Every travel app wants your location data. Most want it for legitimate reasons—you're tracking where you've been, after all. But what happens to that data after you log it? Who else can see it? How long is it stored? And crucially: is it being monetized?
These aren't paranoid questions. Location data is among the most valuable and sensitive information about a person. If you're using a travel tracking app, you should understand exactly what you're handing over.
How Travel Apps Monetize Your Data
Let's be direct about the business models at play.
The Subscription Model
Apps like Visited charge monthly or annual fees. In theory, this aligns incentives—you pay for the service, they provide it. But subscriptions create their own pressures:
- Need to justify ongoing payments with "engagement"
- Temptation to collect data for "product improvement"
- Account systems that tie your identity to your travel history
- Data stored on their servers indefinitely
Subscription apps may not sell your data directly, but they're accumulating it. And that accumulation creates risk.
The "Free" Model
Free travel apps raise questions. If you're not paying, how does the company make money?
Some free apps monetize through premium upgrades. Others may rely on advertising, data partnerships, or embedded tracking. It's worth reading privacy policies carefully to understand how your data is used.
Google Maps Timeline is a well-known example. Google provides timeline features free as part of its broader ecosystem, which includes advertising. Your location history can contribute to ad targeting and personalization.
The Data Broker Pipeline
Even apps with good intentions can be compromised:
SDK Surveillance: Many apps embed third-party SDKs (analytics, crash reporting, advertising) that siphon data to external companies. The app developer might not even fully understand what's being collected.
Acquisition: A privacy-respecting app gets bought by a company with different values. The data you trusted them with is now someone else's asset.
Policy Changes: Privacy policies can change. Data collected under one policy can be monetized under a revised one, often with minimal notice.
Breaches: Even well-intentioned companies get hacked. Travel history databases are valuable targets.
Why Location Data Is Especially Sensitive
Your travel history reveals more than you might realize:
Your home and workplace: Regular patterns identify where you live and work, even if you never explicitly log these.
Your relationships: Visits to specific addresses reveal who you spend time with—friends, family, romantic partners.
Your health: Regular visits to medical facilities, pharmacies, or clinics reveal health conditions. Travel to certain cities might indicate specialist consultations.
Your finances: International travel frequency and destinations indicate financial status. Visits to banks, accountants, or expensive venues do too.
Your vulnerabilities: When you're away from home for extended periods. Patterns that suggest domestic situations. Locations you might not want employers, partners, or others to know about.
Your future movements: Patterns predict where you'll be, enabling tracking, stalking, or targeted attacks.
A database of travel history is a database of intimate life details. Unlike a password, you can't change where you've been. Once that data leaks, the damage is permanent.
The Privacy-First Alternative
This is why I built Worldly with a fundamentally different architecture.
No Account, No Identity
When you open Worldly, there's no signup. No email, no password, no profile. You're immediately in the app, logging travels.
This isn't lazy design—it's intentional privacy. Without accounts, there's no identity tying your travel data to a real person. Even if someone compromised your device, they'd have travel data without easily linking it to your name, email, or other identifiers.
Local-First Data Storage
Your travel history stores locally on your iOS device using Apple's native data persistence. The data lives in your app sandbox, protected by iOS's security model.
I never receive this data. It doesn't sync to Flowstate servers. There is no Flowstate server holding user travel histories. I couldn't access your data if I wanted to—the architecture makes it impossible.
Your Cloud, Your Keys
What about backup and sync? Worldly uses iCloud—your iCloud, not mine.
Apple's CloudKit syncs data between your devices using encryption keys only you possess. The data routes through Apple's infrastructure (which has its own strong privacy practices), never through mine. I implemented the iCloud integration; I don't see the data flowing through it.
This means you control your backup and sync. Want to delete it? Delete it from iCloud. Want to disable sync? Turn it off in Settings. You have actual control, not just a promise.
Privacy-Focused Design
Worldly is built with privacy as a core principle. The app is designed to minimize data collection and avoid sending your information to external servers.
When you use Worldly, your data stays with you—not flowing to advertising networks or third-party services. The only external sync is your own iCloud, if you choose to enable it.
One-Time Purchase
Worldly Pro costs $4.99 once. Not monthly, not annually—once.
This business model is the foundation of privacy alignment. I make money when you buy the app. That's it. I have no incentive to collect data, extend engagement, or find alternative revenue streams. The transaction is simple and complete.
Subscriptions pressure companies to extract ongoing value. One-time purchases create aligned incentives: make a good app, sell it, make it better to sell more.
How to Evaluate Travel Apps
If you're considering any travel tracking app, ask these questions:
Does it require an account? Accounts tie your data to an identity. Anonymous usage is more private.
Where is data stored? Local-only is most private. Cloud storage creates breach and access risks.
What's the business model? Paid apps have less incentive to monetize data. Free apps must make money somehow.
What SDKs are embedded? Check the app's privacy label in the App Store. Third-party SDKs often harvest data.
What does the privacy policy actually say? Read it. Look for phrases like "aggregate data," "partners," "improve our services"—often code for data sharing.
What happens if the company is acquired? Your data is an asset. New owners might have different values.
Most apps fail these tests. They require accounts, store data on their servers, embed tracking SDKs, and use business models that depend on data collection.
Making the Switch
If you're currently using a travel app with privacy concerns, switching is straightforward:
- Export your data if the app allows it
- Download Worldly
- Manually add your visited countries (you probably remember them)
- Delete your account and data from the old app
Yes, manual entry takes time. But you'll only do it once. And the result is a travel history that actually belongs to you—not stored on someone else's server, not feeding someone else's business model, not at risk of someone else's breach.
Your Travel History Belongs to You
This might seem like an obvious statement, but the app economy has normalized giving it away. Most users don't realize their travel tracking app is building a detailed location profile, storing it indefinitely, and potentially sharing it with partners or acquirers.
It doesn't have to be this way.
Worldly proves you can have a beautiful travel map—interactive 3D globe, five map styles, photo memories—without sacrificing privacy. The technology exists to do this right. The choice is whether to use it.
Download Worldly from the App Store and keep your travel history where it belongs: with you.