Privacy Policy

1. Introduction

PlanToTrip (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what information the PlanToTrip iOS application (the “App”) collects, how that information is used, and what choices you have. By using the App, you agree to the practices described in this policy.

2. Information We Collect

Trip content you create or import:

• Trip titles, dates, and itineraries
• Stages, tasks, and schedules
• Bookings (flights, hotels, transfers, rentals) — including dates, prices, confirmation numbers, addresses
• Routes and points of interest
• Activities (with addresses and times)
• Documents you scan or attach (passports, tickets, vouchers, reservations)
• Personal documents you add about yourself and travel companions (citizenship, document type and number, names)
• Free-form chat messages you send to the AI

Onboarding information:

• Country and city of residence (to localize defaults and suggestions)
• Display name (optional)
• Preferred app language

Device and permission-gated data:

• Apple Calendar events (read-only; see Section 5)
• Photos or PDFs you explicitly select to scan as a document or attach to a booking
• Notification permissions (to deliver scheduling reminders)

Automatically collected information:

• Device type and iOS version
• App version
• Crash logs and aggregated performance data
• Subscription state (active / inactive) via Apple’s App Store

We do NOT collect:

• Your email address, phone number, or contacts (unless you email us)
• Background or real-time location
• Health, financial, or biometric data
• Advertising identifiers — the App contains no ad SDKs and no third-party trackers

3. How We Use Your Information

We use the information described above to:

• Generate personalized trip plans, day-by-day schedules, and AI suggestions
• Extract structured fields (dates, addresses, prices) from documents you scan
• Schedule tasks around your existing calendar events
• Deliver local and push notifications for upcoming or rescheduled tasks
• Process your in-app purchase through Apple’s App Store
• Diagnose crashes and improve App performance

4. Data Storage

• Trip content, bookings, documents, personal documents, and preferences are stored locally on your device using Apple’s SwiftData framework. The App does not sync via iCloud at this time.
• Attached and scanned files (images, PDFs) are uploaded to our backend’s secure file storage so they can be reused across your device and across trip-chat conversations. Files are stored encrypted at rest and accessible only via short-lived authenticated URLs scoped to your trip.
• AI planning requests, scan-document requests, and chat messages are transmitted over TLS-encrypted HTTPS to our backend hosted on Google Cloud Platform (US region).
• The text of an AI planning or chat request is processed in real time to produce the response and is not retained beyond the duration of the request, except where the message itself is part of a trip’s chat history that you choose to keep.
• We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Apple Calendar Access

If you grant calendar permission, the App reads events from your selected Apple Calendars solely to detect scheduling conflicts and place tasks in free time. The App never adds, edits, or deletes calendar events. You can revoke access at any time in iOS Settings → Privacy & Security → Calendars.

6. Third-Party Services

• Apple App Store / StoreKit — payment processing and subscription state.
• Apple EventKit — calendar event read access (with your permission).
• Google Cloud Platform (Cloud Run, Cloud Tasks, Firestore, Cloud Storage) — backend hosting and file storage in the United States.
• Anthropic, OpenAI, and Google AI — LLM providers used to generate trip plans, route suggestions, and chat responses. Only the content of your prompt and the structured trip context required to answer it are sent. Provider terms prohibit using your prompts for training their public models.
• Google Places API — address autocomplete when you add a route point or activity. Lookups are made server-side; we do not send your device identifier.

The App contains no advertising SDKs and no third-party analytics SDKs.

7. AI Data Processing

When you create or modify a trip, the following data may be sent to our AI services for plan generation, refinement, or chat:

• Trip title, dates, destination, and stage information
• Free-form messages you send in trip chat
• Document fields extracted from scans you submit
• The minimum schedule context needed (existing event times — not titles — when scheduling tasks)

Plan, route, and chat responses are generated in real time. We do not use your prompts or your trip content to train AI models.

8. Your Rights and Choices

• Access: All your trip data is on your device and visible inside the App.
• Deletion: Delete a trip from the trip list to remove it (this also deletes its server-side attachments). Deleting the App removes all local data. To request deletion of any backend-stored attachments, email us — see Section 11.
• Calendar: Revoke access in iOS Settings → Privacy & Security → Calendars.
• Notifications: Disable in iOS Settings → Notifications → PlanToTrip.
• Photos: Photo picker permission is per-selection — we never receive your full photo library.
• AI: You can use the App without AI by entering trips manually; AI features are opt-in per action.

For California residents (CCPA / CPRA): we do not sell or share personal information. You may request deletion of any backend-stored data by contacting us.

For EU/EEA residents (GDPR): the legal basis for processing trip content and AI requests is the performance of the contract you enter when using the App. The legal basis for crash logs and subscription state is our legitimate interest in keeping the App working and processing your purchase. You may request access, correction, or deletion by contacting us.

9. Children’s Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently received such information, please contact us and we will delete it.

10. Data Retention

• Local data: retained on your device until you delete the trip or the App.
• Attachments on backend storage: retained while the parent trip exists in your App, then eligible for deletion when you delete the trip.
• AI / scan / chat requests in transit: not retained beyond the response, except for the chat history you choose to keep.
• Crash logs and aggregated metrics: retained for up to 12 months.
• Voluntarily submitted feedback (email): retained while needed to address your request.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in the App. Material changes will be reflected by updating the “Last updated” date and, where appropriate, by an in-App notice. Continued use of the App after a change indicates your acceptance.

12. Contact Us

For privacy questions or data requests:

Email: support@plantotrip.com