Privacy Policy - Roamio by Skylake Labs

Overview

Roamio is designed with privacy as a core principle. Your travel data stays on your device and is encrypted. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

Stored Locally on Your Device:

Travel history (countries, entry/exit dates)
Visa information (type, validity, countries)
Passport details (number, country, expiration)
Document scans and photos
Location data (for automatic country detection)
User preferences and settings

Important: This data is encrypted using AES-GCM encryption and stored in your device's secure storage. We cannot access this data.

Data NOT Transmitted by Default:

We do NOT transmit your travel history, passport details, or visa entries to Skylake Labs Pte Ltd servers
Remote updates use standard HTTPS connections (IP address inherently exposed, but no device identifiers or personal data transmitted)
We do NOT track your location for advertising or profiling
We do NOT sell your data to third parties
We do NOT require account creation or login

Audit Logging for Compliance

The App maintains an append-only audit log stored locally on your device to help you track changes to your travel records for tax and visa compliance purposes. This log records:

Actions performed (create, modify, delete) on trips, visas, and documents
Timestamp of each action
Field-level changes (old value vs new value)
Reason for change (if provided)
Device information (model, OS version)

Important: Audit logs are stored locally on your device and synced via iCloud if sync is enabled. They are designed to be append-only for legal compliance and cannot be individually deleted. Logs are included in data exports and deleted when you delete the app or clear all data.

Location Services

The App uses location services to automatically detect country changes. Location data:

Processed entirely on-device
Never transmitted to external servers
Used solely for country detection
Can be disabled in Settings
Uses battery-efficient significant location change monitoring

Important: Background location access is requested only to detect country changes when the app is not active. You can disable this in Settings.

Camera & Photo Library

The App may request access to:

Camera: For scanning passport MRZ (Machine Readable Zone) and document photos
Photo Library: For importing existing travel photos and documents

Photos and scans:

Are encrypted and stored locally
Are never uploaded to external servers
Can be deleted at any time

Notifications

The App may send local notifications for:

Visa expiration reminders
Tax residency threshold warnings
90-day reporting deadlines
Country change confirmations

Notifications are generated on-device and do not involve external servers.

iCloud Sync (Optional)

If enabled, the App syncs your data via iCloud using CloudKit and iCloud Drive:

Core Data via CloudKit: Travel history, visas, trips, tax residency records, and preferences sync across your devices
Documents via iCloud Drive: Encrypted document files (passport scans, photos) with encryption keys synced via iCloud Keychain
All data encrypted using Apple's security (CloudKit encryption for database, AES-GCM for document files)
Accessible only on your devices signed into your iCloud account
Can be disabled at any time in Settings → iCloud Sync (app restart required)
Subject to Apple's privacy policy

Remote Updates & Metadata

When Automatic Updates are enabled, the App periodically contacts Skylake Labs Pte Ltd servers to download updated visa rules, Schengen configurations, and tax residency thresholds. These requests use standard HTTPS connections, which inherently expose your IP address to the server. No additional device information, user identifiers, or personal data is transmitted. Your travel history, passport data, and document scans are not transmitted during this process. You can disable Automatic Updates in Settings → Visa Rules Database → Automatic Updates, after which the App will only check for updates when you manually request it.

Analytics & Crash Reporting

We do not collect analytics or automatically send crash reports to Skylake Labs Pte Ltd. The Diagnostics Manager can generate crash logs and redact sensitive patterns, but these files remain on your device unless you choose to export or share them with us. If we ever introduce optional analytics, we will prompt you first and limit it to anonymous technical data (device model, OS version, crash logs) that excludes personal information, travel history, passport data, or location.

Important: By default, no analytics or crash data is transmitted to Skylake Labs Pte Ltd. Sharing occurs only when you enable Automatic Updates or manually send diagnostics or support emails, as described in this policy.

Third-Party Services

The App uses limited third-party services:

Apple App Store: For subscriptions and payments (subject to Apple's privacy policy)
StoreKit: For in-app purchases (no payment data stored locally)
Cloud hosting providers engaged by Skylake Labs Pte Ltd to deliver remote visa and tax database updates (receive IP address and technical metadata only)

We do NOT use:

Advertising networks
Social media tracking
Analytics platforms that collect personal data

Support Communications & Feature Requests

If you contact us at roamio@skylakehq.com for support or to request features, we receive the information you choose to share (such as your name, email address, message content, attachments, and any diagnostic files you include). We use this information to respond, troubleshoot issues, improve the App, and maintain records of our correspondence. Messages are processed by our email and productivity providers and are retained for up to 24 months, unless a longer period is required by law or needed to resolve an ongoing issue. You can request deletion of prior communications at any time by emailing us with the details of your request.

Diagnostics & Data Exports

The App allows you to export travel history, visa records, and diagnostics files for your own records. These exports remain on your device or the destination you choose (e.g., Files, email) until you share or delete them. If you send an export to Skylake Labs Pte Ltd for troubleshooting, we will process it only for that purpose, restrict access to authorized personnel, and delete it once the support request is resolved unless retention is required for legal reasons.

Data Security

We protect your data using:

AES-GCM encryption for sensitive documents
iOS Keychain for secure key storage
Face ID/Touch ID authentication option
File protection (data encrypted until first device unlock)
No cloud storage of unencrypted data

Your Rights

You have the right to:

Access all your data (stored locally on your device)
Export your data (CSV, PDF, Excel formats)
Delete your data (delete the App or clear data in Settings)
Disable location tracking
Disable notifications
Revoke permissions at any time

To exercise privacy rights relating to data held by Skylake Labs Pte Ltd (for example, support communications or diagnostic files you shared with us), email roamio@skylakehq.com with the subject line "Privacy Request" or write to the address listed below. We will respond within 30 days and may request additional information to verify your identity.

Data Retention & Deletion

Your data is retained:

Until you delete it manually within the App
Until you delete the App from your device
In encrypted local iOS backups (iTunes/Finder backups)
In iCloud backups if iCloud Backup is enabled

How to delete your data:

In-App: Settings → Clear All Data (if available)
Delete specific items: Swipe to delete visas, trips, or documents
Complete deletion: Delete the App from your device

Support communications and diagnostic files you share with Skylake Labs Pte Ltd are stored securely, restricted to authorized personnel, and deleted within 24 months after the ticket is closed unless a longer retention period is required by law.

We do not have access to your on-device data, so we cannot delete it remotely. All locally stored data remains under your control.

Children's Privacy

The App is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately so we can delete the information and disable the account or support ticket.

International Data Transfers

Your on-device data stays on your device. If you enable iCloud sync or Automatic Updates, data (or technical metadata associated with the update request) may be processed by Apple or Skylake Labs Pte Ltd service providers located in Singapore or other countries. When we transfer data, we rely on Apple's platform safeguards, contractual protections (such as Standard Contractual Clauses where applicable), and access controls to protect your information.

Changes to This Policy

We may update this Privacy Policy from time to time. Continued use after changes constitutes acceptance of the new policy.

Contact Us

For privacy questions or rights requests, contact our data protection team at:

Email: roamio@skylakehq.com
Mail: Data Protection Officer
Skylake Labs Pte Ltd
Singapore

Include your contact details and any supporting information so we can verify your identity and respond promptly.

Data Breach Notification

Because all your data is stored locally on your device and encrypted, we do not have access to it. In the unlikely event of a security vulnerability in the App itself, we will:

Notify users through an App update and in-app notification
Provide details about the vulnerability and steps to protect your data
Release a security patch as quickly as possible

You are responsible for:

Keeping your device secure (passcode, biometric lock)
Using device-level encryption (enabled by default on iOS)
Protecting your device from unauthorized access

California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

Right to know the categories and specific pieces of personal information we collect
Right to request deletion of personal information we hold (subject to legal exceptions)
Right to opt out of selling or sharing personal information (we do not sell personal information)
Right to receive non-discriminatory treatment for exercising your rights

To submit a CCPA request, email roamio@skylakehq.com with the subject line "CCPA Request" or write to us at the address below. We will verify your identity, respond within 45 days, and allow authorized agents to act on your behalf with written permission or power of attorney documentation.

GDPR Compliance (EU/UK Users)

For users in the European Union or United Kingdom, Skylake Labs Pte Ltd is the data controller for personal data processed outside your device (such as support communications and remote update metadata). Our lawful bases include:

Performance of a contract: Providing core app functionality and remote database updates you enable
Legitimate interests: Maintaining app security, preventing abuse, and supporting users
Consent: Optional diagnostics or marketing communications you choose to share

Data Protection Officer / Privacy Contact: roamio@skylakehq.com
Registered office: Skylake Labs Pte Ltd, Singapore

You have the right to access, rectify, erase, restrict, or port your data, to object to processing based on legitimate interests, and to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. Because most data remains on your device, exercising many of these rights can be done directly within the App; contact us for any data we process on our systems.