Privacy Policy

1. Introduction

Welcome to PlanTripAI. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.

By using PlanTripAI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and password when you create an account
• Profile Information: Optional details like profile picture
• Travel Preferences: Your quiz answers, interests, budget preferences, and trip details
• Payment Information: Processed securely by Stripe; we do not store card details
• Communications: Any messages you send to our support team

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the service
• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, referring URLs
• Cookies: Small files stored on your device (see Section 6)

3. How We Use Your Information

We use the collected information for:

• Service Delivery: Generate personalized itineraries and recommendations
• Account Management: Create and maintain your account
• Payment Processing: Process subscriptions and purchases
• Communication: Send service updates, newsletters (with consent), and support responses
• Improvement: Analyze usage to improve our AI and user experience
• Security: Detect and prevent fraud or abuse
• Legal Compliance: Meet legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for processing your data includes:

• Contract: Processing necessary to provide our services
• Consent: Where you have given explicit consent (e.g., marketing emails)
• Legitimate Interests: Improving our service, fraud prevention, security
• Legal Obligation: Compliance with applicable laws

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: Third parties that help operate our service:
  • Supabase (database and authentication)
  • Stripe (payment processing)
  • Vercel (hosting)
  • OpenAI/Anthropic (AI itinerary generation)
  • Google Analytics (analytics)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Understand how you use our service
• Improve performance and user experience

Types of Cookies We Use

• Essential: Required for the service to function (authentication, security)
• Functional: Remember your preferences and settings
• Analytics: Help us understand usage patterns (Google Analytics)

You can control cookies through your browser settings. Disabling cookies may affect service functionality.

7. Data Retention

We retain your personal data for as long as:

• Your account is active
• Needed to provide services to you
• Required by law (e.g., tax records)
• Necessary for legitimate business purposes

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limited processing of your data
• Portability: Request transfer of your data to another service
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw consent at any time (where applicable)

To exercise these rights, please contact us at info@plantripai.com. We will respond within 30 days.

9. Data Security

We implement appropriate security measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Secure authentication systems
• Regular security assessments
• Access controls and monitoring

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States, where our service providers operate.

When transferring data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or reliance on adequacy decisions.

11. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will delete it.

12. Third-Party Links

Our Service may contain links to third-party websites (e.g., Google Maps, restaurants, attractions). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy on this page
• Updating the "Last updated" date
• Sending an email notification (for significant changes)

We encourage you to review this policy periodically.