Last updated: 2026-05-01
1. Data we collect
- Account data: email and display name when you sign in (Supabase auth).
- Trip plans: itineraries you save are stored against your account.
- Usage analytics: aggregate, privacy-friendly page-view metrics (Plausible / PostHog) — no cross-site tracking, no third-party advertising IDs.
- Affiliate click metadata: provider name and destination category (e.g. 'Booking.com → Tokyo hotels'). We do not log full URLs or personal identifiers.
2. Data we do not collect
- Tracking pixels or third-party advertising data.
- IP-level logging beyond the country level (used only for currency / language defaults).
- Browser fingerprinting.
3. Cookies
We set essential session cookies (Supabase authentication) and, with your consent, an anonymous analytics cookie. You can decline analytics in your browser or via your account preferences.
4. Third parties
- Supabase — authentication and database (EU/Asia regions).
- Vercel — hosting and edge delivery.
- Resend — transactional email (sign-in links, plan-ready notifications).
- Cloudflare R2 — image storage.
- Google Gemini — AI plan generation. Only the structured form input you submit is sent. We never include personal information (name, email) in the model prompt.
5. Your rights
- Export your saved data at any time from your account page.
- Delete your account, which removes account data and saved plans.
- Opt out of analytics from your account preferences or via Do-Not-Track.
6. Security
We use TLS in transit, encrypted-at-rest databases via Supabase, and the principle of least privilege for service credentials. No system is perfect; if you suspect a vulnerability, please email okatech0311@gmail.com.
7. Contact for privacy requests
Email okatech0311@gmail.com. We respond within a reasonable timeframe.
8. Amendments
We may update this Policy. The 'Last updated' date above tracks material changes. We'll post a banner on the site for any significant change.