Privacy Policy

Privacy Policy

Effective Date: October 1, 2024

Introduction

Welcome to TravelPilot! We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR).

1. Data We Collect

We collect the following information that you provide directly:

  • Personal Data:
    • Name
    • Email address
    • Profile picture (optional)
  • User Messages: Messages you share with TravelPilot are processed by OpenAI to provide AI-based travel advice and recommendations.
  • User Images: If you choose to share images with TravelPilot, these will be processed by OpenAI for image recognition purposes.
  • Payment Information: Payment transactions are processed by Stripe via an external Stripe portal. We do not store any payment information.
  • Anonymized Data: We collect and analyze anonymized user interaction data through Google Analytics for the purpose of app performance measurement and user satisfaction analysis.

2. Legal Basis for Processing Data

We process your personal data based on the following legal grounds under GDPR:

  • Consent: For processing user messages and images via OpenAI, and for sending personalized travel advice. Your explicit consent is obtained before any processing of these data. You can withdraw your consent at any time by contacting us.
  • Contract: Processing your data is necessary to perform the services you request (e.g., providing travel recommendations).
  • Legitimate Interest: We analyze anonymized data to improve the performance of our app and ensure user satisfaction.

3. How We Use Your Data

Your personal data is used for the following purposes:

  • To Provide Services: We use your data to offer personalized travel recommendations and guidance based on your input.
  • To Communicate: We may contact you to provide support, share updates, or respond to your inquiries.
  • To Improve Performance: We analyze anonymized usage data through Google Analytics to optimize app performance and user experience.

4. Data Sharing

We share your personal data with the following third-party processors to provide and enhance our services:

  • OpenAI: For processing user messages and images as part of our AI-powered travel assistant service.
  • Stripe: For secure payment processing. Payment details are handled directly by Stripe, and we do not store or process your payment information.
  • Google Analytics: For analyzing anonymized interaction data to improve app performance. Google Analytics is configured in compliance with GDPR, including anonymization of IP addresses.

5. International Data Transfers

Your personal data is stored on Google Cloud servers located in the United States. When we transfer personal data outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data, such as:

  • Standard Contractual Clauses (SCCs): We implement SCCs as approved by the European Commission to ensure an adequate level of data protection.

You may request more details about the safeguards in place for international data transfers by contacting us.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Specifically:

  • Personal Data: We will keep your data for the duration of your account being active. Upon a request for deletion, we will promptly remove your data.
  • Anonymized Data: Retained for analytical purposes without a specific retention period, as it no longer identifies individual users.

7. User Rights

As a user under GDPR, you have the following rights regarding your personal data:

  • Access: You can request access to the personal data we hold about you at any time.
  • Correction: You can update or correct your personal data through your account settings or by contacting us.
  • Deletion: You can request the deletion of your data, and we will respond promptly. Your data will be deleted unless there are legal grounds to retain it.
  • Data Portability: You can request to receive your personal data in a structured, commonly used format (e.g., CSV).
  • Withdraw Consent: You can withdraw your consent to the processing of your data at any time. Contact us using our Contact Form to withdraw consent or for other inquiries regarding your data.

8. Security Measures

We use appropriate technical and organizational measures, such as encryption and access controls, to protect your personal data from unauthorized access, loss, or disclosure.

9. Children’s Privacy

While there is no age restriction to use TravelPilot, for users located in the European Union, parental consent is required for processing personal data of children under the age of 16 (or 13 in some EU countries). We encourage parents and guardians to monitor their children’s online activity.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. If we make significant changes, we will notify users via email or app notifications before the changes take effect.

11. Contact Information

If you have any questions or concerns about this Privacy Policy or the processing of your data, please contact us using our Contact Form.

For EU users: We have appointed a Data Protection Representative in the EU. You can contact them at gdpr@travelpilot.co if you are based in the European Union and have concerns about data privacy.