1. Introduction
This Privacy Policy describes how TravelDeck ("we", "our" or "the App") collects, uses, stores and protects users' personal data. We use your data exclusively to provide you with the service and improve your travel experience. We do not sell your personal data to third parties and we do not display advertisements.
By using TravelDeck, you consent to the processing of your data as described in this policy. We invite you to read it carefully.
2. Data collected
To provide you with the service, we collect the following categories of data:
Account data
- First and last name
- Email address
- Profile photo
- Nationality
Travel data
- Destinations and travel dates
- Itineraries and stops
- Expenses and splits
- Photos uploaded to the group gallery
- Personal documents (passports, tickets, insurance)
- Packing lists
- Activities and to-dos
- Messages in group chat
Location data
- Geolocation data used for map features, only when you authorize access to your location
Device data
- Device type, operating system and app version
- Push notification tokens
- Anonymous and aggregated usage data for statistical purposes
3. Authentication
TravelDeck offers several sign-in methods:
- Google Sign-In: we receive your name, email and profile photo from your Google account
- Apple Sign-In: we receive your name and email from your Apple account (you can choose to hide your email)
- Email and password: your password is stored in encrypted form (hash)
Sessions are managed through JWT (JSON Web Token) tokens to ensure secure and authenticated access to the service.
4. Artificial intelligence features
TravelDeck integrates artificial intelligence features to offer you personalized itineraries, travel guides, packing suggestions, expense analysis and chat assistance.
To process AI requests, your prompts and the trip context (destinations, dates, preferences) are sent to the following providers:
- OpenAI
- Anthropic
- Google (Gemini)
Data sent to AI providers is used exclusively to process your specific request. No personal data is retained by AI providers beyond the duration of the individual request. We do not use data to train third-party AI models.
5. Photo and document storage
Photos: photos uploaded to the group gallery are securely stored on cloud storage (Amazon Web Services S3). Photos are accessible to members of the trip in which they were shared.
Documents: personal documents (passports, tickets, insurance) are stored securely and in encrypted form. Documents marked as personal are visible exclusively to the owner and are not accessible to other trip members.
6. Push notifications
We use Google's Firebase Cloud Messaging (FCM) to send you push notifications about trip updates, chat messages and group activities. You can disable notifications at any time from your device settings.
7. Analytics
We collect anonymous and aggregated usage data to understand how the App is used and to improve the service. This data cannot be traced back to your personal identity and includes information such as feature usage frequency, loading times and error reports.
8. Advertising and data sales
TravelDeck does not display advertisements of any kind. Your personal data is not sold, transferred or shared with third parties for marketing or advertising profiling purposes.
9. Data retention
Your personal data is retained for as long as your account is active. If you delete your account, all associated personal data is permanently removed from our systems, including photos, documents and travel data.
Anonymous and aggregated data for statistical purposes may be retained even after account deletion, as it cannot be traced back to you.
10. Your rights (GDPR)
In accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679), you have the following rights:
- Right of access: you may request a copy of all personal data we hold about you
- Right to rectification: you may request the correction of inaccurate or incomplete data
- Right to erasure: you may request the deletion of your personal data at any time
- Right to data portability: you may request the export of your data in a readable format
- Right to object: you may object to the processing of your data for specific purposes
- Right to restriction: you may request the restriction of processing of your data
To exercise any of these rights, contact us at the address indicated in the Contact section.
11. Security
We adopt appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction or alteration. These measures include encryption of data in transit and at rest, restricted data access and continuous system monitoring.
12. Changes to this policy
We reserve the right to update this Privacy Policy at any time. In the event of substantial changes, we will notify you via an in-app notification or by email. We recommend that you periodically review this page to stay informed.
13. Contact
For any questions, requests or reports regarding privacy and the processing of your personal data, you may contact us at: