Privacy Policy

Personal Information

Name, email, and hashed password — collected during registration for account creation and authentication. If you sign in via Google or Apple, we receive your name, email, and provider-specific account identifier. We never receive or store your Google or Apple password.

Location & Travel Data

City destinations, place search queries, and GPS coordinates (only when you tap 'Get Directions').

App Activity & AI Content

Saved itineraries, AI-generated place histories, local curiosities, visit guidelines, destination summaries, and cached audio narration files.

Security & Access Logs

IP address, user agent (browser/device info), and timestamps are logged for login attempts (both successful and failed), password changes, and other security-sensitive actions. This data helps us detect unauthorized access and protect your account.

Activity Logs

We log user actions such as itinerary creation, AI content generation requests, and feature usage. These logs include timestamps and action types but are used solely for service improvement and abuse prevention.

Place Curation Sessions

When you use the AI-powered place curation feature, a real-time WebSocket connection is established between your browser and our servers. During this session, your city name, selected categories, and language preference are transmitted to our servers. Your authentication token is included in the connection handshake to verify your identity. AI-suggested places are streamed back in real time. Session state is held in server memory only for the duration of the connection and is discarded on disconnect.

Shared Place Database

To improve performance and avoid redundant AI calls, place data generated during your curation sessions (place names, coordinates, categories, descriptions, and photos) is stored in a shared internal database and reused for all users who visit the same location. This place data contains no personal identifiers — your name, email, or account ID is not linked to the stored place records.

OpenAI — AI Content Generation

Travel preferences, city names, and place names are sent to OpenAI for itinerary generation, place history generation, local curiosities, visit guidelines, destination summaries, and content moderation. No personal identifiers (name, email) are included in these requests. We use various OpenAI models including gpt-4o-mini and gpt-4.1-mini for content generation.

Chatterbox TTS / RunPod — Audio Narration

AI-generated text content is processed by the Chatterbox TTS model running on RunPod's GPU infrastructure for text-to-speech conversion. No personal identifiers are included in these requests — only the text content to be narrated. The resulting audio files are cached on our servers for future playback.

Google Maps — Maps & Places

Map viewport coordinates, city search queries, place detail requests, autocomplete queries, and place photo requests. Transmitted from the mobile app SDK and our servers.

DigitalOcean Spaces — Audio File Storage

AI-generated audio narration files are stored on DigitalOcean Spaces (S3-compatible cloud storage) and served via CDN. These files contain no personal information — only AI-generated spoken content about places and travel topics.

Google & Apple — Authentication

If you choose to sign in with Google or Apple, your authentication token is verified directly with Google's or Apple's servers. We receive only your name, email, and a provider-specific identifier.

Stripe — Payment Processing

When you subscribe to the Traveler Pass, you are redirected to Stripe's hosted checkout. Stripe processes your payment card details directly — we never receive or store your raw card data. We share your name, email address, and an internal user identifier with Stripe to create a billing customer record. Stripe stores your subscription status and billing history on our behalf. Stripe's privacy policy governs their data handling: stripe.com/privacy.