Privacy Policy for Travel Buddy

Last updated: March 2026 Effective date: March 2026

1. Introduction

Travel Buddy ("we", "our", "us") is a mobile application for collaborative trip planning. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our app.

By creating an account or using Travel Buddy, you agree to the practices described in this policy.

Data controller: Travel Buddy Contact: support@travelbuddy.group

2. Data We Collect

2.1 Account Data

Email address — required to create an account and for authentication
Password — stored in hashed form only; we never store your plain-text password
Display name — optional; shown to your trip collaborators if provided

2.2 User-Generated Content

Trip names, destinations, dates, and descriptions you create
Activity details, locations, times, and notes within trips
Comments and votes you submit on activities
Trip membership (which trips you are a member of)

2.3 Location Data

Your device's GPS coordinates, accessed only while the app is open and only when you use the map feature
We do not store your location on our servers. Location data is used in-session only to display your position on the map and to assist place searches.

2.4 Technical Data

Device model and operating system version
App version
Error messages and stack traces, collected only when the app crashes
Session tokens used to keep you logged in

2.5 Data We Do NOT Collect

We do not collect advertising identifiers (IDFA, GAID)
We do not track you across other apps or websites
We do not collect payment card or financial information
We do not access your contacts, photos, camera, or microphone
We do not collect data from children under 13

3. How We Use Your Data

Purpose	Legal basis (GDPR)
Provide the trip planning and collaboration features	Performance of contract
Authenticate your identity and maintain your session	Performance of contract
Show your location on the map (in-session only)	Consent (you open the map)
Diagnose and fix crashes and bugs	Legitimate interest
Respond to support requests	Legitimate interest
Comply with legal obligations	Legal obligation

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following service providers, strictly for the purpose of operating the app:

Provider	Purpose	Data shared	Location
Supabase	Database and authentication hosting	Account data, user content	USA (AWS us-east-1)
Sentry	Crash reporting and error monitoring	Device model, OS, stack traces (no personal data)	EU (Germany)
Google Maps Platform	Map display and place search	Location queries (subject to Google's Privacy Policy)	Google infrastructure

International data transfers: Supabase stores data in AWS us-east-1 (United States). This transfer is covered by Standard Contractual Clauses (SCCs) as per Supabase's Data Processing Agreement. You may request a copy of these safeguards by contacting us.

We do not share your data with any other third parties, advertisers, or data brokers.

5. Data Retention

Your account data and user content are retained for as long as your account is active
Crash reports are automatically deleted by Sentry after 90 days
When you delete your account, all your personal data and user-generated content is permanently deleted within 30 days

6. Your Rights

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection laws, you have the following rights:

Right to access — request a copy of your personal data
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your account and all associated data
Right to restriction — request that we limit processing of your data
Right to data portability — request your data in a machine-readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at: support@travelbuddy.group

We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (in Italy: Garante per la protezione dei dati personali).

7. Account Deletion

You can request deletion of your account and all associated data at any time by:

In-app: Go to Profile → Delete Account → this opens an email to support@travelbuddy.group
By email: Send a deletion request to support@travelbuddy.group with the subject "Delete My Account"

All personal data will be permanently deleted within 30 days of your request.

8. Children's Privacy

Travel Buddy is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@travelbuddy.group and we will delete it promptly.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

Passwords are hashed using industry-standard algorithms (handled by Supabase Auth)
Session tokens are stored in your device's encrypted secure storage
All data in transit is encrypted using TLS
Database access is restricted by Row Level Security (RLS) policies — you can only access your own data and trips you are a member of

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@travelbuddy.group.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you in the app.

Continued use of Travel Buddy after changes are posted constitutes your acceptance of the updated policy.

11. Contact

For any questions, requests, or concerns about this Privacy Policy:

Email: support@travelbuddy.group Response time: Within 30 days

This policy was last reviewed in March 2026.

← Back to home