This Privacy Policy explains how tktk studio LLC ("tktk studio," "we," "us," or "our"), a New York limited liability company, handles information in connection with the Tunnel Rat iOS app (the "App"). It covers the Tunnel Rat App only. The sections below describe the limited information the App handles, why, and the service providers involved.
Information stored only on your device
The following is kept locally on your iPhone and is not transmitted to us. It is removed when you delete the App.
- Location. When you grant location access, the App uses your location on your device only β to surface nearby stops, center the Map, show a "nearby station" prompt, and draw the heading arrow. We do not receive or store your location. (See Section 4 for detail.)
- Favorites and saved places. The stops you favorite, the per-stop line filters you set, and any saved places such as Home or Work β including their addresses and coordinates β are stored on your device.
- Recent searches. Stored as a short list of stop identifiers on your device.
- Trip state. An in-progress trip is stored on your device and cleared automatically after a few hours.
- App settings and onboarding state. Appearance, layout, notification preference toggles, and similar settings.
- Draft contact details. If you enter your name or email into the feedback form, the App saves them on your device to pre-fill the form next time. They are not sent to us unless you submit a report.
Information we receive when you enable notifications
Notifications are off until you turn them on. If you enable them, the App registers your device with our backend so we can deliver the alerts you've subscribed to. We receive:
- A random device identifier. A randomly generated identifier created on your device. It is not your name, Apple ID, phone number, or Apple's advertising identifier, and it is not used for advertising. We use it only to manage your notification subscriptions.
- Your Apple push token. The token iOS provides so that Apple can route push notifications to your device.
- Your notification preferences. The subway lines you choose to follow, which categories of alerts you want (for example, disruptions, delays, all-clear), any optional borough filters, and any quiet-hours or active-days schedule you set, plus your device time zone (used to apply quiet hours correctly).
We do not receive your favorite stops, saved places, recent searches, or location through this process.
This information lets us, and our service providers, determine which devices should receive a given alert and send it. Taken together, these preferences can indicate which lines and areas you care about; we use them only to deliver the notifications you requested.
Information we receive when you contact us or submit feedback
The App includes a feedback / "report a data issue" form. Submitting it is always your choice. When you submit, we receive:
- Your message (required) and any details you add, such as affected lines or stops, and your category selection.
- Your name and email β only if you choose to provide them (both optional). These help us follow up with you.
- Basic technical details ("diagnostics") about your device and the App, attached automatically to help us debug: for example, the App version, your iOS version, your device model (e.g. "iPhone16,1"), your language/region and time zone, network status, available storage, and recent in-app diagnostic log lines. These diagnostics do not include your coordinates or identity beyond an email you choose to provide.
- A screenshot β only if you opt in. The screenshot option is off by default. The form warns you that a screenshot "could include your location, if it's in the image." We only receive a screenshot if you turn that toggle on.
When you submit a report, your IP address is processed to enforce a rate limit (a basic anti-abuse measure that limits how many reports can be sent from one network in a short window).
Reports are handled through the third-party services described in Section 5 (our issue tracker and an AI service used to categorize incoming reports). Please don't include sensitive personal information, or other people's personal information, in a report.
Location, in detail
- Permission level. The App requests "While Using the App" location access only. It never requests background or "Always" location. The system prompt explains: "Tunnel Rat uses your location to find nearby stops."
- On-device only. Your location is used entirely on your device. We do not transmit your location to our servers and do not store it.
- Directions hand-off to Apple Maps. If you tap "Directions" to get walking directions to or from a station, the App opens Apple Maps and passes the relevant start/end coordinates to Apple so it can provide directions. That hand-off is initiated by you, and is governed by Apple's privacy policy.
- Opt-in screenshots. As noted above, a screenshot you choose to attach to a report could visually contain your location (for example, if the Map is on screen). This only happens if you turn the screenshot toggle on.
You can change or revoke location access at any time in iOS Settings β Privacy & Security β Location Services, or within the App's settings.
Service providers and third parties
We rely on a small set of service providers ("sub-processors") to operate the App. We share only what each provider needs for its function. We do not sell your information, and we do not use it for advertising.
| Provider | What it does | What it receives |
|---|
| Apple | Delivers push notifications (APNs); App Store distribution; Apple Maps directions | Your push token and notification content (built from public MTA data); your start/end coordinates if you request directions |
| Supabase (hosted on Amazon Web Services in the United States) | Our backend database and server functions | Your device identifier, push token, and notification preferences (Section 2) |
| Cloudflare | Content-delivery network that caches public transit data | No personal data. As with any network provider, Cloudflare processes connection metadata such as IP address to route and cache requests. |
| Anthropic (Claude AI) | (a) Generates summaries of public MTA alerts; (b) helps categorize incoming feedback reports | For (a): public MTA alert text only β no user data. For (b): the contents of a report you submit, including your message, optional email, diagnostics, and recent logs. Anthropic processes this as our service provider and, under its commercial terms as of this policy's effective date, does not use it to train its AI models. |
| Linear | Our internal issue tracker, where feedback/bug reports are recorded and triaged | The contents of a report you submit: your message, optional name and email, diagnostics, recent logs, and any screenshot you opted to attach |
| Sentry | Error monitoring for our server functions | Server-side error and diagnostic events. Sentry is not used in the App itself. In rare cases, an error generated while handling a report could incidentally include report content. |
The AI-generated alert summaries you see in the App are produced from public MTA information only β no user data is involved. AI only receives your information through the feedback/report flow, and only when you submit a report.
Each provider maintains its own privacy practices. For reference: Apple (apple.com/legal/privacy), Supabase (supabase.com/privacy), Cloudflare (cloudflare.com/privacypolicy), Anthropic (anthropic.com/legal/privacy), Linear (linear.app/privacy), and Sentry (sentry.io/privacy).
We may also disclose information if required by law, to respond to lawful requests, or to protect the rights, safety, and security of our users, the public, or tktk studio.
What we do not collect
To be explicit, the App does not:
- require an account, login, name, or email to function;
- send your precise location to our servers, or store it on our servers;
- use advertising identifiers (such as Apple's IDFA), ad tracking, or cross-app/cross-site tracking;
- include any third-party analytics, marketing, attribution, or advertising software;
- sell, rent, or trade your information; or
- build advertising profiles about you.
Do Not Track. Tunnel Rat is a mobile app, not a website, so there are no browser "Do Not Track" signals for us to honor β but either way, we don't track you across apps or websites.
How long we keep information
- On-device data (Section 1) stays on your device until you delete it or uninstall the App.
- Notification data (Section 2) is kept while your device remains registered for notifications. If you turn notifications off or delete the App, your push token eventually becomes invalid, and our servers automatically delete the associated registration the next time a notification send is attempted. In any case, any registration inactive for 90 days is deleted automatically. (Deleting a device registration also deletes its notification subscriptions.)
- Feedback and reports (Section 3) are retained in our issue tracker for as long as needed to address the issue, and are deleted within 2 years.
- Anti-abuse rate-limit records (an IP address and a counter) are kept only briefly for abuse prevention and automatically deleted within 30 days.
You're in control of this data β see Section 9 for how to delete it.
Security
We take reasonable measures to protect information:
- All network communication uses HTTPS.
- Our database enforces access controls so that the App's public key cannot read or write user-data tables directly; that data is reachable only through our server functions.
- Sensitive credentials are stored server-side in a secured vault and are never shipped inside the App.
- The device identifier we use is random and is not tied to your name or Apple ID.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
If a breach occurs. If we become aware of a security breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.
Your choices and rights
Regardless of where you live, you can:
- Control location β grant or revoke "While Using the App" access in iOS Settings at any time.
- Control notifications β turn notifications and individual categories on or off in the App or in iOS Settings. Turning them off stops the App from sending notification data to our servers.
- Choose what's in a report β name and email are optional, and screenshots are opt-in.
- Remove on-device data β delete the App to remove the information stored on your device.
- Delete your server-side data β because the App has no account, your notification data isn't linked to your identity, and we have no way to look up which anonymous device is yours. You can delete it yourself: turn off notifications or delete the App, and your registration is automatically removed once your device stops receiving notifications.
- Delete feedback you've sent β if you included your email in a report, email us from that address at hi@tktk.studio and we'll delete it.
We will respond to verifiable requests within a reasonable time and as required by applicable law. We do not sell personal information and do not discriminate against you for exercising these choices.
Children's privacy
Tunnel Rat is intended for a general audience and is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us at hi@tktk.studio and we will delete it.
International users
We are based in the United States, and the limited server-side information we handle is processed in the United States. If you use the App from outside the United States, you understand that your information may be processed in the United States, where data-protection laws may differ from those in your location.
Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above, and for material changes we will provide a more prominent notice (such as in the App). Your continued use of the App after an update means you accept the revised policy.
