Back to homepage

GDPR notice

Data privacy and your rights.

How we collect, use, and protect data when you use AI Travel Planner.

What we collect

  • Account data: email address, password hash, optional display name.
  • Session data: authentication cookies, session identifiers, device and timestamp metadata for security.
  • Planner inputs: trip details you enter (destinations, preferences, dates) to generate itineraries.
  • Support and contact data: content of messages you send to us.
  • Technical data: server logs (IP address, time, URLs, user agent) to ensure availability and security.

Purposes and legal bases

  • Provide the service and authenticate users (Art. 6(1)(b) GDPR).
  • Operate trip planning features, maps, and AI-generated itineraries (Art. 6(1)(b) GDPR).
  • Security, fraud prevention, and service integrity (Art. 6(1)(f) GDPR).
  • Legal compliance and record keeping (Art. 6(1)(c) GDPR).
  • Communication related to your account or support requests (Art. 6(1)(b) and (f) GDPR).

Storage duration

  • Account and session data: retained while the account is active; session cookies expire automatically.
  • Planner inputs: stored to deliver and improve itineraries; delete on request or account deletion.
  • Logs: retained for security and troubleshooting for a limited period, then anonymized or deleted.

Recipients and processors

We use service providers for hosting, authentication, and analytics. Data processing agreements are in place with each processor.

  • Hosting and databases: hosted in the EU; details available on request.
  • Authentication: our sign-in service manages sessions and credentials.
  • Mapping/tiles: map tiles are loaded to display routes; requests may include IP and basic telemetry.
  • AI generation: an AI model provider processes your planner prompts to generate itineraries.

International transfers

Where data is transferred outside the EEA, we rely on an adequacy decision or appropriate safeguards (standard contractual clauses) and implement technical and organizational measures to protect your data.

Your rights

  • Access (Art. 15 GDPR) and rectification (Art. 16 GDPR).
  • Erasure (Art. 17 GDPR) and restriction (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Objection to processing based on legitimate interests (Art. 21 GDPR).
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with a supervisory authority, e.g., your local authority or the Austrian Data Protection Authority (DSB).

Last updated: January 2025

This page summarizes our current privacy practices. If we make material changes, we will update this notice.