We try to collect as little as possible. Here is the full list, grouped by where it comes from.
Account and identity
When you create an account, we collect the identifiers you sign up with — your email address (required) and, optionally, your phone number. If you sign in with a social or OAuth provider (such as Apple or Google), we receive the basic profile information that provider shares with us, which may include your name, email and a provider profile photo.
Authentication is handled by our sign-in provider, Clerk, which securely stores your credentials and any password you choose to set. Sign-in is passwordless by default; a password is optional. We do not see or store your social-account passwords.
Profile
To personalize the app and sync it across your devices, we store the profile you create: first and last name, display name, an optional username (used only inside the app, never to sign in), a short free-text "about", a profile photo (avatar), your location, your phone number (optional), and your trip preferences. Location is whatever you enter during onboarding — your country is required; state and city are optional. We also store a marketing-email opt-in flag, the timestamp when you accepted our Terms, and the timestamp when you finished onboarding. You can edit or remove most of this anytime in Settings.
Saved content and activity
We store the content you save to your account so it is available on every device you sign in to: your saved and followed trips, saved plan items (events, attractions and venues, with any notes you add), per-trip display preferences, and your read/dismiss state for alerts. Your uploaded avatar is included here too.
Friends and social connections
The app has a friends feature built on shareable friend codes (in the format XXXX-XXXX, including one-time codes) and QR codes. When you redeem someone's code you become their follower, and we record that follow relationship. Each account has a "show my plans to friends" toggle that is on by default — when it is on, friends you connect with can see the trips and events you have saved. You can turn it off at any time in Settings. What your friends see is your display name and avatar, not your sign-in identity.
Booking and inquiry information
When you inquire about a trip or move forward with a booking, we collect your name, email, phone number, the trip details you are asking about, and anything you write in the message field. We share the booking details that are necessary to operate your trip with the relevant Travel Supplier. We use JotForm to handle contact and inquiry forms. We do not collect or store payment-card data on our own sites — when it is time to pay, payment is handled by the Travel Supplier on their systems.
Usage and analytics
We use PostHog to understand how the Service is used. PostHog records page and tab views, custom product events (for example, opening a trip guide), device, operating-system and browser information, the site that referred you, and a session and device identifier. PostHog infers an approximate location from the IP address of the request.
We keep analytics separate from your account identity — we do not send your name, email or any account ID to PostHog, so analytics events are not tied back to you as an identified person. Some signals — an IP-derived approximate location, a session or device identifier — may still count as personal data under the GDPR, which is one reason you can turn analytics off at any time in Settings. We do not use analytics for cross-site advertising or retargeting, and there is none on the Service. (We previously kept a small in-house analytics table; it has been retired and that collection is now switched off.)
Device and push notifications
If you turn on push notifications, we store your device's push token and platform. For signed-in users this is linked to your account so notifications reach the right person across your devices. We use these to send trip updates and friend-add notifications, and we deliver them through Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM) and Expo Push. You can turn notifications off anytime in your device settings.
Other mobile device data
On mobile, the camera is used only when you scan a QR friend code or choose an avatar photo — we do not access it otherwise. We use on-device storage (SQLite and AsyncStorage) for offline caching and to remember your preferences. We do not collect GPS or real-time location — the only location we hold is what you type into your profile at onboarding.
Email-list signups
If you opt in to marketing email, we store your email address and name and the fact that you opted in, so we can send trip announcements and honor unsubscribe requests. See "Marketing email" below.
Images
Avatars and trip imagery are stored and served through the Bunny.net content delivery network. On mobile, trip images may also be cached locally on your device so the guide works offline.