Privacy Policy

Effective: 21 May 2026App: TrainKothai — BD Railways Train Info & Tracking

1. Who we are

TrainKothai is a mobile application that provides Bangladesh Railways train information, live train tracking, and schedule lookup. This policy explains what data is collected, why, and how it is handled.

2. Data we collect

2.1 Location (precise)

What:Your device's GPS coordinates (latitude, longitude).

When:Only while you are actively using the app and have granted the location permission.

Why:To crowdsource live train positions. When you are on board a train, your anonymised location helps update the train's real-time position for all users.

Stored:Location data is transmitted to our secure cloud backend. It is not linked to any personal identity.

Optional:The app works without location permission. Tracking contribution is opt-in via the onboarding screen.

2.2 App analytics & crash reports

What:Screen views, navigation events, app errors, and crash stack traces.

Service:A third-party analytics provider hosted in the United States.

Session replay:Our analytics provider records screen sessions on Android to help us diagnose UI bugs. No payment, password, or sensitive personal data is ever shown in this app.

Why:To understand how the app is used, find crashes, and improve reliability.

Personal data:None. No name, email, or account identifier is sent to our analytics provider.

2.3 Local device storage

The following data is stored only on your device and never uploaded:

Data	Storage	Purpose
Station list cache	Encrypted local storage	Makes station search instant; expires after 15 days
Onboarding status	Encrypted local storage	Remembers whether you have completed setup
Location permission state	Encrypted local storage	Avoids re-prompting each launch
Notification permission state	Encrypted local storage	Avoids re-prompting each launch

2.4 Train & schedule data

Train timetables, seat classes, running status, and delay information are fetched from our backend servers. This data is public railway information. No personal data is involved.

3. Data we do NOT collect

Name, email address, or any account credentials — the app has no login
Payment or financial information
Contacts, photos, microphone, or camera
Device identifiers linked to a person

4. Third-party services

We work with the following categories of third-party service providers. Each processes only the data necessary for their function and is contractually bound to protect it.

Category	Purpose
Cloud backend provider	Stores and serves live train data; receives anonymised location pings
Analytics & crash reporting provider	Records app usage events, errors, and screen sessions to improve reliability
App distribution platform	Distributes the app to your device (Google Play / Apple App Store)

We do not sell your data to any third party.

5. Permissions used

Permission	Why it is needed
`ACCESS_FINE_LOCATION`	GPS coordinates for crowdsourced train tracking
`ACCESS_COARSE_LOCATION`	Fallback location when GPS is unavailable
`POST_NOTIFICATIONS`	Train delay and arrival alerts (Android 13+)
`INTERNET`	Fetching live train data from our servers

6. Data retention

Data	Retention
Location pings (server)	30 days, then automatically deleted
Crash reports	1 year
Session replays	30 days
Local device cache	Until app is uninstalled or cache expires

7. Children's privacy

TrainKothai is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided data through this app, contact us and we will delete it promptly.

8. Data security

All data in transit is encrypted via HTTPS/TLS. Local storage is isolated to the app sandbox and not accessible to other apps. Our backend servers enforce strict access controls to restrict data access.

9. Your rights

You may at any time:

Revoke location permission in your device settings — tracking contribution stops immediately
Revoke notification permission in your device settings
Clear local data by uninstalling the app
Request deletion of any data we hold — email hello@trainkothai.com with subject "Data Deletion Request"

We will respond to deletion requests within 30 days.

10. Changes to this policy

We may update this policy when new features are added. The effective date at the top will be updated. Significant changes will be announced via an in-app notice.

11. Contact

For any privacy questions or requests:

hello@trainkothai.com trainkothai.com

2. Data we collect

2.1 Location (precise)

What:Your device's GPS coordinates (latitude, longitude).

When:Only while you are actively using the app and have granted the location permission.

Why:To crowdsource live train positions. When you are on board a train, your anonymised location helps update the train's real-time position for all users.

Stored:Location data is transmitted to our secure cloud backend. It is not linked to any personal identity.

Optional:The app works without location permission. Tracking contribution is opt-in via the onboarding screen.

2.2 App analytics & crash reports

What:Screen views, navigation events, app errors, and crash stack traces.

Service:A third-party analytics provider hosted in the United States.

Session replay:Our analytics provider records screen sessions on Android to help us diagnose UI bugs. No payment, password, or sensitive personal data is ever shown in this app.

Why:To understand how the app is used, find crashes, and improve reliability.

Personal data:None. No name, email, or account identifier is sent to our analytics provider.

2.3 Local device storage

The following data is stored only on your device and never uploaded:

Data	Storage	Purpose
Station list cache	Encrypted local storage	Makes station search instant; expires after 15 days
Onboarding status	Encrypted local storage	Remembers whether you have completed setup
Location permission state	Encrypted local storage	Avoids re-prompting each launch
Notification permission state	Encrypted local storage	Avoids re-prompting each launch

2.4 Train & schedule data

Train timetables, seat classes, running status, and delay information are fetched from our backend servers. This data is public railway information. No personal data is involved.

4. Third-party services

We work with the following categories of third-party service providers. Each processes only the data necessary for their function and is contractually bound to protect it.

Category	Purpose
Cloud backend provider	Stores and serves live train data; receives anonymised location pings
Analytics & crash reporting provider	Records app usage events, errors, and screen sessions to improve reliability
App distribution platform	Distributes the app to your device (Google Play / Apple App Store)

We do not sell your data to any third party.

Permission

Why it is needed

ACCESS_FINE_LOCATION

GPS coordinates for crowdsourced train tracking

ACCESS_COARSE_LOCATION

Fallback location when GPS is unavailable

POST_NOTIFICATIONS

Train delay and arrival alerts (Android 13+)

INTERNET

Fetching live train data from our servers

Data

Retention

Location pings (server)

30 days, then automatically deleted

Crash reports

1 year

Session replays

30 days

Local device cache

Until app is uninstalled or cache expires

9. Your rights

You may at any time:

Revoke location permission in your device settings — tracking contribution stops immediately
Revoke notification permission in your device settings
Clear local data by uninstalling the app
Request deletion of any data we hold — email hello@trainkothai.com with subject "Data Deletion Request"

We will respond to deletion requests within 30 days.