Privacy Policy

1. Introduction

Welcome to mytinerary ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered trip planning service (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and password.
• Trip Information: Information about your travel plans, preferences, destinations, dates, and any other details you provide when planning a trip.
• Chat Messages: Conversations with our AI assistant to refine your itineraries.
• Payment Information: If you purchase paid features, we collect payment information through our third-party payment processors. We do not store credit card numbers.

2.2 Automatically Collected Information

• Usage Data: Information about how you interact with the Service, including pages visited, features used, and time spent.
• Device Information: IP address, browser type, operating system, device identifiers, and mobile network information.
• Cookies and Tracking: We use cookies, web beacons, and similar technologies to track activity and store preferences.
• Location Data: With your permission, we may collect location data to provide location-based recommendations.

2.3 Third-Party Information

We may receive information about you from third parties such as:

• OAuth Providers: If you sign in using Google, Microsoft, or Apple, we receive basic profile information.
• Google Places API: Venue and location data used to verify and enrich your itineraries.
• Analytics Services: Information about your usage patterns from analytics providers.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate personalized trip itineraries using AI
• Verify venues and locations through third-party APIs
• Process your transactions and send related information
• Send you technical notices, updates, and security alerts
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and fraud
• Personalize and improve your experience
• Send promotional communications (with your consent)

4. AI and Machine Learning

mytinerary uses artificial intelligence and large language models (LLMs) to generate trip itineraries. Your trip descriptions and preferences may be processed by third-party AI providers (such as OpenAI and Groq) to generate personalized recommendations.

We implement measures to minimize the sharing of personally identifiable information with AI providers and use the output solely to provide you with the Service. AI-generated content is reviewed and verified against trusted data sources (like Google Places API) to ensure accuracy.

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors, consultants, and service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers
• AI and machine learning service providers (OpenAI, Groq)
• Payment processors
• Analytics and monitoring services
• Customer support platforms
• Email delivery services

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

5.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or security purposes.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 All Users

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Export: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from marketing communications

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (we do not sell personal information).

7.3 European Users (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal information.

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected personal information from a child under 13, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. If you are located outside the United States and choose to provide information to us, we transfer your information to the United States and process it there.

We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses approved by the European Commission where applicable.

11. Third-Party Links

The Service may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Your continued use of the Service after any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide by the modified Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: