Last updated 26 June 2026

Privacy Policy

This Privacy Policy explains how Sean Prentice, a sole trader (ABN 15 662 058 576) ("Cairn", "we", "us", or "our"), collects, uses, stores, and discloses your personal information when you use the Cairn mobile application and related services (the "Service").

We are based in Australia and handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you are located in the United Kingdom or the European Economic Area, additional rights under the UK GDPR and EU GDPR apply, as described in the "Your rights" section below.

By creating an account and using Cairn, you agree to the collection and use of information as described in this policy.

1. Who we are and how to contact us

Cairn is operated by Sean Prentice, a sole trader (ABN 15 662 058 576), based in Australia.

For any privacy question, request, or complaint, contact us at privacy@get-cairn.app.

2. A quick summary

  • Cairn is a hiking memory and journal app. Its purpose is to help you record and look back on your hikes.
  • To do this, we collect your account details, the location data that makes up your recorded hikes, the photos and notes you add, and information about your subscription.
  • Recording a hike and detecting when you reach a trailhead requires access to your device location, including in the background. We explain this clearly when we ask for permission.
  • We store your data locally on your device and back it up to our cloud database, hosted in Sydney, Australia, so you do not lose your memories.
  • We use a small number of trusted third-party providers to operate the Service. We do not sell your personal information.
  • You can access, export, correct, or delete your data, including deleting your account from within the app.

3. Information we collect

3.1 Information you provide

  • Account information. When you create an account, we collect your email address and authentication details. An account is required to use Cairn.
  • Hike content. The hikes you record, including titles, notes, and any text you add.
  • Photos and media. Photos you add to a hike. Where a photo contains embedded metadata (EXIF data such as the location and time the photo was taken), we may read that metadata to place the photo on your hike, including as a fallback method of associating photos with a location.

3.2 Location information

Location is central to how Cairn works.

  • Recorded routes. When you record a hike, we collect precise GPS location data over time to build the map and statistics of your route.
  • Background and "Always" location. Cairn offers automatic trailhead detection, which can recognise when you arrive at a hiking location. This feature requires permission to access your location in the background ("Always" location access on iOS). We disclose this clearly during onboarding, and the feature is optional. You can use Cairn without granting background access, with reduced automatic functionality.
  • Derived location features. We may compare your recorded location against public geographic boundaries (for example, national park boundaries) to provide features such as park recognition.

You control location permissions at any time through your device settings. Revoking access will limit the relevant features.

3.3 Subscription and purchase information

  • Subscriptions to Cairn+ and purchases of physical products are processed by Apple and managed through RevenueCat. We receive confirmation of your subscription status and purchase history. We do not receive or store your full payment card details. Payment is handled by Apple under Apple's own terms and privacy policy.
  • For physical products (such as a printed Trip Book), we collect the shipping address you provide so the product can be manufactured and delivered.

3.4 Information collected automatically

  • Device and technical information. Basic device type, operating system version, app version, and similar technical data used for compatibility, diagnostics, and to keep the Service working.
  • Usage information. We use PostHog, a product analytics provider, to collect information about how the app is used, such as feature interactions and events. This helps us understand usage patterns, diagnose problems, and improve the Service.

4. How we use your information

We use your information to:

  • Provide the core Service: record, store, map, and display your hikes.
  • Generate written narratives and recaps of your hikes using artificial intelligence (see section 6).
  • Back up and synchronise your data across your devices.
  • Provide trailhead detection, park recognition, and similar location features.
  • Process and fulfil subscriptions and physical product orders.
  • Maintain security, prevent misuse, diagnose problems, and improve the Service.
  • Communicate with you about the Service, including important service notices.
  • Comply with our legal obligations.

5. Legal bases for processing (UK and EEA users)

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:

  • Performance of a contract: to provide the Service you have signed up for.
  • Consent: for background location access and any optional features that request it. You may withdraw consent at any time.
  • Legitimate interests: to secure, maintain, and improve the Service, where those interests are not overridden by your rights.
  • Legal obligation: where we are required to process information by law.

6. Artificial intelligence and your hike data

Cairn uses a third-party AI provider (Anthropic) to generate written narratives and recaps of your hikes. To do this, relevant details of a hike (such as route statistics, place names, timing, and notes) are sent to the provider's API to produce the narrative, which is then stored with your hike. AI-generated narratives are produced automatically and may contain inaccuracies. They are intended as a creative recap, not a factual record.

7. How we share your information

We do not sell your personal information. We share information only as needed to operate the Service, with the providers below, and as otherwise described in this policy.

7.1 Service providers (sub-processors)

ProviderPurposeData involved
SupabaseCloud database, authentication, storage, backup, and sync (hosted in Sydney, Australia)Account details, hike content, photos, location data
AnthropicAI generation of hike narrativesHike details sent to generate the narrative
RevenueCatSubscription managementSubscription status and purchase identifiers
AppleApp distribution, in-app purchases, push notificationsPurchase and device information handled by Apple
MapboxMap and terrain displayLocation and route data needed to render maps
LuluPrint-on-demand and delivery of physical Trip BooksTrip Book content and your shipping address
RailwayServer hosting used to generate Trip Book documentsHike content processed to create the document
PostHogProduct analyticsApp usage and interaction events

Some of these providers are located overseas. See section 10 on international transfers.

7.2 Sharing features you choose to use

Cairn lets you create a shareable web link to a Trip Book. Anyone with that link can view the shared Trip Book without an account. Only share links with people you intend to. You can disable or revoke a share link from within the app.

7.3 Legal and safety disclosures

We may disclose information if required by law, to enforce our terms, or to protect the rights, safety, and property of Cairn, our users, or others.

7.4 Business transfers

If Cairn is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

8. Data storage, location, and security

Your hike data is stored locally on your device and backed up to our cloud database (Supabase), which is hosted in Sydney, Australia, so that your memories are not lost. All users receive backup of their data. Multi-device synchronisation is a feature of Cairn+.

We take reasonable steps to protect your information using measures appropriate to its sensitivity, including encrypted connections and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Data retention

We retain your personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete your associated data from our active systems within a reasonable period. Some information may persist for a limited time in encrypted backups, or be retained where required for legal, accounting, or fraud-prevention purposes. Information held by payment and print providers is retained under their own policies.

10. International data transfers

We are based in Australia, and our primary database is hosted in Sydney, Australia. Some of our service providers are located overseas, including in the United States (for example, our AI, subscription, analytics, mapping, and printing providers). When your information is transferred outside your country, we take reasonable steps to ensure it is handled in line with this policy and applicable law. For UK and EEA users, such transfers are made using appropriate safeguards, such as Standard Contractual Clauses where required.

11. Your rights and choices

You can:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate or out of date.
  • Export your content, including your hikes and associated data, from within the app.
  • Delete your account and associated data from within the app.
  • Control permissions such as location and photo access through your device settings.

If the UK or EU GDPR applies to you, you also have rights to restrict or object to processing, to data portability, and to withdraw consent. To exercise any right, contact us at privacy@get-cairn.app. We will respond within the time required by applicable law.

12. Children's privacy

Cairn is not directed at children. You must be at least 16 years old to use the Service. We do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information, contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by other reasonable means and update the "Last updated" date above. Continued use of the Service after changes take effect means you accept the updated policy.

14. Complaints

If you have a concern about how we have handled your personal information, please contact us first at privacy@get-cairn.app so we can try to resolve it. If you are in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. UK users may contact the Information Commissioner's Office (ICO), and EEA users may contact their local supervisory authority.