Privacy Policy

Last updated: January 2026

1. Data We Collect

Account Information

  • Name, email address, and password (hashed)
  • Profile information you choose to provide (bio, avatar)
  • Emergency contact and medical information (optional, only if you provide it)

Plan Data

  • Plans you create or participate in (names, descriptions, dates)
  • Itineraries, routes, activities, and checklists
  • Expense records and settlement information
  • Photos you upload

Location Data

  • Location data is collected only when you actively share it with plan monitors
  • Location sharing is always opt-in and can be stopped at any time
  • Location data is shared only with monitors you have explicitly authorized

Technical Data

  • Session information (device type, IP address) for security purposes
  • Usage patterns to improve the Service

2. How We Use Your Data

  • To provide and operate the Service
  • To authenticate your identity and secure your account
  • To share plan information with other participants you invite
  • To send notifications about plan activity (configurable in settings)
  • To send transactional emails (invitations, password resets, verification)
  • To improve the Service and fix issues

3. Third-Party Services

We use the following third-party services:

  • Google OAuth — for optional social login (Google receives your authentication request; we receive your name and email)
  • Mapbox — for map display and route calculation (Mapbox may receive location coordinates you view on maps)
  • Cloud hosting providers — to store and serve your data securely

We do not sell your data to third parties. We do not use your data for advertising.

4. Data Security

  • Passwords are hashed and never stored in plain text
  • Authentication uses JWT tokens with secure HTTP-only cookies
  • All connections use HTTPS encryption
  • Session tokens are rotated and can be revoked
  • Medical and emergency information is stored with the same security as all account data

5. Data Retention

  • Account data is retained as long as your account is active
  • When you delete your account, your personal data is removed
  • Shared plan data (expenses, photos) contributed to group plans may be retained for other participants
  • Location history is retained only for the duration of active sharing

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your account and personal data
  • Export your data
  • Opt out of non-essential notifications
  • Withdraw consent for location sharing at any time

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email.

10. Contact

For questions about this Privacy Policy or to exercise your data rights, please contact us at privacy@theplanison.com.