Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Your email address (used for authentication and account recovery)
• A display name you choose (visible to trip group members)

1.2 User-Generated Content

When you use GoWee, you may create and store the following data:

• Trip details (names, destinations, dates, descriptions, budget preferences)
• Itinerary items (places, times, categories, notes)
• Expense records (amounts, currencies, categories, split details between group members)
• Packing lists (items, categories, packing status)
• Travel tips preferences and trip interests

1.3 Photos and Videos

You may upload photos and videos to shared trip galleries. These files are stored on our servers to enable sharing with your trip group members. We do not access or analyze the content of your photos beyond what is necessary to provide the service.

1.4 Information We Do Not Collect

2. How We Use Your Information

We use your information exclusively to provide, maintain, and improve the GoWee App. Specifically, we use your data to:

• Create and manage your account
• Enable trip planning, itinerary management, and group collaboration
• Facilitate expense tracking and splitting among trip members
• Store and display shared trip photos and media
• Generate AI-powered itinerary suggestions, packing lists, and travel tips
• Ensure the security and integrity of our service
• Diagnose and fix technical issues

3. AI-Powered Features

GoWee uses artificial intelligence to generate itinerary suggestions, packing lists, and travel tips. When you use these features:

• Your trip details (destination, dates, interests, group type, budget) are sent to our AI processing service to generate personalized suggestions.
• AI-generated suggestions are always editable by you and are not presented as factual or real-time information.
• Your data is used only to fulfill your specific request and is not retained by the AI service for training or other purposes.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to any third party.

4.1 Sharing Within the App

When you join or create a trip, certain information is shared with other trip members as part of the App's core functionality:

• Your display name and avatar
• Trip itinerary items, expenses, and packing lists you create within that trip
• Photos and videos you upload to the trip gallery

You control which trips you join and what content you share within them.

4.2 Service Providers

We use the following third-party service providers who process data on our behalf to operate the App:

• Supabase - authentication, database hosting, and file storage
• Google Cloud Platform - application server hosting, EU region
• Google Maps Platform - map display and place search functionality
• OpenAI - AI-powered suggestion generation

These providers process your data only as necessary to operate the App and are subject to their own privacy policies and data protection obligations.

4.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, or legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

5.1 Storage Location

Our application servers are hosted in the European Union (Google Cloud, europe-west1). Database and file storage are provided by Supabase. Data may be processed in regions where our service providers operate.

5.2 Security Measures

We implement industry-standard security measures to protect your information, including:

• Encrypted data transmission using HTTPS/TLS
• Secure authentication managed by our authentication provider, including short-lived access tokens
• Input validation and sanitization on all server endpoints
• Access controls ensuring you can only access trips you are a member of

While we take reasonable measures to protect your data, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

5.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authority as required by law, without undue delay.

6. Data Retention

We retain your data for as long as your account is active and as needed to provide you with the App's services.

• If you delete your account, we will delete your personal data within 30 days.
• Some data may be retained longer if required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).
• Photos, expenses, and other content shared in trip galleries may remain accessible to other trip members after your account is deleted, as this data forms part of the shared trip record. Your personal identifiers will be removed or anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access - Request a copy of the personal data we hold about you.
• Correction - Request correction of inaccurate or incomplete personal data.
• Deletion - Request deletion of your account and associated personal data.
• Data Portability - Request your data in a structured, commonly used, machine-readable format.
• Restriction - Request restriction of processing of your personal data in certain circumstances.
• Objection - Object to processing of your personal data for certain purposes.
• Withdraw Consent - Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within 30 days.

For users in the European Economic Area (EEA): Our legal basis for processing your personal data is the performance of our contract with you (providing the App's services) and your consent where applicable. You have the right to lodge a complaint with your local data protection supervisory authority.

8. International Data Transfers

Our application servers are hosted within the European Union. Some of our service providers (such as OpenAI for AI features) may process data outside the EU. Where data is transferred outside the EU, we rely on the safeguards provided by our service providers, which may include Standard Contractual Clauses or other mechanisms recognized under applicable data protection law.

9. Children's Privacy

GoWee is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take immediate steps to delete that information. If you believe a child under 16 has provided us with personal data, please contact us immediately.

10. Third-Party Links

The App may contain links to third-party websites or services (such as map links or place information). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the App.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date at the top of this policy

Your continued use of GoWee after the updated Privacy Policy takes effect constitutes your acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: