BusPass ("we", "us") is built and operated by Teja Naga trading as BusPass, from Ireland. We take privacy seriously and collect only what is needed to run the service. This policy covers buspass.ie and the BusPass app.
1. What we collect
Name and email when you request beta access or create an account, so we can contact you and verify eligibility.
College email if you sign up for the Student plan, to verify eligibility.
Account data — email address and authentication token via Firebase Authentication.
App preferences — saved stops, favourite routes, and journey history, stored in Firebase Firestore so they sync across your devices.
Subscription status — your plan type, renewal date, and payment status. We do not store card numbers; those stay with our payment processor.
Basic technical logs — anonymised request logs used for debugging and abuse prevention.
2. What we don't collect
We do not track your location in the background.
We do not sell or share your data with advertisers.
We do not use third-party analytics that build profiles on you.
Premium subscribers see no ads and have no ad-related data processed.
3. How we use your data
To send invite codes and service communications.
To operate your account — sign-in, saved routes, preferences.
To manage your subscription — billing, renewals, cancellations.
To improve the product using aggregate, anonymised usage patterns.
To verify student or disability eligibility where applicable.
4. Legal basis (GDPR)
Contract — processing necessary to provide the service you signed up for.
Legitimate interests — security logging, abuse prevention, service improvement.
Consent — for any optional marketing communications (you can opt out any time).
5. Third-party processors
We share data with the following trusted processors solely to operate the service:
Real-time GTFS transit data (read-only, no personal data shared)
Ireland
We do not allow these processors to use your data for their own purposes beyond what is needed to provide the service.
6. Data retention
Active accounts: retained while your account exists.
Deleted accounts: removed within 30 days of deletion request, except where retention is required by law (e.g. payment records for 7 years under Irish tax law).
Access request data: retained for 12 months for abuse prevention.
7. Your rights (GDPR)
As an Irish or EU user you have the right to:
Access — request a copy of the data we hold on you.
Rectification — correct inaccurate data.
Erasure — request deletion of your account and personal data.
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interests.
Restriction — request we limit processing while a complaint is resolved.
The marketing site (buspass.ie) uses no third-party tracking cookies. The app uses a single first-party authentication token to keep you signed in. No advertising or analytics cookies are used.
9. Children
BusPass is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, contact hello@buspass.ie and we will delete it promptly.
10. Changes to this policy
If this policy changes materially, we will update the date above and notify users by email at least 14 days before changes take effect.