Privacy Policy

2.1 Information You Provide

We collect information you voluntarily provide when using our Service, including:

• Account Information: Email address, display name, and profile picture when you create an account
• Itinerary Content: Titles, descriptions, dates, locations, images, and other content you add to your itineraries
• Communications: Information you provide when contacting us for support or submitting feature requests
• Authentication Data: If you sign in with Google, we receive your name, email, and profile picture from Google

2.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device Information: Browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, and interactions with the Service
• Log Data: IP address, access times, and referring URLs
• Cookies: Small data files stored on your device (see Section 7)

We use your information to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Store and display your itineraries
• Enable sharing of itineraries through unique links
• Respond to your comments, questions, and support requests
• Send you technical notices and security alerts
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

We may share your information in the following circumstances:

• Public Itineraries: When you make an itinerary public, its content becomes accessible to anyone with the link
• Service Providers: We share data with third-party vendors who help us operate the Service (e.g., hosting, analytics)
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred
• With Your Consent: We may share information with third parties when you give us explicit consent

We do not sell your personal information to third parties.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Secure password hashing
• Regular security assessments
• Access controls limiting who can access your data
• Secure cloud infrastructure with industry-standard protections

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain certain information as required by law or for legitimate business purposes, such as:

• Resolving disputes
• Enforcing our agreements
• Complying with legal obligations

When you delete your account, we will delete or anonymize your personal information within 30 days, unless retention is required by law.

We use cookies and similar tracking technologies to:

• Essential Cookies: Enable core functionality like authentication and security
• Preference Cookies: Remember your settings and preferences (e.g., theme choice)
• Analytics Cookies: Help us understand how you use the Service to improve it

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of the Service.

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your information
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at contact@itineri.design. We will respond to your request within 30 days.

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@itineri.design.

If we discover that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our Service.

Third-party services we use include:

• Supabase: Authentication and database services
• Google: OAuth authentication
• Vercel: Hosting and deployment

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (we do not sell your data)
• The right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, contact us at contact@itineri.design.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our legal basis for processing your information includes: performance of our contract with you, our legitimate business interests, compliance with legal obligations, and your consent where applicable.

You also have the right to lodge a complaint with your local data protection authority.