Privacy Policy

This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you use our app.  

Effective date: 2026-04-26
Last updated: 2026-05-09

Main app

The main littledots app on iOS, Android, and the web is a personal travel journal with light social features. The data we store falls into three buckets: your account, your personal journal, and the community surface that connects you to other travellers.

Information we collect

Account data

  • Email address (required for sign-in and transactional mail)
  • Username (your handle, visible to anyone you share trips or messages with)
  • Hashed password (when you sign up with email and password)
  • OAuth identifiers (when you sign in with Google or Apple, we store the provider’s user id, not your password)
  • Two-factor secret (encrypted at rest, only when 2FA is enabled)
  • Avatar image (only if you upload one)
  • Account preferences (units, theme, language)

Personal journal

  • Trips (title, dates, cover image you pick from Unsplash, country)
  • Trip items (places you’ve added: name, location, date, type, and so on)
  • Pinned places (a list of spots independent of any trip)
  • Visited countries (auto-tagged from your places, plus any you mark by hand)
  • Public calendars you’ve published (iCal feeds anyone with the link can subscribe to)

Community

  • Messages exchanged with other users (today, your guide; in future, anyone you connect with)
  • Invitation emails you sent (recipient address, your inviter id, opt-out status)
  • Guide relations (who admitted you, and who you’ve admitted)
  • Application intro (the short message you wrote at sign-up; visible to the guides you applied to and to our moderators)
  • Blocks (your private list of users you’ve stopped seeing content from)
  • Reports (any message you flagged for moderator review)

How we use your information

Account data is used to authenticate you and deliver transactional mail (verify your email, reset your password, send invitations you initiate). Personal journal data is used to render your trips, places, and calendars on your devices, generate the world map of where you’ve been, and sync across the devices you sign in on. Community data is used to deliver messages to their recipients, send invitations to the addresses you typed, identify the guide tree, and surface moderation reports to our team. We do not use any of this data for advertising or profiling.

Sharing your information

We do not sell, rent, or trade your data with anyone. Limited disclosures happen when you initiate them: when you accept a trip invite, the trip owner sees your username; when you message your guide, they see your messages; when you publish a public calendar feed, anyone with the link can read it.

We rely on a small number of third-party services to deliver core features: Unsplash (cover images), Google Maps (geocoding and place lookup), met.no (weather forecasts), and Zoho (transactional email). Each receives only the data needed to fulfil its specific role.

Data security

All traffic to littledots.com is encrypted in transit (HTTPS). Sensitive fields (passwords, two-factor secrets) are encrypted at rest. Server-side access is logged and limited to a small set of operators.

Your rights

Access and export

You can request a copy of all data we have about you at any time by emailing us. An in-app export flow is on the roadmap.

Account deletion

You can delete your littledots account at any time, from inside the app via Settings, then Security, then Delete my account, or on the web at https://littledots.com/delete/. Within 30 days we anonymize or erase your personal data, except where retention is required by law. Some content you produced may remain visible in moderated form on other users’ accounts (a message you sent, the fact you were a guide). Where it makes sense to anonymize without losing the structural record, we do.

Blocking and reporting

You can block any user from the message thread you share with them. Blocking is silent: the other person is not told. Once you block, you stop seeing their existing and new messages and stop receiving notifications from them. Pre-existing relations (such as guide-traveller) are not severed; you can unblock at any time and the history reappears.

You can report any message someone sent to you. Reports are reviewed by our moderators, who can read the reported message and take action including warning, message deletion, or account suspension.

Browser extension

When you install the littledots browser extension, it stores a sign-in token (a bearer credential tied to your littledots account) in your browser’s local storage so the popup is ready next time you click it. When you click the toolbar icon or use the right-click “Send to littledots” menu, the extension reads the URL of the current tab, the link you right-clicked, or the text you selected, and sends that to the littledots ingest API so it can analyze and add it to your trips. The extension never reads pages on its own and never sends data anywhere except to littledots.com. It does not store, sell, or transfer your data to third parties, and does not use it for advertising, lending, or any other purpose unrelated to ingest.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time.