Effective Date: February 21, 2026 · Last Updated: February 21, 2026
1. Introduction
Travel Pilot ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Travel Pilot mobile application and related services (the "Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.
2. Information We Collect
2.1 Information You Provide
| Data | Purpose |
|---|---|
| Name | Display in profile and shared plans |
| Email address | Account identification, login, password reset communications |
| Password | Account authentication (stored as a bcrypt hash; we never store or access your plaintext password) |
| Profile photo URL | Display in profile and shared plans (optional) |
| Travel preferences | Walking style, budget level, preferred currency, distance unit, language — used to personalize itineraries |
| Travel plan data | Destinations, dates, trip styles, meal preferences, accommodation preferences — used to generate itineraries |
| Notification preferences | Control which notifications you receive (trip reminders, booking confirmations, price alerts, etc.) |
2.2 Information from Third-Party Sign-In
When you sign in using Google or Apple, we receive:
- Google Sign-In: Email address, name, profile picture URL, and a unique provider identifier.
- Apple Sign-In: Email address (which may be a private relay address), name, and a unique provider identifier.
We do not receive or store your Google or Apple account password.
2.3 Information Collected Automatically
| Data | Purpose |
|---|---|
| Device token (FCM/APNs) | Deliver push notifications to your device |
| Device name & platform | Multi-device session management |
| Device fingerprint | Secure session identification and token rotation |
| IP address | Security logging, rate limiting, and fraud prevention (stored with session data) |
2.4 Information We Do Not Collect
- We do not collect real-time location data or GPS coordinates from your device.
- We do not access your device contacts, camera, microphone, or files.
- We do not use advertising trackers, third-party analytics SDKs, or sell your data to advertisers.
3. How We Use Your Information
- Provide the Service: Create and manage your account, generate personalized travel itineraries, enable plan sharing and collaboration.
- AI Itinerary Generation: Your travel preferences (interests, walking style, budget, meal preferences, destinations) are sent to Google Gemini to generate personalized itineraries. No personally identifiable information (name, email) is sent to AI services.
- Search & Booking: Your search criteria (destination, dates, guest count) are sent to third-party providers (Skyscanner, Booking.com, GetYourGuide) to retrieve results. No personal account data is shared with these providers.
- Communications: Send password reset emails via our email provider (Resend). We do not send marketing or promotional emails.
- Security: Detect and prevent unauthorized access, enforce rate limits, and protect against fraud.
- Service Improvement: Analyze aggregated, non-identifiable usage patterns to improve the Service.
4. Data Sharing & Third-Party Services
4.1 Third-Party Service Providers
We share limited data with the following service providers to operate the Service:
| Provider | Data Shared | Purpose |
|---|---|---|
| Google Maps & Places | Coordinates, place names | Mapping, directions, place details, photos |
| Google Gemini | Trip preferences, place data (no PII) | AI itinerary generation |
| Skyscanner | Airport codes, dates, cabin class | Flight search results |
| Booking.com | City name, dates, guest count | Hotel search results |
| GetYourGuide | City name, dates, activity category | Activity and ticket search |
| Wikipedia | Place names | Place descriptions and images |
| Open-Meteo | Coordinates, dates | Weather forecasts |
| Resend | Email address | Password reset emails |
| Railway | Application data | Cloud hosting infrastructure |
4.2 User-Initiated Sharing
When you share a travel plan via a share link, the following data becomes accessible to the invited user:
- Your name and profile photo (as plan owner)
- The complete travel plan: itinerary stops, schedules, accommodations, transportation, and bookings
You may revoke share links at any time, which immediately removes access for all previously invited users.
4.3 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.
5. Data Storage & Security
5.1 Storage
- Your data is stored on secure servers hosted by Railway (cloud infrastructure).
- Database: PostgreSQL with encrypted connections.
- Cache: Redis for session management and temporary data (progress tracking, rate limiting).
5.2 Security Measures
- Passwords are hashed using bcrypt (never stored in plaintext).
- Authentication tokens use JWT with short expiry (15 minutes for access tokens) and automatic rotation.
- Refresh tokens are stored as SHA-256 hashes; replay detection revokes all sessions if compromise is suspected.
- All communications use HTTPS/TLS encryption in transit.
- API keys and credentials are stored as environment variables, never in code or logs.
- HTTP security headers enforced via Helmet.js (XSS protection, clickjacking prevention, etc.).
- Rate limiting protects against brute force and denial-of-service attacks.
6. Data Retention
- Account data: Retained for as long as your account is active.
- Session tokens: Access tokens expire after 15 minutes; refresh tokens expire after 7 days.
- Password reset codes: Expire and are invalidated after 15 minutes.
- Cached data: API response caches expire automatically (ranging from 1 hour to 90 days depending on data type).
- Pipeline progress: Temporary generation progress data expires after 10 minutes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
7.1 Access & Portability
You may request a copy of your personal data by contacting us at the email below.
7.2 Correction
You may update your name, email, and preferences directly within the App at any time.
7.3 Deletion
You may delete your account through the App. Deletion is permanent and irreversible — all associated data is immediately removed, including travel plans, itineraries, bookings, subscriptions, notifications, device tokens, and session data. There is no recovery period.
7.4 Notification Preferences
You may control which types of notifications you receive (trip reminders, booking confirmations, itinerary updates, price alerts, system notifications, and plan share invites) through the App settings.
7.5 LGPD Rights (Brazil)
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent. To exercise these rights, contact us using the information below.
7.6 GDPR Rights (European Economic Area)
If you are located in the EEA, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with your local supervisory authority.
8. International Data Transfers
Your data may be processed in countries other than your own, including the United States, where our third-party service providers (Google, Resend) operate. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.
9. Children's Privacy
The Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will promptly delete such data. If you believe a child under 16 has provided us with personal data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. The "Last Updated" date at the top of this page indicates when the policy was last revised.
11. Contact Us
For questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact us at:
Email: support@travelpilotapp.com