Privacy Policy

Effective date: March 19, 2026

Last updated: March 19, 2026

This Privacy Policy describes how Anders Forge LLC ("we," "us," or "our") collects, uses, and protects information when you use the MileWarden mobile application (the "App") and the milewarden.com website (the "Website"), collectively referred to as the "Service."

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Our Privacy Principles

  • No GPS or location tracking.MileWarden never accesses, requests, or stores your device's location data. We do not use background location services.
  • Optional VIN input. You may optionally enter your vehicle identification number (VIN) to speed up onboarding by auto-populating vehicle details. VIN entry is entirely voluntary and is not required to use the App.
  • Local-first data storage. Your mileage data is stored primarily on your device. You may optionally enable cloud sync (powered by Supabase) to back up your data or access it across devices. Cloud sync is opt-in and disabled by default.
  • No data selling. We never sell, rent, or trade your personal information to third parties for marketing or advertising purposes.
  • No third-party advertising. MileWarden does not display ads and does not share data with advertising networks.

2. Information We Collect

2.1 Information You Provide (App)

When you use the MileWarden App, you may provide the following information:

  • Lease and vehicle details — mileage allowance, lease term, start date, penalty rate, vehicle make, model, and year
  • Odometer readings — mileage entries you manually input
  • Vehicle Identification Number (VIN) — optionally provided to auto-populate vehicle details during setup

This data is stored locally on your device by default. If you enable cloud sync, it is transmitted to and stored on our cloud infrastructure (see Section 5).

2.2 Information You Provide (Website)

When you visit or interact with the Website, you may provide:

  • Email address — if you voluntarily sign up for early access or our mailing list
  • Vehicle count — optionally provided during early access signup
  • Contact form submissions — name, email, and message content if you contact us

2.3 Information Collected Automatically

Website analytics: We use PostHog for anonymous website analytics. This may include pages visited, time spent, referral source, browser type, device type, and approximate geographic region (country/city level, derived from IP address). We do not use this data to personally identify you.

App analytics: The App does not collect analytics data unless you have enabled cloud sync. If cloud sync is enabled, we may collect anonymized usage metrics (e.g., feature usage counts) to improve the App. These metrics cannot be tied to your identity.

2.4 Information We Do Not Collect

  • GPS or device location data
  • Contacts, photos, or camera data
  • Call logs or SMS messages
  • Biometric data
  • Financial or payment information (purchases are handled by Apple App Store or Google Play Store)
  • Health or fitness data
  • Advertising identifiers (IDFA/GAID)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service — calculate your mileage status, display lease projections, and deliver notifications
  • Cloud sync — if enabled, securely store and synchronize your data across your devices
  • Communications — send you product updates, launch notifications, or responses to your inquiries (only if you provided your email)
  • Improve the Service — analyze anonymous website usage patterns to improve content and user experience

We do not use your data for profiling, automated decision-making, or targeted advertising.

4. Data Sharing and Third Parties

We share data with the following service providers, solely to operate the Service:

ProviderPurposeData Shared
SupabaseCloud sync and data storage (opt-in)Lease details, odometer readings, vehicle info, VIN (if provided)
ResendEmail deliveryEmail address
PostHogWebsite analyticsAnonymous usage data, IP address (anonymized)
VercelWebsite hostingStandard web server logs

We do not share your data with any other third parties except:

  • When required by law, legal process, or government request
  • To protect our rights, safety, or property
  • In connection with a merger, acquisition, or sale of assets (you would be notified)

5. Cloud Sync and Data Storage

Local Storage (Default)

By default, all App data is stored locally on your device using on-device storage. This data is not transmitted to any server. If you uninstall the App, locally stored data is permanently deleted.

Cloud Sync (Opt-In)

If you choose to enable cloud sync, your data is encrypted in transit (TLS 1.2+) and stored on Supabase infrastructure. Cloud sync allows you to:

  • Back up your data to prevent loss
  • Access your data across multiple devices

You can disable cloud sync at any time in the App settings. You may also request deletion of your cloud-stored data (see Section 8).

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmitted to our servers uses TLS 1.2+ encryption
  • Cloud-stored data is hosted on Supabase with row-level security policies
  • Email data is managed by Resend with industry-standard security practices
  • We do not store passwords in plain text
  • Access to production systems is restricted to authorized personnel

No method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Data Retention

  • App data (local) — retained on your device until you delete it or uninstall the App
  • App data (cloud sync) — retained until you delete it, disable cloud sync, or request account deletion
  • Email addresses — retained until you unsubscribe or request deletion
  • Website analytics — retained for 12 months, then automatically purged
  • Contact form submissions — retained for 24 months or until your inquiry is resolved, whichever is later

8. Your Rights and Choices

You have the following rights regarding your data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your data from our systems. For cloud-synced data, you can delete it through the App or contact us directly.
  • Portability — request your data in a machine-readable format
  • Opt out of email — unsubscribe from marketing emails at any time using the unsubscribe link in any email
  • Opt out of analytics— disable website analytics tracking through your browser's Do Not Track setting or by using an ad blocker
  • Disable cloud sync — turn off cloud sync at any time in App settings; your data will remain local only

To exercise any of these rights, contact us at privacy@milewarden.com. We will respond within 30 days.

9. Children's Privacy

MileWarden is not directed at children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@milewarden.com and we will promptly delete it.

10. International Data Transfers

Your data may be transferred to and processed in the United States, where our servers and service providers are located. By using the Service, you consent to such transfer. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected, used, and shared
  • The right to delete personal information
  • The right to opt out of the sale of personal information (we do not sell your data)
  • The right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including access, rectification, erasure, data portability, restriction of processing, and the right to object to processing. Our legal basis for processing your data is:

  • Consent — for email collection and cloud sync
  • Legitimate interest — for anonymous website analytics
  • Contract performance — for providing the Service

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you via email (if you have provided one) or by placing a prominent notice on the Website or within the App. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Account Deletion

You can delete your account and all associated cloud-synced data at any time through the App settings. Alternatively, you can request account deletion by contacting us at privacy@milewarden.com. Upon receiving your request, we will delete your data within 30 days. Locally stored data is deleted when you uninstall the App.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Anders Forge LLC
Email: privacy@milewarden.com
Website: milewarden.com/contact