Privacy Policy

Last updated: December 21, 2025

1. Introduction

TravelBuddy ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our travel planning service.

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and similar privacy laws worldwide. By using TravelBuddy, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information You Provide

  • Account information: name, email address, password
  • Profile details: travel preferences, home location, passport information (optional)
  • Trip data: destinations, dates, itineraries, travel companions
  • Payment information: processed securely through Stripe (we never store card details)
  • Communications: messages, feedback, support requests

2.2 Information Collected Automatically

  • Device information: IP address, browser type, operating system
  • Usage data: pages viewed, features used, time spent on platform
  • Location data: approximate location based on IP (can be disabled)
  • Cookies and similar technologies (see Cookie Policy)

2.3 Third-Party Information

  • Social media profiles (if you connect accounts)
  • Travel booking confirmations (if you forward them to us)
  • Weather and destination data from public APIs

3. How We Use Your Information

3.1 Lawful Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: To provide our travel planning services
  • Legitimate Interests: To improve our service and prevent fraud
  • Consent: For marketing communications and optional features
  • Legal Obligations: To comply with laws and regulations

3.2 Purposes of Processing

  • Create and manage your account
  • Provide personalized trip planning and recommendations
  • Process payments and manage subscriptions
  • Send service updates and travel alerts
  • Respond to support requests
  • Analyze usage patterns to improve our service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Data Sharing and Disclosure

We never sell your personal information. We share data only when:

4.1 With Your Consent

  • Sharing trip plans with designated travel companions
  • Connecting with third-party travel services you authorize

4.2 For Service Provision

  • Payment Processors: Stripe for secure payment handling
  • Cloud Infrastructure: AWS/Google Cloud for data storage
  • Analytics: Aggregated, anonymized usage statistics
  • Customer Support: Tools to help resolve your inquiries

4.3 Legal Requirements

  • To comply with legal obligations
  • To protect our rights and prevent fraud
  • In connection with business transfers or acquisitions

5. Your Rights Under GDPR

If you are in the EEA, you have the following rights:

Your Data Protection Rights

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit processing of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Automated Decision-Making: Not be subject to solely automated decisions

To exercise these rights, contact us at privacy@travelbuddy.com. We will respond within 30 days.

6. Data Security

We implement industry-standard security measures:

  • End-to-end encryption for sensitive data
  • TLS/SSL encryption for all data transmissions
  • Regular security audits and penetration testing
  • Strict access controls and authentication
  • Secure data centers with 24/7 monitoring
  • Incident response procedures

7. Data Retention

We retain your data for as long as necessary to provide our services:

  • Active accounts: Data retained while account is active
  • Inactive accounts: Deleted after 2 years of inactivity
  • Legal obligations: Some data retained as required by law
  • Anonymized data: May be retained indefinitely for analytics

8. International Data Transfers

Your data may be transferred to servers outside your country. We ensure adequate protection through:

  • EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs) where applicable
  • Appropriate safeguards for all international transfers

9. Children's Privacy

TravelBuddy is not intended for users under 16 years of age. We do not knowingly collect data from children. If we learn we have collected information from a child under 16, we will delete it immediately.

10. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

11. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our platform. Continued use after changes constitutes acceptance.

12. Contact Information

Data Protection Officer

Email: privacy@travelbuddy.com
Mail: TravelBuddy Privacy Team
1234 Innovation Drive, Suite 567
San Francisco, CA 94105
Response time: Within 30 days

Supervisory Authority

EU residents may also contact their local data protection authority with complaints.

Terms of ServiceCookie PolicySecurityContact Us