout Shift, Interaction to Next Paint) so we can keep the site fast.

What we do not collect

• Your full IP address.
• Any tracking cookie or persistent device identifier.
• Anything that follows you across other websites or across visits to ceemap.com from different browsers.
• Form field contents, keystrokes, mouse movements, or session recordings.

How sessions work

We generate a random session identifier the first time you load a page in a browser tab and store it in that tab's sessionStorage. When you close the tab the identifier is destroyed by the browser. Open a new tab and you are a new session — we have no way to link the two.

Do Not Track

If your browser sends the Do Not Track signal (DNT: 1), we collect no analytics at all. The client-side tracker becomes a no-op and our server-side route discards the request before any database write.

Retention

Aggregated analytics rows are kept for up to 365 days and then permanently deleted. Because we never store your full IP or any persistent identifier, there is no per-person record to request access to, correct, or delete.

Where the data lives

All analytics rows are written to our self-hosted Supabase Postgres instance running on our own server. No analytics data is shared with third parties.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Cee by Orbital Point

• Email: hello@ceemap.com
• Website: ceemap.com
• In-App: Menu > Contact Us

Privacy Requests

For privacy-related requests (data access, deletion, correction), please email hello@ceemap.com with the subject line "Privacy Request" and include your account email address. We will verify your identity and respond within 30 days.

Data Protection

For users in jurisdictions with data protection authorities (such as the EU), you have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

Thank you for trusting Cee with your journey. We are committed to protecting your privacy while helping you drive safely.