Privacy Policy

Last updated: March 28, 2026

1. Information We Collect

When you create an account, we collect your email address and a hashed version of your password. When you use the Service, we store the trip data you enter (flights, hotels, itineraries, people, destinations, etc.).

If you sign in with Google, we receive your email address and basic profile information from Google. We do not access your Google contacts, calendar, or other data.

2. How We Store Your Data

Your data is stored in a PostgreSQL database hosted by Supabase (a cloud database provider). The database is protected by:

• SSL/TLS encryption for all connections in transit
• AES-256 encryption at rest for sensitive personal fields (names, phone numbers, passport numbers, confirmation numbers, emergency contacts)
• Bcrypt password hashing — we never store your password in plain text
• Row-level access control — users can only access their own data

3. What We Encrypt

The following fields are encrypted before being stored in the database, so even in the event of a data breach, this information would be unreadable:

• Full names
• Phone numbers
• Email addresses (within trip data)
• Passport numbers
• Emergency contact names and phone numbers
• Confirmation numbers (flights, hotels, car rentals)
• Driver names (car rentals)

4. Third-Party Services

The Service uses the following third-party services:

• Supabase — database hosting
• Railway — application hosting
• Google OAuth — optional sign-in (if you choose "Sign in with Google")
• Open-Meteo — weather forecast data (no personal data sent)
• OpenStreetMap / Overpass API — activity recommendations (no personal data sent)

We do not sell, share, or provide your personal data to any third party for marketing or advertising purposes.

5. Data Retention

Your data is retained as long as your account is active. When you delete your account, all associated data (trips, wishlist, profile) is permanently deleted from our database.

6. Guest Mode

If you use the Service without creating an account, your data is stored only in your browser's local storage. We have no access to it. If you later create an account, your local data is migrated to the database.

7. Your Rights

You have the right to:

• Access all your stored data
• Modify or correct your data at any time
• Delete your account and all associated data
• Export your trip data (via the Print/PDF feature)

8. Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes.

9. Contact

For privacy-related questions, contact us at the email associated with your account.