Privacy Policy

This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you use our app.  

Effective date: 2026-04-26
Last updated: 2026-05-27

Who we are

littledots is published by littledots studio, an imprint of Bytegold e.U. (about littledots studio). Bytegold e.U. is the data controller responsible for the littledots service under applicable data-protection law.

Who littledots is for

littledots is intended for adults and is not directed at users 16 and under. The service includes user-generated content (public travel journals, the community forum and wiki, messages between users, and shared trips) that we cannot reliably moderate for an underage audience, and we don’t want to. If we learn an account belongs to someone 16 or under, we close it and erase its data.

Information we collect

Account data

  • Email address (required for sign-in and transactional mail)
  • Username (your handle, visible to anyone you share trips or messages with)
  • Hashed password (when you sign up with email and password)
  • OAuth identifiers (when you sign in with Google or Apple, we store the provider’s user id, not your password)
  • Two-factor secret (encrypted at rest, only when 2FA is enabled)
  • Avatar image (only if you upload one)
  • Account preferences (units, theme, language)

Personal journal

  • Trips (title, dates, cover image you pick from Unsplash, country)
  • Trip items (places you’ve added: name, location, date, type, and so on)
  • Pinned places (a list of spots independent of any trip)
  • Visited countries (auto-tagged from your places, plus any you mark by hand)
  • Public calendars you’ve published (iCal feeds anyone with the link can subscribe to)

Photos, videos, and files

When you attach a photo, video, or file to a trip, trip item, or visited place, we store the file bytes (after the processing below), your optional caption, the file kind, MIME type, and size, and for images and videos the width and height. For videos we also store the duration, five candidate poster frames we extract on upload, and the one you picked as the thumbnail. For images we store a tiny blurhash placeholder so the app can render a soft preview before the real bytes arrive. We keep a counter on your account of how many bytes you’ve stored, against your per-user storage quota (default 2 GB).

On upload we strip EXIF metadata from images, including any embedded GPS coordinates the camera wrote. HEIC and HEIF files are converted to JPEG. The file we keep is what’s left after those steps.

Your bytes live on Bunny.net’s storage and CDN network. The primary storage region is Frankfurt (Germany), with replication to Los Angeles, New York, and Singapore for closer delivery. Gallery photos and videos, avatars, and trip hero images are served to your devices via the public CDN at cdn.littledots.com. Non-gallery file attachments (boarding passes, hotel reservations, scans, and similar) are stored on a separate Bunny.net zone with no public URL; see Data security below.

Public travel journal

The travel journal at littledots.com/<username> is opt-in. The master switch starts off, and turning it on requires agreeing to the current publishing rules each time. While the switch is off, nothing about your trips is public, and the journal URL returns a “no public journal” page.

When you set up your journal we store:

  • The master switch (you set it explicitly).
  • Your display name and two short intros: a public one shown to anyone visiting your journal, and a “for fellow travelers” one shown only to signed-in littledots users.
  • Per-trip controls for each trip: who can see it (private, fellow travelers, or public), and how much of its dates, photos, and location to show.
  • A timestamp of the last time you accepted the publishing rules, kept as an audit trail.
  • A timestamp of your last username change, used to enforce the 30-day rename cooldown.

When the journal is on, these things are public to everyone regardless of per-trip settings: your username, display name, avatar, and the headline counts (trip count and country count). Per-trip controls then determine, for each trip, who sees it exists and how much of the dates, photos, and location is included. Trip companions are never auto-listed: identities of other people on a trip, internal notes, and invite state are excluded from the public projection regardless of your per-trip choices.

Public pages tell search engines they may be indexed; the “no public journal” page and any private trip pages tell them not to. Once a trip or journal is live, it may be cached by search engines and other crawlers; turning the switch off removes the page on littledots.com but does not retroactively purge third-party caches.

Changing your username has a 30-day cooldown. The old URL does not redirect: littledots.com/<oldname> stops loading the moment you switch.

Traveler profile

You can describe yourself as a traveler in the in-app profile editor:

  • An age bracket (one of six ranges, 18 to 65+), if you choose to set one.
  • Nine spectrums describing how you travel (cadence, planning, pace, comfort, discovery, activity, setting, social charge, openness to new connections). Each is stored as a range, not a single point.
  • Three taste tag sets (who you travel with, what you travel for, climates you’re drawn to).
  • An optional “travel considerations” tag set capturing needs that shape a trip and who you travel well with (such as step-free routes, dietary needs, low-sensory settings, or traveling with a service animal).
  • A short label we derive from your answers (your archetype), recomputed when you change anything.

The editor is always available, but the profile sits unused until you turn on a separate “Find your people” account setting (off by default). What that setting eventually feeds is still in design, in the spirit of the anonymous community map at littledots.com/live: opt-in, and aimed at connecting you with the travelers most like you. Until you flip the setting on, the profile stays private: not shown to other users, not used by any feature, not visible on your travel journal.

Travel considerations is treated as sensitive data. It’s never used or shown while Find your people is off, and won’t be used to filter or exclude anyone from features that come later. It’s not part of your derived archetype label.

If Find your people ever shows you to another user, what they see is your username, display name, avatar, and the parts of your profile that produced the match. Your trips, your exact age, and your location are not part of the match.

Community

  • Messages exchanged with other users (today, your guide; in future, anyone you connect with)
  • Invitation emails you sent (recipient address, your inviter id, opt-out status). Recipient addresses are kept only until the invite is accepted, declined, or withdrawn, then deleted; we do not reuse them for anything else.
  • Guide relations (who admitted you, and who you’ve admitted)
  • Application intro (the short message you wrote at sign-up; visible to the guides you applied to and to our moderators)
  • Blocks (your private list of users you’ve stopped seeing content from)
  • Reports (any message you flagged for moderator review)

Other parts of littledots

The main littledots service lives at littledots.com, with the web app at /app and the public travel journals at littledots.com/<username>. The iOS and Android apps, the browser extension, and the community forum and wiki are convenience surfaces that connect to the same account. The forum and wiki sign you in using your existing littledots account, sharing the same username, email, and avatar with each tool. The mobile apps and the browser extension store a sign-in token tied to your account so they can talk to the API on your behalf.

Mobile app permissions

The littledots iOS and Android apps ask for a small set of device permissions. Each is requested only when the matching feature is in use, and you can deny any of them. The rest of the app keeps working.

  • Photo library. Used when you pick an existing photo or video from your library to add to a trip, trip item, visited place, or avatar. The file you pick is uploaded to littledots as described under “Photos, videos, and files”. We do not read your library otherwise.
  • Camera. Used when you choose to capture a new photo or video inside the app. The captured file is handled the same way as a picked one.
  • Save to photo library. Used so a photo you capture inside the app can also be saved back to your device’s photo library, so you keep a personal copy. The save only happens when you’ve granted this permission.
  • Location (Android only). Used by the “Center on my location” button on the trip map, so the map can recenter on where you currently are. Your coordinates stay on your device and pan the map locally; they are not sent to our servers or to any third party. iOS does not currently expose this button.

We do not request access to your microphone, contacts, calendar, motion data, or Bluetooth.

Browser extension

When you install the littledots browser extension, it stores a sign-in token (a bearer credential tied to your littledots account) in your browser’s local storage so the popup is ready next time you click it. When you click the toolbar icon or use the right-click “Send to littledots” menu, the extension reads the URL of the current tab, the link you right-clicked, or the text you selected, and sends that to the littledots ingest API so it can analyze and add it to your trips. The extension never reads pages on its own and never sends data anywhere except to littledots.com. It does not store, sell, or transfer your data to third parties, and does not use it for advertising, lending, or any other purpose unrelated to ingest.

Community forum

The community forum at littledots.com/forum runs on Flarum. Discussions you start, replies you post, votes you place, and your activity timeline are stored on the forum’s database. Public discussions are visible to anyone, signed in or not; restricted-tag discussions are visible only to members with the matching tag. Forum moderators can read your posts and take moderation action (warn, hide, delete, suspend) when something breaks the forum rules. Deleting your littledots account ends your forum sign-in; past posts may remain visible in anonymized form on others’ threads.

Community wiki

The littledots wiki at littledots.com/wiki runs on BookStack. Reading the wiki does not require an account or sign-in; pages are public. Editing the wiki requires a maintainer account, and the editor’s username is recorded on each page revision so the edit history is auditable. Anonymous readers leave no identity-bearing trace beyond the standard server logs covered under Data security.

Your rights

Your GDPR rights

If you’re in the EU, EEA, UK, or another GDPR-covered jurisdiction, you have the right to access, rectify, erase, restrict, port, or object to our processing of your personal data, and to withdraw any consent you’ve given. You can exercise any of these by emailing support@littledots.com. You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data correctly.

Access and export

You can request a copy of all data we have about you at any time by emailing us. An in-app export flow is on the roadmap.

Account deletion

You can delete your littledots account at any time, from inside the app via Settings, then Security, then Delete my account, or on the web at https://littledots.com/delete/. Within 30 days we anonymize or erase your personal data, except where retention is required by law. Some content you produced may remain visible in moderated form on other users’ accounts (a message you sent, the fact you were a guide). Where it makes sense to anonymize without losing the structural record, we do.

Blocking and reporting

You can block any user from the message thread you share with them. Blocking is silent: the other person is not told. Once you block, you stop seeing their existing and new messages and stop receiving notifications from them. Pre-existing relations (such as guide-traveler) are not severed; you can unblock at any time and the history reappears.

You can report any message someone sent to you. Reports are reviewed by our moderators, who can read the reported message and take action including warning, message deletion, or account suspension.

Reporting public content

If you see a forum post, wiki page, or public travel journal entry that breaks the community rules or local law, use the report button next to the content, or email support@littledots.com. Reports are reviewed by our moderators, who can hide, edit, or remove the content and warn or suspend the account behind it.

Copyright takedown

Copyright takedown notices can be sent to support@littledots.com. We respond to valid notices by removing the content and notifying the user who posted it.

How we use your information

Account data is used to authenticate you and deliver transactional mail (verify your email, reset your password, send invitations you initiate). Personal journal data is used to render your trips, places, and calendars on your devices, generate the world map of where you’ve been, and sync across the devices you sign in on. Photos, videos, and files you upload are stored to render them in your trip galleries and attachment lists across your devices, and to count toward your storage quota. Travel journal data is used to render littledots.com/<username> for the audience tiers you opted in, and to enforce the per-trip visibility you set. Community data is used to deliver messages to their recipients, send invitations to the addresses you typed, identify the guide tree, and surface moderation reports to our team. We do not use any of this data for advertising or profiling.

Sharing your information

We do not sell, rent, or trade your data with anyone. Limited disclosures happen when you initiate them: when you accept a trip invite, the trip owner sees your username; when you message your guide, they see your messages; when you publish a public calendar feed, anyone with the link can read it; when you turn on your travel journal, the data you opted in becomes visible at littledots.com/<username>.

We rely on a small number of third-party services to deliver core features: Unsplash (cover images), Google Maps (geocoding and place lookup), met.no (weather forecasts), Bunny.net (storage and CDN for the photos, videos, and files you upload), and Zoho (transactional email). Each receives only the data needed to fulfill its specific role.

Some of these providers process data outside the European Economic Area. Where that happens, transfers are covered by the European Commission’s Standard Contractual Clauses with each provider.

The littledots app contains no analytics SDKs, no crash reporting SDKs, no advertising identifiers, and no third-party tracking. We do not engage in tracking as defined by Apple’s App Tracking Transparency framework, and we do not present an ATT prompt because we have nothing to track.

Data security

All traffic to littledots.com is encrypted in transit (HTTPS). Sensitive fields (passwords, two-factor secrets) are encrypted at rest. We keep web server access logs (URL, status, response time, IP, user agent) for 30 days at most, then delete them. After that only aggregated, non-identifying traffic counts remain. When you delete your account, the link between any access log entries and your user id is cleared immediately, before the 30-day expiry runs.

File attachments you add outside the photo gallery (boarding passes, hotel reservations, scans, and similar) are encrypted at rest with a per-file key, on a separate Bunny.net storage zone with no public CDN. The per-file key is itself sealed with a master key held on our servers. The only way to read these files is through our API, after you’ve signed in and have access to the trip they’re attached to.

Gallery photos and videos, trip hero images, and avatars are not individually encrypted, since by design they’re rendered into pages your other devices and trip members can see. Their CDN URLs contain randomly generated identifiers that can’t be guessed or enumerated, but anyone you share a URL with can view the file directly. Treat sharing a gallery URL the same as sharing the image itself.

Public calendar URLs use random, unguessable tokens, so only people you give the link to can subscribe to your feed.

The littledots website may set functional cookies needed for sign-in, language, and theme. The web app at /app stores your sign-in token in your browser’s local storage so you stay signed in across sessions, mirroring the keychain we use on iOS and Android. We do not set advertising or analytics cookies.

Marketing communications

We send only transactional email: account verification, password reset, trip invites you initiated, and moderation notices. We do not send marketing email or newsletters. If we ever add an opt-in newsletter, we’ll ask for consent separately and update this section.

Changes to this privacy policy

We may update this privacy policy as littledots changes. The Last updated date at the top of this page is the effective revision date. For now, checking back here is the way to see what’s new. We plan to add in-app banners and push notifications for material updates so you don’t have to remember to look on your own; it’s on the roadmap, just not the next thing in line.

Contact

Questions about this privacy policy? Email support@littledots.com

Data controller: Bytegold e.U., trading as littledots studio.

More about the studio: https://bytegold.com/littledots-studio/