Your data lives on your phone.
Most mileage trackers store your driving history, earnings, and tax records on their servers. We don't. Not as a feature — as a foundation.
Stored on-device
Shifts, mileage, payouts, and receipts all live in local storage on your iPhone. We do not maintain a database of your records.
Synced through your iCloud
Optional backup syncs through your own iCloud account, governed by Apple's privacy policy. We have no access to your iCloud data.
No advertising tracking
No IDFA collection. No ad networks. No data sales. We make money from a subscription, not from your driving habits.
Location only when active
GPS runs only during a shift you've explicitly started. The moment you end the shift, location services power down completely.
Why we built it this way.
Other mileage apps treat your driving data as an asset they own. They store it on their servers, run it through analytics pipelines, and in some cases sell it — anonymized or not — to insurance companies, ad networks, and "research partners."
When MileShield was designed, the founding decision was that this model was wrong for tax-related data. Your routes show where you live, where you work, who you visit. Your earnings show how much you make. Your receipts can include addresses and partial card numbers. None of that should leave your phone unless you decide it should.
So we engineered around the constraint. Every shift, every receipt, every payout entry is stored using local-first persistence. Your data syncs through your own iCloud account if you choose to enable backup — and we never see it, because Apple operates iCloud, not us.
The only exception is receipt OCR: when you snap a receipt photo, the image is briefly sent to a Cloudflare Worker we operate to extract the amount and vendor. The image is processed and discarded. We do not retain it.
This costs us features. We can't build server-side analytics dashboards. We can't run ML across user behavior. We can't offer cross-user comparisons. What we get in return is a product that doesn't carry a database breach risk, doesn't have to comply with state-by-state data-sale opt-out regimes, and doesn't ask drivers to trust us with information they wouldn't show their accountant.