← Back to Home

Privacy Policy

Effective date: April 12, 2026

1. Who We Are

Your City Trip Planner ("we", "us") operates this web application to help travellers generate personalised city itineraries. This policy explains what personal data we collect, why, and how you can control it.

2. Data We Collect

  • Account data: email address and hashed password when you create an account, or OAuth profile data (email, display name) when you sign in with Google.
  • Trip data: destination, dates, preferences, and generated itinerary content you save to your account.
  • Usage analytics: anonymised events (e.g. pages viewed, trips generated, features used) collected to understand product usage and improve the Service. You can opt out in the Settings panel on the home page.
  • Error logs: technical error reports that help us identify and fix bugs. These do not contain itinerary content or identifiable personal data.
  • Payment data: payment processing is handled entirely by Stripe. We do not store card numbers or full payment details on our servers.

3. How We Use Your Data

  • To provide the Service (generate and store trip itineraries).
  • To authenticate your account and enforce access controls.
  • To improve product quality through anonymised analytics.
  • To process payments and prevent fraud (via Stripe).
  • To send transactional notifications if you request them (e.g. invite links).

We do not sell your personal data or use it for advertising.

4. Third-Party Services

  • Supabase: authentication, database, and file storage. Your account and trip data is stored on Supabase infrastructure.
  • Stripe: payment processing. Stripe's own privacy policy governs payment data.
  • AI providers: trip generation requests are sent to one or more AI inference providers (e.g. OpenAI). Requests include destination and preference parameters but not your name or email.
  • Vercel: the application is deployed on Vercel. Server-side request logs may be retained in accordance with Vercel's privacy policy.

5. Analytics & Cookies

We collect anonymised usage analytics to understand how the product is used. Analytics are stored in our own database — we do not use Google Analytics or third-party advertising trackers.

We use localStorage (not cookies) to store your preferences (language, trip settings, analytics opt-in/out) on your device. No cross-site tracking cookies are set.

You can disable analytics tracking at any time from the Settings panel on the home page. When disabled, no usage events are submitted.

6. Data Retention

Account and trip data is retained as long as your account exists. You can delete your account at any time; this erases your saved trips and account record within 30 days. Anonymised analytics events are retained for up to 12 months. Invite links expire automatically after 7 days.

7. Your Rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, or to object to certain processing. To exercise these rights, contact us using the details below.

8. Security

We use HTTPS for all data in transit and rely on Supabase row-level security to protect stored data. Passwords are never stored in plain text. No security measure is 100% guaranteed; please use a strong unique password.

9. Children

The Service is not directed at children under 16. If you believe a child has provided us personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated effective date at the top. Continued use of the Service after changes constitutes acceptance.

11. Contact

For questions, data requests, or concerns, please use the support channel on the homepage.

Terms of Service · Home