Dashe — Carbon Emission Tracking App
Last updated: 24 March 2026
Dashe is operated by Greenleaf TDG, a company registered in the United Kingdom. We are the data controller for the personal data we collect through the Dashe mobile application and associated services.
Contact details:
If you have any questions about this privacy policy or how we handle your data, please contact us using the details above.
We collect only the data necessary to provide and improve the Dashe service. Below is a full account of the categories of data we collect, what we use them for, and the lawful basis under UK GDPR for each.
| Data | Purpose | Lawful Basis |
|---|---|---|
| First and last name | Account identification and personalisation | Performance of a contract |
| Email address | Account creation, login, and communication | Performance of a contract |
| Phone number (optional) | Account recovery and optional contact | Consent |
| Password | Account authentication (handled entirely by Firebase Authentication; Dashe does not store or have access to your password) | Performance of a contract |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Precise GPS location (latitude, longitude, altitude, speed, bearing, accuracy) | Journey tracking and carbon emission calculation | Consent |
| Full route geometry for journeys | Accurate distance measurement and journey visualisation | Consent |
| Background location collection | Continuous journey detection even when the app is not in active use (see Section 5 below) | Consent |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Activity recognition (walking, driving, cycling, stationary, running, and other activities) | Automatic classification of travel mode for emission calculation | Consent |
| Step count from device pedometer | Supporting transport mode classification and walking journey detection | Consent |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Device model | Debugging, compatibility, and support | Legitimate interest |
| App version | Debugging, feature rollout, and support | Legitimate interest |
| Operating system and version | Compatibility and debugging | Legitimate interest |
| Firebase UID (unique identifier) | Linking your device to your account securely | Performance of a contract |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Vehicle registration number | Looking up vehicle details via DVLA data | Performance of a contract |
| Vehicle make, model, fuel type, and year | Calculating accurate per-vehicle carbon emissions | Performance of a contract |
| CO2 emissions rate (derived from DVLA lookup) | Carbon emission calculation for driving journeys | Performance of a contract |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Start and end times | Journey logging and analysis | Performance of a contract |
| Start and end locations | Journey logging and route mapping | Consent |
| Distance travelled | Emission calculation | Performance of a contract |
| Calculated carbon emissions | Core app functionality — showing your carbon footprint | Performance of a contract |
| Travel mode (detected and user-corrected) | Accurate emission reporting | Performance of a contract |
| Journey status and user corrections | Ensuring data accuracy when automatic detection is wrong | Performance of a contract |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Work schedule (days and times) | Distinguishing commute journeys from other travel | Performance of a contract |
| Organisation membership and role | Enabling employer or organisational carbon reporting | Performance of a contract |
| Invitation and link codes | Joining an organisation within the app | Performance of a contract |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Holiday dates, type, and description | Excluding holiday periods from commute calculations and reporting | Performance of a contract |
| Data | Purpose | Lawful Basis |
|---|---|---|
| Car share session codes | Linking participants in a shared journey | Performance of a contract |
| Participant count | Splitting carbon emissions among occupants | Performance of a contract |
| Car share session duration | Accurate journey and emission reporting | Performance of a contract |
We use the data described above to:
We do not sell your personal data to third parties. We do not use your data for advertising or ad targeting.
Under UK GDPR, we rely on the following legal bases:
We ask for your explicit consent before collecting location data, background location data, activity recognition data, and step count data. You can withdraw consent at any time by adjusting your device permissions or contacting us. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal, but it will prevent further collection of that data. Note that withdrawing consent for location tracking will prevent core features of the app from functioning.
When you create a Dashe account and use the app, you enter into a contract with us (governed by our Terms of Service). Processing your account information, vehicle data, journey data, work schedule, holiday data, and car share data is necessary to fulfil that contract.
We process limited device information (device model, app version, operating system) for our legitimate interest in maintaining, securing, and improving the app. We have assessed that this processing does not override your rights and freedoms, given the non-sensitive nature of the data and the minimal impact on your privacy.
This is important — please read carefully.
Dashe collects your precise GPS location continuously in the background, even when the app is closed or not in active use on your screen. This is essential to the core function of the app: automatically detecting and recording your journeys so that your carbon emissions can be calculated without requiring you to manually start and stop tracking.
What this means in practice:
How to control this:
We understand that background location collection is sensitive. We have implemented this feature with the minimum data collection necessary and apply the security measures described in Section 10.
We share your data only in the following limited circumstances:
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Firebase Authentication (Google Ireland Limited) | Email, password (encrypted), Firebase UID | Account authentication and management | EU (Ireland) |
| Firebase Crashlytics (Google Ireland Limited) | Device model, OS version, app version, crash logs | Crash reporting and app stability monitoring | EU (Ireland) |
| Google Maps SDK (Google Ireland Limited) | Location data (as needed for map rendering) | Displaying maps and routes within the app | EU (Ireland) |
| AWS (Amazon Web Services) | All data transmitted to and from the Dashe backend API | Hosting the Dashe backend infrastructure | EU region |
These providers act as data processors on our behalf and are contractually required to process your data only for the purposes we specify and in accordance with UK GDPR.
If you join an organisation within Dashe (for example, your employer), certain journey and emission data may be shared with that organisation's administrators for the purpose of corporate carbon reporting. You will be informed of this when you join an organisation. The data shared with organisations is aggregated or limited to what is necessary for reporting purposes.
We may disclose your data if required to do so by law, regulation, legal process, or enforceable governmental request.
If Greenleaf TDG is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
Your data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA). Our backend infrastructure is hosted on AWS in an EU region, and our third-party providers (Firebase, Google Maps) process data through Google Ireland Limited.
Where data is transferred outside the UK or EEA (for example, to Google's infrastructure in the United States for certain Firebase services), we ensure that appropriate safeguards are in place, such as:
You may contact us for more information about the specific safeguards in place.
We retain your data for as long as it is necessary for the purposes described in this policy:
| Data Category | Retention Period |
|---|---|
| Account information (name, email, phone) | Until you delete your account |
| Location and journey data | Until you delete your account or request erasure of specific data |
| Vehicle data | Until you remove the vehicle from your account or delete your account |
| Activity and step count data | Processed in real time for mode detection; raw sensor data is not stored long-term on our servers |
| Work schedule and holiday data | Until you delete your account |
| Car share data | Until you delete your account |
| Device and crash data (Crashlytics) | Retained by Firebase Crashlytics for up to 90 days |
| Server logs | Up to 12 months, then deleted or anonymised |
When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain certain records.
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:
To exercise any of these rights, contact us at support@dashe.ai. We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (see Section 14).
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the highest practicable standard.
Dashe is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without appropriate parental consent, we will take steps to delete that data as soon as possible.
If you believe that a child under 16 has provided us with personal data, please contact us at support@dashe.ai.
If you access Dashe through a web browser (for example, viewing this privacy policy on our website or using a web-based dashboard), we may use cookies and similar technologies.
You can manage your cookie preferences through your browser settings. Blocking essential cookies may affect the functionality of the website.
The Dashe mobile application itself does not use cookies.
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
We encourage you to review this policy periodically. Your continued use of Dashe after changes are posted constitutes your acknowledgement of the updated policy.
If you have any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:
If you are not satisfied with how we handle your data or respond to your request, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
We would appreciate the opportunity to address your concerns before you contact the ICO, but you are entitled to lodge a complaint at any time.
You can delete your Dashe account at any time. To do so:
When you delete your account:
Account deletion is permanent and cannot be undone. You will need to create a new account if you wish to use Dashe again.
This privacy policy is governed by the laws of England and Wales.
Greenleaf TDG | support@dashe.ai | dashe.ai
