Plantrip'r

Privacy Policy

This Privacy Policy explains how Plantrip'r ("we", "our", or "us") collects, uses, and protects your personal information. We comply with GDPR (EU), UK GDPR, CCPA (California), and other applicable privacy regulations.

Effective Date: November 7, 2025 | Version: 1.0

Your Rights: You have the right to access, rectify, delete, or port your data. Contact us at privacy@plantripr.ai to exercise these rights.

Our Privacy Principles

Data Security

We use industry-standard encryption and security measures to protect your data.

Transparency

We're clear about what data we collect and how we use it.

Your Control

You can access, update, or delete your personal data at any time.

GDPR Compliant

We comply with international privacy regulations including GDPR.

1. Information We Collect

1.1 Personal Data (Article 4 GDPR)

Legal Basis: Contract performance, legitimate interests, and consent where required.

  • Identity Data: Name, email address, phone number (optional)
  • Account Data: Username, password (hashed), profile preferences
  • Travel Data: Trip itineraries, destinations, accommodation preferences
  • Financial Data: Payment information via secure third-party processors (Stripe, PayPal)
  • Communication Data: Messages, support tickets, collaboration notes

1.2 Technical Data

Legal Basis: Legitimate interests for service improvement and security.

  • Device Information: IP address, browser type, operating system, device ID
  • Usage Analytics: Page views, feature usage, session duration, click patterns
  • Location Data: Approximate location (with consent) for travel recommendations
  • Cookies & Trackers: Essential, analytics, and preference cookies (see Cookie Policy)

Special Categories of Data

We do not intentionally collect sensitive personal data (race, religion, health data) unless explicitly provided by you for travel accessibility needs (processed under GDPR Article 9(2)(a) - explicit consent).

2. Legal Basis for Processing (GDPR Art. 6)

Contract Performance (Art. 6(1)(b))

Processing necessary to provide our trip planning services, manage your account, and process payments.

Legitimate Interest (Art. 6(1)(f))

Analytics, security, fraud prevention, and service improvement based on our legitimate business interests.

Consent (Art. 6(1)(a))

Marketing communications, optional features, and non-essential cookies (you can withdraw anytime).

Legal Obligation (Art. 6(1)(c))

Compliance with tax obligations, anti-money laundering, and other legal requirements.

3. How We Use Your Information

Service Provision & Core Functions

  • Trip Planning: Generate AI-powered itineraries, manage bookings, and coordinate travel logistics
  • Account Management: Authenticate users, sync data across devices, and provide customer support
  • Payment Processing: Handle transactions securely through certified third-party processors

AI & Personalization

  • Machine Learning: Train algorithms on anonymized usage patterns to improve recommendations
  • Personalization: Customize suggestions based on your preferences and travel history

Legal & Security

  • Fraud Prevention: Monitor transactions and account activity for suspicious behavior
  • Compliance: Meet tax, financial reporting, and regulatory obligations
  • Legal Claims: Defend against legal claims or cooperate with law enforcement when required

4. Data Sharing & Third Parties

⚠️ We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.1 Authorized Data Sharing

Service Providers (Art. 28 GDPR)

Data processors operating under strict contractual obligations:

  • Cloud hosting (AWS, Google Cloud) - data encryption at rest and in transit
  • Payment processors (Stripe, PayPal) - PCI DSS compliant
  • Email services (SendGrid) - marketing and transactional emails
  • Analytics providers (Google Analytics, Mixpanel) - anonymized usage data

Trip Collaborators

Information you choose to share with fellow travelers (names, itineraries, expenses) based on your explicit sharing settings.

Legal Obligations

When required by law, court order, or to protect rights, safety, and security (GDPR Art. 6(1)(c) and (f)).

Business Transfers

In case of merger, acquisition, or sale - you will be notified and can object to the transfer.

5. International Data Transfers

Cross-Border Processing: Your data may be processed in the EU, UK, and US. We ensure adequate protection through:

  • EUPrimary data processing in EU with GDPR compliance
  • UKUK GDPR adequacy decision and Data Protection Act 2018
  • USStandard Contractual Clauses (SCCs) and additional safeguards

6. Data Retention

Active Accounts

  • • Account data: Duration of service use + 30 days
  • • Trip data: 7 years (travel insurance/tax purposes)
  • • Payment records: 7 years (legal/tax requirements)
  • • Communication logs: 3 years

Deleted Accounts

  • • Personal data: Deleted within 30 days
  • • Anonymized analytics: Retained indefinitely
  • • Legal holds: Extended as required by law
  • • Backup purging: 90 days maximum

7. Your Privacy Rights

🇪🇺 GDPR Rights (EU Residents) 🇬🇧 UK GDPR Rights (UK Residents)

Exercise your rights free of charge. We respond within 30 days (extendable to 60 days for complex requests).

Art. 15Right of Access

Request a copy of your personal data and information about how we process it.

Art. 16Right to Rectification

Correct inaccurate or incomplete personal information.

Art. 17Right to Erasure ("Right to be Forgotten")

Request deletion of your data (subject to legal retention requirements).

Art. 18Right to Restriction

Limit how we process your data while disputes are resolved.

Art. 20Right to Data Portability

Receive your data in a structured, machine-readable format (JSON/CSV).

Export Data →

Art. 21Right to Object

Object to processing based on legitimate interests or for direct marketing.

Art. 22Automated Decision-Making

Object to decisions based solely on automated processing (including AI profiling).

Art. 7Withdraw Consent

Withdraw consent for processing at any time (doesn't affect prior lawful processing).

🇺🇸 California Residents (CCPA/CPRA Rights)

Right to Know: What personal information we collect and how we use it

Right to Delete: Request deletion of your personal information

Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)

Right to Non-Discrimination: Equal service regardless of exercising your rights

Contact Us

If you have questions about this privacy policy or want to exercise your rights, please contact us:

privacy@plantripr.ai
Data Protection Officer: privacy@plantripr.ai

Response Time: We aim to respond to all privacy requests within 30 days. For urgent matters, please mark your email as "Urgent Privacy Request."

8. Cookie Policy

🍪 How We Use Cookies

We use cookies and similar technologies to provide, secure, and improve our services. You can manage your cookie preferences using our cookie banner or settings panel.

Essential Cookies: Required for site functionality, security, and authentication

Analytics Cookies: Help us understand usage patterns (Google Analytics, anonymized)

Marketing Cookies: Personalized advertising and remarketing campaigns

Preference Cookies: Remember your settings and improve user experience

Cookie Retention: Session cookies expire when you close your browser. Persistent cookies last up to 2 years unless deleted sooner.

9. Regulatory Compliance

EU
GDPR Compliance
  • • Data Protection Officer: privacy@plantripr.ai
  • • Legal basis documented for all processing
  • • Privacy by design & default
  • • Regular data protection impact assessments
  • • EU representative: [To be appointed if needed]
UK
UK GDPR & DPA 2018
  • • ICO registration: [To be registered]
  • • UK Data Protection Act 2018 compliance
  • • Post-Brexit data protection standards
  • • UK-specific right to object
  • • ICO complaints: ico.org.uk
US
CCPA/CPRA Compliance
  • • California Consumer Privacy Act rights
  • • "Do Not Sell My Personal Information"
  • • Authorized agent requests accepted
  • • 12-month disclosure obligations
  • • No discrimination for exercising rights

10. Supervisory Authorities & Complaints

Right to Lodge a Complaint: You have the right to complain to your local data protection authority if you believe we have not handled your personal data properly.

🇪🇺 EU Residents: Contact your national data protection authority

🇬🇧 UK Residents: Information Commissioner's Office (ICO)

Web: ico.org.uk | Phone: 0303 123 1113

🇺🇸 California Residents: California Attorney General

🇨🇦 Canadian Residents: Office of the Privacy Commissioner

We aim to resolve complaints directly first

11. Updates to This Policy

Material Changes: We may update this privacy policy from time to time. For material changes that affect your rights, we will:

  • Notify you by email at least 30 days before changes take effect
  • Display a prominent notice on our website
  • Request renewed consent where legally required
  • Provide clear summaries of what changed

Non-Material Changes: Minor updates (like clarifications or formatting) will be posted with an updated "Last Modified" date. Your continued use constitutes acceptance.

Ready to start planning?

We're committed to protecting your privacy while helping you create amazing trips.