Last updated: March 30, 2026

Thrivey is an app that allows you to easily create mileage claims by simply carrying your phone with you. This privacy policy explains which personal data Thrivey collects and processes, and what rights you have. If you have any questions, please contact maarten [at] thrivey.app.

Use of the App

Collected data:

  • Account information: Thrivey processes your account information in order to identify you within the app.
  • Location data: To provide a trip overview, Thrivey uses location data (GPS). This data may, depending on your device settings and your consent, also be collected in the background when the app is not actively in use. To do this efficiently, motion sensors may also be used. This sensor data is not stored.
  • Health and activity data (motion data): To the extent that motion data may be considered health or activity data, Thrivey processes this data solely with your explicit consent and only for the purpose of detecting and registering trips. Such health and activity data is not shared with third parties. However, data derived from this information (such as trip distances, routes, and modes of transport) may be shared as part of the service, for example with an employer.
  • Derived data (CO₂ and calories): Based on travel and motion data, Thrivey calculates additional insights such as estimated CO₂ emissions and calories burned (kcal) per trip. These calculations are indicative and are intended to provide insight into the impact of your travel behavior.
  • Means of transportations: Thrivey processes information about the means of transport you own and use.
  • Trips, locations and annotations: Thrivey processes data about the trips you make and the locations you visit. To generate accurate business expense reports, you can annotate trips and locations.
  • Remote working days (optional): If you choose to do so, Thrivey may maintain a work schedule. Based on travel data and your schedule, remote working days may be calculated.
  • Settings: Thrivey processes information about your settings, such as how mileage claims are generated.

Processing the data:

To calculate travel distances, Thrivey uses Mapbox. In this context, location data (such as coordinates) and information about the type of transport may be shared. Thrivey ensures that this data is minimized and not directly traceable to individual users. No directly identifying personal data is shared. Mapbox processes this data on behalf of Thrivey in accordance with a data processing agreement.

For the improvement of our algorithms and for support purposes, authorized Thrivey personnel may access collected data. This only takes place with the explicit consent of the user.

Thrivey proactively monitors its systems to ensure proper functioning and security of the service. If necessary, Thrivey may contact the user.

Use for employer declarations

Thrivey can be used for personal as well as business purposes, such as submitting mileage claims to an employer.

If Thrivey is used in the context of an employment relationship or on behalf of an organization (the “employer”), the following applies:

  • Raw travel and location data (such as GPS data) remain personal and are not shared with the employer. The employer does not have access to this data.
  • Based on this data, the user can generate reports and submit them to the employer. Only these submitted reports are visible to the employer.
  • Submitted reports are considered part of the employer’s administration. The employer may store, view and process this data in accordance with its own legal obligations.
  • If the user deletes their Thrivey account, the underlying travel and location data will be deleted. Previously shared reports will remain available to the employer.

When a user shares data with an employer, the employer becomes an independent data controller for further processing. The employer is responsible for informing the user accordingly.

Challenges and rankings

Thrivey may optionally be used to participate in challenges. Participation is voluntary (opt-in).

Within challenges, users can gain insights into metrics such as distance traveled, estimated CO₂ savings and calories burned over a certain period.

  • Users participate using a self-chosen nickname, which does not need to contain identifiable personal data.
  • Rankings may be created. The top 5 participants may be publicly displayed using their nickname.
  • Users may also participate in private groups where participants and their performance are visible to other group members.

Participation and visibility of performance data only occur with user consent. Users can withdraw at any time.

Subscriptions and payments

Personal subscriptions within the app are processed via the app stores of Apple and Google. This means that payments are handled by Apple and/or Google, depending on the device you use. Thrivey does not have access to your full payment details, such as credit card information. Apple and Google process your personal data in accordance with their own privacy policies.

For business subscriptions, these are arranged directly with Thrivey or through a contractual agreement with the relevant organization. In such cases, payments are not processed via the app stores.

International data transfers

Thrivey processes personal data primarily within the European Economic Area (EEA). For hosting and infrastructure, Thrivey uses DigitalOcean, with data stored within the EEA.

Thrivey uses Google Maps to display maps. Google may process personal data such as IP address and location data. This data may be transferred outside the European Economic Area, including to the United States. This processing is subject to Google’s own terms and privacy policy.

For sending emails, Thrivey uses SendGrid. This provider is located outside the EEA, which means personal data may be processed or accessible from countries outside the EEA, including the United States.

Thrivey also uses Sentry for error monitoring. In this context, technical data and an internal user ID (no directly identifiable information such as email address) may be processed and stored on servers in the United States.

In such cases, Thrivey ensures appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) approved by the European Commission. Where possible, Thrivey works with providers certified under the EU-US Data Privacy Framework.

Retention periods

Thrivey does not retain personal data longer than necessary:

  • Personal data is retained as long as the user uses Thrivey’s services.
  • Users can delete their account within the app, after which personal data will be removed, except where retention is required (e.g. employer reports).
  • Payment and billing data may be retained longer where legally required (e.g. tax obligations).

Thrivey may retain aggregated and anonymized data for analytical purposes.

Business operations, sales and marketing

Collected data:

  • Data about potential customers: During the marketing and sales process, contact details of you and your organization may be collected. Information about your needs related to Thrivey’s services may also be recorded.
  • Payment and billing data: Thrivey processes relevant data such as name, address, email address and payment information for invoicing and payments. These may be shared with payment partners.

Processing of data:

Thrivey processes this data for:

  • Maintaining contact with (potential) customers
  • Executing agreements and providing services
  • Sending quotes and invoices
  • Improving services
  • Complying with legal obligations

Processing is based on contract performance, legitimate interest, and, where applicable, consent.

Use of external service providers

Thrivey uses external service providers to support business operations, sales and marketing. These providers may be located outside the EEA.

Where personal data is transferred outside the EEA, Thrivey ensures appropriate safeguards such as the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs). Transfers are limited to what is necessary.

Retention periods:

Potential customer data is retained as long as relevant for sales purposes or until you object.

Financial data is retained as required by law (typically 7 years)

Security

Thrivey takes appropriate technical and organizational measures to protect personal data against loss or unlawful processing. Access is limited to authorized personnel only.

Rights

  • Right of access and data portability
  • Right to rectification and erasure
  • Right to restriction of processing (this may limit access to parts of the service)
  • Right to object

If you want to make use of the above rights, you can submit a request to the email address from the introduction. In addition, you always have the right to submit a complaint about the processing of your personal data to the Dutch Data Protection Authority or to the court. More information about this can be found on the website of the Dutch Data Protection Authority. https://autoriteitpersoonsgegevens.nl/

Change of privacy statement

This privacy policy may be updated. Changes will be published on our website and take effect immediately. 

Scroll to Top