- The Lekaly mobile app works without an account. The features that need one (saved plans across devices, quote-request history, posting a review) are gated behind an email/password sign-up.
- The app requests no system permissions: no GPS, no camera, no contacts, no notifications, no tracking ID. Confirm in your phone’s Settings → Lekaly.
- Your saved itineraries, waypoint notes, AMS log, and obtained-permits checklist are stored on your device, not on a profile. They go with the app when you uninstall.
- If you submit a quote request, we store it in MongoDB Atlas. Our Kathmandu ops team manually forwards it to two or three matched TAAN-licensed agencies — nothing is auto-shared.
- The marketing site at lekaly.com uses a cookie-less page-view beacon. It generates a random session id in your browser’s localStorage; analytics rows auto-delete after 365 days.
- We do not sell data. We do not run ads. No third-party ad/tracking SDK ships with the app.
§01When you use the app without an account
The Lekaly mobile app is fully usable without signing in. Trek catalog, waypoint cards, permit table, AMS checker, offline maps, saved itineraries, and the obtained-permits checklist all work in airplane mode against a local cache.
When the app fetches the trek catalog or permit fees, it makes anonymous HTTPS calls to api.lekaly.com with no bearer token attached. Our server logs include the request path, response code, timestamp, and an IP fragment for abuse-detection only; we do not attach those logs to a profile, and they roll over within 30 days.
The following data sits on your device only — we cannot read it unless you tell us what it says:
- Saved trek plans (name, dates, party size).
- Waypoint contact notes (your own annotations on a lodge).
- Obtained-permits checklist (which permits you have already picked up).
- AMS check-ins (resting heart rate, headache score, dates).
- App preferences (units, language, theme).
§02When you create an account
You can choose to register with an email and password. We use the account for three things only: showing your quote-request history, letting you post a moderated trek review, and (in a future release) syncing saved plans across devices.
The profile we store in MongoDB Atlas can include:
- Email address (required) and bcrypt-hashed password.
- First and last name, optional photo URL.
- Optional self-reported profile fields you choose to fill in: home base country/city, trekking experience level, emergency-contact name and phone, insurance policy reference, and a short medical-note field (e.g. “ciprofloxacin allergy”).
- Last four characters of your passport number, if you enter it. We use this only to pre-fill the permit checklist — not to verify identity.
- A push-notification token, only if and after you tap “Yes” on the in-app opt-in. You can revoke this at any time from Settings.
The optional fields exist because trekkers asked for them — they make a quote request faster to fill in. They are never required to use the app. You can clear any of them from Settings → Profile at any time.
§03What we deliberately don’t collect
- Your location. The app does not request NSLocationWhenInUseUsageDescription or Android ACCESS_FINE_LOCATION. The offline map renders a static SVG of the trail — there is no “where am I?” pin.
- Your address book or photos. No contacts or media library permission is ever asked for.
- Advertising identifiers. The app does not request App Tracking Transparency (Apple) or Advertising ID (Android). It does not bundle Meta SDK, AppsFlyer, Adjust, Branch, or any equivalent.
- Third-party analytics or crash SDKs. There is no Firebase Analytics, no Sentry, no PostHog, no Mixpanel, no Crashlytics in the mobile bundle. We do not see when the app opens or which screens you visit.
- Continuous background activity. The app has no background-fetch task, no silent push, no “phone home” ping.
§04Quote requests (opt-in)
The quote flow is the only feature that sends what you typed off your phone. It runs only when you tap Send to agencies at the end of the request form.
We store the request in MongoDB Atlas with: trek and variant slug, start/end dates, party size, services requested (guide, porter, lodging, transport), budget band, a free-text preferences field, and the reply-to email you give us. If you were signed in, we attach your user id so you can see status in My quote requests.
Our Kathmandu ops desk reviews each request and forwards it to two or three TAAN-licensed agencies on the pilot panel. The forwarding is manual — there is no automatic distribution. Agencies receive the trek/dates/party/services payload; your name and contact details are revealed only after you accept a specific quote.
Quote requests are retained while the trip is being planned and for a period afterwards for our own records and dispute resolution. You can ask us to delete a specific request at any time (see §12); we confirm deletion within 14 working days.
§05Reviews (opt-in)
Signed-in trekkers can post a review of a trek. We store: your user id, the display name and country shown on your profile, the trek slug, a star rating, a title, and your review body.
Every review goes into a moderation queue before it appears publicly. Our ops team can approve, flag, or remove a review and records who did so and when. Published reviews appear on the public trek page; pending or flagged reviews are visible only to you and to ops staff.
§06Agency applications & messages from this site
The for-agencies page has an application form for TAAN-licensed agencies. When you submit it we store agency name, contact name/email/phone, city, license number, specialisations, website (if provided), and your free-text message. We use these to evaluate applications to the pilot panel and to contact you about the outcome.
If you write to ops@lekaly.com we keep the email thread in our inbox for as long as the conversation is open, plus an archive period for accounting and dispute records.
§07Page-view analytics on lekaly.com
The marketing site at lekaly.com (not the app) records a tiny anonymous page-view when you load a page. Each row contains the page path, the referrer, a randomly generated session id, your browser’s user-agent string, and a two-letter country code that Cloudflare attaches at the edge.
We use the data for two questions: “how many people read this blog post?” and “did that change to the home page break anything?”. We do not attach a name, do not run a personalisation engine, and do not share the rows with a third-party analytics provider — every page-view is written to our own database.
Each row carries a TTL index of 365 days; MongoDB deletes them automatically after that. We do not extend or copy them out.
§08Cookies, sessions, and local storage
lekaly.comsets one item in your browser’s localStorage under the key lekaly.session — a randomly generated session id used only to deduplicate page-views from the same browser tab session. There are no cookies, no tracking pixels, and no third-party scripts on this site.
The mobile app uses AsyncStorage to keep your saved trek plans, waypoint notes, obtained-permits checklist, AMS log, app preferences, and (if you signed in) your JWT access and refresh tokens. AsyncStorage data lives in the app sandbox; it is wiped when the app is uninstalled.
The admin panel at admin.lekaly.com sets a JWT cookie for our ops/content team. Trekkers do not see that surface.
§09Email · OTP · password reset
We send transactional email for three reasons: a one-link account-confirmation when you register, a six-digit OTP when you start a password reset, and a confirmation when the password change succeeds. The OTP is valid for a short window; the email-confirmation link expires after 24 hours.
Email is delivered through a standard SMTP relay. We do not run marketing email, newsletters, or product-update campaigns from your address. If you write to ops we reply from a person.
§10Third parties we actually use
We try to keep this list short. Every line below is something we have actively wired up; we add to this list before we add a service, not after.
| Service | What it does for us | What it can see |
|---|---|---|
| MongoDB Atlas | Hosts our database (treks, permits, accounts, quotes, reviews, analytics). | All data we store — they are our processor. EU/SG region cluster. |
| Cloudflare | Edge proxy for lekaly.com + api.lekaly.com. | Standard request metadata (IP, user-agent). We read the cf-ipcountry header into our analytics rows. |
| Amazon S3 | Storage for blog cover images and ops file uploads. | The uploaded files themselves. Signed-URL access expires after 1 hour. |
| SMTP email relay | Account-confirm + password-reset OTP delivery. | The email subject + body of those transactional messages. |
| App Store / Play Store | App distribution. | Apple / Google’s standard install metadata. We don’t see your store identity. |
| TAAN-licensed agencies | Receive a quote request you opted to send. | Trek, dates, party, services, budget band. Not your name or contact. |
We do not currently run Sentry, Plausible, Google Analytics, Mixpanel, PostHog, Firebase, or any payment provider.
§11Data retention at a glance
| Data | Retention |
|---|---|
| App data on your phone (AsyncStorage) | Until you delete it or uninstall the app. |
| Server-access logs (api.lekaly.com) | ~30 days, then rotated out. |
| Page-views and events on lekaly.com | 365 days, auto-deleted by a MongoDB TTL index. |
| Account profile (if you signed up) | Until you ask us to delete it. |
| Quote request | While the trip is being planned + a records-keeping window. Delete on request. |
| Review you posted | Until you ask us to remove it, or moderation removes it. |
| Agency application | For the duration of the application + records-keeping window. |
| Email correspondence with ops | Until the conversation is closed + an archive window. |
§12Your rights & how to delete
You can:
- Read what we have. Email ops@lekaly.com from the address tied to your account. We send a copy within 14 working days.
- Edit your profile. Settings → Profile in the app for emergency contact, insurance, medical note, passport last 4, etc.
- Delete a specific quote request or review. Tap delete in the app, or email us.
- Delete your whole account. Email ops@lekaly.com from the account email. We erase the profile, quote-history, and review records within 14 working days and confirm in writing.
- Clear all on-device data. Uninstall the app — AsyncStorage is removed automatically by iOS/Android.
§13Children
Lekaly is intended for adult trekkers and trekking professionals. We do not knowingly create accounts for, or collect personal data from, children under 16. If you believe an account belongs to a child, write to ops@lekaly.com and we will remove it.
§14Contact
Privacy questions go to ops@lekaly.com. We answer within 5 working days during the trekking season, 10 working days during the monsoon, when nearly nobody emails us anyway.
Postal: Lekaly Pvt. Ltd., 3rd floor, Bhagwan Bahal Marg, Thamel-29, Kathmandu 44600, Nepal.
§15Changes to this policy
Material changes — new third-party services, new categories of data, anything that affects what we know about you — are announced as a Field Note at least 30 days before they take effect, and the “Effective” date at the top of this page changes. Editorial fixes (typos, clarifications) go in without notice; the effective date still moves.