Privacy at viaduct

It's Your Data. And It Should Stay That Way.

viaduct stands for responsible handling of data privacy. We only collect personal data to the extent necessary for functionality and store it according to the highest security standards on servers within the European Union.

  • Separate Data Storage. Your train journeys recorded with the viaduct app are stored separately from your login data. Data from the viaduct shop is physically decoupled from data of the viaduct app.
  • Data-Sensitive Design. viaduct has been developed based on principles of data sensitivity. We only store what is absolutely necessary. Our app runs efficiently without external tracking scripts, and we can avoid cookie banners.
  • Transparency. Do you have questions about data privacy or want to inform us of something? Feel free to contact us at any time.
  • No Google Analytics. The viaduct app does not use Google Analytics to track your behavior.
  • viaduct Shop. The viaduct shop is physically separated from the viaduct app — direct data exchange does not occur. As a result, when purchasing in the viaduct shop, you may need to enter your email address again. The shop's privacy policy can be found at shop.viaduct.world.

In Detail

Personal Data

We collect only what is necessary: your email address and username when you register. If you add a profile picture or photos, these are stored securely. Social interactions such as follows and followers are recorded to power those features. Server logs (browser type, IP address, timestamps) are retained temporarily for security and operational purposes and are not linked to your profile.

Uploaded Content

Photos and profile pictures you upload are stored on our servers within the European Union. They may be visible to other users according to your privacy settings. You can delete your uploaded content at any time from your account settings. We do not use your photos for advertising or share them with third parties.

Trip Extraction

When you upload a ticket photo, screenshot, or PDF to create a trip, information is transmitted to Mistral AI SAS (Paris, France) acting as a data processor on our behalf. We process your file solely to extract the trip information. Uploaded files are discarded immediately after extraction and are not stored by us or Mistral AI SAS beyond what is required for processing. As an EU-based processor, Mistral AI SAS is bound by a data processing agreement in accordance with GDPR Article 28. For details, see their Data Processing Addendum.

Cookies

We use cookies solely to keep you logged in and to make core features work. We do not use cookies for advertising or cross-site tracking. You can use viaduct without cookies, but features like staying logged in will not be available.

Payments

Patron subscriptions are processed by Stripe. We receive only the minimum information needed to manage your subscription (such as your email address and subscription status). Your full payment details are handled by Stripe and never stored by us. We do not share your trip data or travel records with Stripe. For details, see Stripe's Privacy Policy.

External Links

viaduct may contain links to other websites. We are not responsible for their content or privacy practices.

Security

We apply technical and organizational measures to protect your data from unauthorized access, loss, or disclosure. Our infrastructure is hosted within the European Union. We review and update our security practices regularly.

Your Rights

Under GDPR you have the right to access, correct, delete, restrict, or export your data, and to withdraw consent at any time. To exercise your rights, contact us at [email protected]. If you believe your rights have been violated, you may file a complaint with the Austrian Data Protection Authority (DSB), Barichgasse 40–42, 1030 Vienna.