Last Updated: November 21, 2025
Effective Date: November 21, 2025
Introduction
Welcome to Outpass ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our mobile application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
By using Outpass, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
1.1 Personal Information You Provide
When you create an account and use our App, we collect the following information:
- Account Information: Name, email address, phone number, date of birth, gender, nationality
- Profile Information: Profile photo, cover image, city, country, short biography
- Authentication Data: Login credentials via our secure authentication system
- Experience Information: Experience level, sports preferences, preparation level, last outdoor adventure date
- Health Information: Cardiac conditions, smoking habits, allergies and allergy notes, food restrictions
- Trip Bookings: Adventure bookings, trip participation, itineraries, travel documents
- Bucket List: Adventures and destinations you've saved for future trips
- Reviews and Ratings: Your reviews of adventures, agencies, and guides
- User-Generated Content: Photos, posts, and other content you upload
1.2 Information Collected Automatically
- Device Information: Device name, operating system, app version, unique device identifiers
- Usage Data: Features used, screens viewed, time spent in the app, interactions with content
- Photos and Media: When you choose to upload photos from your device's camera or photo library
- Push Notification Tokens: Firebase Cloud Messaging (FCM) tokens for sending you notifications
- Language and Locale: Device language settings for providing localized content
- Analytics Data: App performance, crash reports, and usage statistics via Firebase Analytics
1.3 Information We Do NOT Collect
- Location Data: We do NOT track your real-time GPS location or collect precise geolocation data
- Contacts: We do not access your device contacts
- Microphone (except for video recording if you choose to record videos)
- Bluetooth or Sensors: We do not access Bluetooth or device sensors
2. How We Use Your Information
We use the collected information for the following purposes:
2.1 Core App Functionality
- Provide, operate, and maintain the App
- Create and manage your user account
- Process your adventure bookings and trip participation
- Match you with appropriate adventures based on your experience and preferences
- Facilitate communication about your trips and adventures
- Store and display your profile, photos, and user-generated content
2.2 Personalization
- Customize your experience based on your preferences
- Provide adventure recommendations
- Display content relevant to your interests and experience level
2.3 Safety and Health
- Assess adventure suitability based on your health profile
- Provide appropriate health and safety information for trips
- Communicate important health and safety updates
2.4 Communication
- Send you push notifications about your trips, bookings, and adventures (with your consent)
- Respond to your inquiries and support requests
- Send important updates about the App and our services
- Communicate with other adventurers and guides on your trips
2.5 Analytics and Improvement
- Analyze how users interact with the App
- Identify and fix bugs and technical issues
- Improve App performance and user experience
- Develop new features and services
2.6 Legal and Security
- Comply with legal obligations
- Enforce our Terms of Service
- Protect against fraudulent or illegal activity
- Resolve disputes
3. How We Share Your Information
3.1 With Other Users
Certain information is visible to other users based on your privacy settings:
- Profile information (name, photo, bio, experience level)
- Reviews and ratings
- Trip participation (other adventurers on the same trip can see your profile)
- User-generated content you choose to share
3.2 With Service Providers
We share information with third-party service providers who perform services on our behalf:
- Firebase (Google): Analytics, crash reporting, and push notifications
- Expo: App development and deployment infrastructure
- Azure (Microsoft): Cloud hosting and backend services
- Authentication Providers: For secure login via OpenID Connect
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
3.3 With Adventure Agencies and Guides
When you book a trip, we share necessary information with the adventure agency and guides:
- Your name and contact information
- Relevant health and medical information for safety purposes
- Emergency contact details
- Required travel documents and paperwork status
3.4 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Legal processes (subpoenas, court orders)
- Requests from public and governmental authorities
- Protection of our rights, privacy, safety, or property
- Emergency situations involving potential harm to individuals
3.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
4. Third-Party Services
Our App integrates with the following third-party services:
4.1 Firebase (Google LLC)
4.2 Expo
- Purpose: App development, updates, and error tracking
- Data Collected: Device information, error logs
- Privacy Policy: https://expo.dev/privacy
4.3 Azure (Microsoft)
5. Data Storage and Security
5.1 Health Information and HIPAA
Important Note About Health Data:
While we collect certain health information (allergies, medical conditions, fitness level) to ensure your safety during adventures, Outpass is not a healthcare provider and is not subject to HIPAA (Health Insurance Portability and Accountability Act).
What this means:
- We are an adventure travel platform, not a medical service
- Health information is used solely for adventure safety assessment and trip suitability
- We do not provide medical advice, diagnosis, or treatment
- We are not a covered entity or business associate under HIPAA
How we protect your health data:
- We treat health information as highly sensitive data
- We apply the same rigorous security standards as HIPAA-covered entities
- We comply with GDPR, CCPA, and LGPD requirements for sensitive personal information
- We only share health data with adventure agencies and guides when you book a trip (for safety purposes)
- You can delete your health data at any time by deleting your account
Your responsibility: The health information you provide should be accurate and up-to-date to ensure your safety. If you have specific medical concerns, please consult with a healthcare provider before participating in adventure activities.
5.2 Data Storage
- Local Storage: Some data is stored locally on your device using AsyncStorage for offline access and performance
- Cloud Storage: Your profile data, bookings, and user-generated content are securely stored on our servers hosted on Microsoft Azure
- Encryption: Data transmitted between your device and our servers is encrypted using industry-standard HTTPS/TLS protocols
- Secure Authentication: We use OpenID Connect with PKCE for secure authentication
5.3 Data Retention
- Account Data: We retain your account information for as long as your account is active
- Trip Data: Historical trip data is retained indefinitely for your records and statistics
- Analytics Data: Analytics data is retained according to Firebase's retention policies (typically 14 months)
- Deleted Account: When you delete your account, we remove your personal information within 30 days, except where retention is required by law
5.4 Security Measures
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit (HTTPS/TLS)
- Secure authentication protocols (OIDC with PKCE)
- Access controls and authentication
- Regular security assessments
- Secure cloud infrastructure (Azure)
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Privacy Rights and Choices
6.1 Access and Update
You can access and update your personal information at any time through the App:
- Profile settings
- Experience and health profile
- Privacy preferences
- Notification settings
6.2 Push Notifications
You can control push notifications:
- iOS: Device Settings > Notifications > Outpass
- Android: Device Settings > Apps > Outpass > Notifications
- In-App: Account settings in the App
6.3 Camera and Photos
You can control camera and photo access:
- iOS: Device Settings > Privacy > Photos/Camera > Outpass
- Android: Device Settings > Apps > Outpass > Permissions
6.4 Account Deletion
You have the right to delete your account at any time:
Method 1: In-App Account Deletion
- Open the Outpass app
- Go to Settings > Account Settings
- Select "Delete Account"
- Follow the confirmation steps
Method 2: Email Request
- Email: support@outpass.app
- Subject: "Account Deletion Request"
- Include: Your registered email address and user name
- We will process your request within 30 days
When you delete your account:
- Your profile and personal information will be permanently deleted
- Your bookings and trip history will be anonymized
- Some information may be retained for legal compliance
- User-generated content may be retained in an anonymized form
6.5 Region-Specific Rights
Depending on your location, you may have additional rights:
European Union (GDPR)
- Right to access your data
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
California (CCPA/CPRA)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (Note: We do NOT sell your information)
- Right to non-discrimination
Brazil (LGPD)
- Right to confirmation of data processing
- Right to access your data
- Right to correction of incomplete or inaccurate data
- Right to anonymization, blocking, or deletion
- Right to data portability
To exercise these rights, contact us at: privacy@outpass.app
7. Children's Privacy
Outpass is not intended for use by children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children under these ages.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@outpass.app, and we will delete such information from our systems.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses (EU)
- Azure's global data protection commitments
- Compliance with applicable data protection laws
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new Privacy Policy in the App
- Updating the "Last Updated" date
- Sending you a notification (if appropriate)
Your continued use of the App after changes become effective constitutes acceptance of the updated Privacy Policy.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@outpass.app
Support Email: support@outpass.app
Mailing Address:
Outpass / HikePass
Avenida de las Américas 8334
Barra de Carrasco, Canelones 15000
Uruguay
Data Protection Officer (if required in your region):
dpo@outpass.app
11. Supervisory Authority
If you are located in the European Union, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates data protection laws.
Public URL: This Privacy Policy is available at: https://outpass.app/privacy
Related Documents: