Legal
MeshTrek is an independent iOS application developed by Justin Calvert. References to "MeshTrek", "we", "us", or "our" in this policy refer to this application and its developer.
MeshTrek is not affiliated with or endorsed by the Meshtastic® project. "Meshtastic" is a registered trademark of Meshtastic LLC.
| Data | Where it lives | Sent to servers |
|---|---|---|
| Display name | On your device (SwiftData) | No |
| Party color preference | On your device (SwiftData) | No |
| Emergency contact name & phone | On your device only — never broadcast | No |
| Email address (optional sign-in) | With our auth provider (Supabase) if you choose email sign-in | Auth only |
| Activity names & waypoints | On your device (SwiftData) | No |
| Mesh messages (DMs + group) | On your device (SwiftData) | No |
MeshTrek requests "When In Use" location permission to display your position on the activity map. Your coordinates are broadcast to party members via Bluetooth LE to your Meshtastic® node and then over LoRa radio — peer-to-peer between nodes, never through MeshTrek servers. Position fixes are held in memory only while the activity is live and are never written to disk, to any database, or to any log file that leaves your device.
MeshTrek uses Core Bluetooth to discover and communicate with your Meshtastic® LoRa node. Bluetooth data is used solely to relay packets between your iPhone and your node. No Bluetooth data is transmitted to our servers.
Topographic map tiles are downloaded from MapTiler to your device and stored locally in an MBTiles database. Once downloaded, the map works entirely offline. Tile download requests pass through MapTiler's servers under their standard terms of service; MeshTrek does not log or store any tile-request data.
We use only the minimum data necessary to operate the app:
We do not sell, rent, or trade your personal data to any third party. We do not use your data to build advertising profiles.
We share data with third parties only in the following limited circumstances:
If you create an account using email, your email address is stored with Supabase, our authentication provider. Supabase is GDPR-compliant. We use Supabase solely for authentication — no activity data, no location data, no messages are stored there. See supabase.com/privacy.
If you use Sign in with Apple, Apple's privacy-preserving login handles authentication. Apple may give you the option to hide your email. See apple.com/legal/privacy.
Downloading offline tile bundles sends tile requests to MapTiler's CDN. MapTiler may log request metadata (IP, region requested) per their standard hosting terms. MeshTrek does not pass any personal identifiers to MapTiler. See maptiler.com/privacy-policy.
We may disclose information if required by law or to protect the rights and safety of users or others. We will publish a summary of any such requests in our annual transparency report.
All activity data (activities, waypoints, roster entries, messages) is stored locally on your device and persists until you delete the activity or uninstall the app. Uninstalling the app clears all local data.
If you have an account, your email address is retained with Supabase for as long as your account is active. You can request deletion at any time (see Section 7).
MeshTrek does not maintain any server-side database of your activities, locations, or messages.
All mesh communications are encrypted with AES-256. A unique encryption key is generated per activity and written to your Meshtastic® node — MeshTrek never transmits or stores these keys on our servers. The key exists only on the devices of party members who have joined the activity.
Local data is stored using iOS SwiftData within the app's sandboxed container, inaccessible to other apps. Your device's own encryption (Data Protection) applies to all local app data when the device is locked.
No security measure is perfect. If you discover a security issue, please report it to justin@w0abe.com.
You can delete any activity and all data associated with it directly within the app. Uninstalling MeshTrek removes all local data from your device.
If you created an account, you can request deletion by emailing justin@w0abe.com. We will delete your account and any associated server-side data within 30 days.
You can revoke location permission at any time in iOS Settings → MeshTrek → Location. The app will continue to function but your position will not appear on the map for other party members.
You can revoke Bluetooth permission in iOS Settings → MeshTrek → Bluetooth. Without Bluetooth the app cannot communicate with your Meshtastic® node. All local map and activity browsing continues to work.
Apple's crash reporting is controlled system-wide in iOS Settings → Privacy & Security → Analytics & Improvements. MeshTrek does not add any additional analytics layer.
You have the right to access, correct, port, or erase your personal data. To exercise these rights, contact us at justin@w0abe.com. We will respond within 30 days.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California residents may contact us to exercise their rights under the CCPA.
MeshTrek is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We are committed to publishing an annual transparency report covering: what data we hold, any government or legal requests we have received, and what (if anything) we have disclosed. Our goal is to report: zero requests, zero disclosures.
The first report will cover the period from launch through December 31, 2026.
If we make material changes to this policy, we will update the effective date at the top and, if the changes are significant, notify users via an in-app banner. The current version of this policy is always available at meshtrek.app/privacy.
Continued use of the app after changes take effect constitutes your acceptance of the updated policy.
Questions about this policy or requests to exercise your data rights:
justin@w0abe.com
We aim to respond within 5 business days.