LifeTravel - Track Your Adventures Around the World

1. Introduction

Welcome to LifeTravel. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, mobile application, and related services (collectively, the "Service").

LifeTravel is a travel journaling and tracking application that allows you to document trips, create visual travel maps, share experiences with friends, and receive AI-powered travel suggestions. We operate within the European Union and process personal data in strict compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

By accessing or using the Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

2. Definitions

Personal Data: any information relating to an identified or identifiable natural person.
Usage Data: data collected automatically from the Service infrastructure (e.g., page visit duration, error logs).
Data Controller: LifeTravel — the entity that determines the purposes and means of processing personal data.
Data Processor: any natural or legal person who processes data on behalf of the Data Controller.
User: the individual using the Service (the Data Subject under GDPR).
AI Features: in-app features powered by third-party large language models (Google Gemini) that generate travel suggestions, itineraries, or other content.

3. Data Controller

LifeTravel

Contact: [email protected]

Jurisdiction: The Netherlands (European Union)

4. Information We Collect

4.1 Personal Data You Provide

Account credentials (email address, username, hashed password)
Profile data (display name, profile photo, bio, and optional details)
User content (photos, videos, audio, text notes, itineraries, and trip descriptions)
AI prompts (messages or queries you submit to the AI Assistant)
Correspondence with our support team

4.2 Information Collected Automatically

Device information (device type, OS, browser type, unique identifiers)
Usage data (logs, timestamps, page views, clickstream data)
Error & crash reports via Sentry — including stack traces and the page/action that triggered the error. Sentry may capture limited Personal Data (e.g., user ID) to aid debugging.
Performance data (response times and availability metrics)

4.3 Location Data (GPS)

We use location data to track your journeys and create visual travel maps.

Permission: we access location only if you explicitly grant permission in your device or browser settings.
Use: draws your route on the map, tags photos with geographical metadata, and populates trip statistics.
Background Tracking: if you enable continuous journey tracking, we may collect location data when the app is in the background. Disable anytime in Settings → Location.
Precision: precise GPS when tracking is active; approximate IP-based location may be logged in standard server access logs.

4.4 Permissions We Request

Camera: to capture or upload photos and videos from within the app.
Microphone: to record audio notes for your trips.
Photo Library / Media: to select existing photos or videos from your device.
Contacts (optional): to help find friends already on LifeTravel by matching email addresses. Your contact list is never stored on our servers; matching occurs in-memory and is not retained.

4.5 Cookies & Tracking Technologies

Session cookies to keep you logged in during a session
Preference cookies to remember your language, theme, and settings
Security cookies to detect and prevent fraudulent activity
Firebase Analytics cookies/identifiers (processed by Google under their privacy terms)
Google reCAPTCHA v3 cookies and browser fingerprinting signals (used on sign-in and sign-up forms to detect automated abuse; no visible challenge is shown to legitimate users)

You can manage cookies via your browser or device settings. Disabling certain cookies may affect Service functionality.

5. AI Features & Data Processing

LifeTravel includes an AI-powered travel assistant ("AI Assistant") powered by Google Gemini (provided by Google LLC).

5.1 What Data Is Sent to the AI

Your prompt or query (text you type or submit)
Contextual trip data you choose to include (e.g., trip title, destination, dates, existing notes) to generate relevant suggestions
We do not automatically send photos, precise GPS coordinates, or payment data to the AI model

5.2 How AI Data Is Used

Your prompts are processed by Google's Gemini API solely to generate a response.
Google processes this data under its own privacy terms. See Google's Privacy Policy.
LifeTravel does not use your AI prompts to train any proprietary model.
AI interaction logs (prompt + response) are retained for up to 30 days for debugging and abuse detection, then automatically deleted.

5.3 AI Soft Limits (Fair Use)

The AI Assistant is subject to usage limits to ensure consistent service quality for all users:

Free Tier: limited AI requests per day and per calendar month (exact limits shown in-app).
Premium Tier: higher daily and monthly AI request limits (exact limits shown in-app).
Limits may be adjusted at any time with reasonable notice. Automated or scripted use of the AI Assistant is prohibited.

AI-generated content is for informational purposes only. LifeTravel does not guarantee the accuracy or fitness of AI suggestions. Always verify travel information independently.

6. Payment Information

We offer paid subscriptions and one-time purchases. Payments are processed exclusively by Stripe (Stripe, Inc. / Stripe Payments Europe, Ltd.).

We do not store or have access to your full card number, CVV, or banking credentials. This information goes directly to Stripe.
Stripe processes payments under PCI-DSS Level 1 standards.
We retain transaction records (amount, date, plan, masked card type) for 7 years as required by Dutch tax law.

Stripe Privacy Policy

7. How We Use Your Information

Service Delivery: to provide, operate, and maintain LifeTravel.
Account Management: to manage your registration, authentication, and preferences.
Journey Tracking: to render maps, routes, and travel history.
AI Features: to process your queries and return AI-generated suggestions (see Section 5).
Social Features: to allow trip sharing and friend connections — only with your explicit consent per trip or post.
Customer Support: to respond to inquiries and support requests.
Communications: transactional emails (account confirmation, password reset, receipts) and, with consent, product updates.
Analytics & Improvement: to understand usage patterns and improve the Service.
Security & Fraud Prevention: to detect and address abuse, unauthorized access, and technical issues.
Error Monitoring: to identify and fix bugs via Sentry.
Legal Compliance: to fulfill obligations under applicable law (e.g., tax record-keeping).

8. Legal Basis for Processing (GDPR)

For users in the EEA, processing is based on one or more of the following grounds:

Consent (Art. 6(1)(a)): location tracking, optional camera/microphone access, marketing emails, and AI Assistant usage. Consent may be withdrawn at any time without affecting prior processing.
Performance of a Contract (Art. 6(1)(b)): account creation, subscription management, and payment processing necessary to provide the Service.
Legal Obligation (Art. 6(1)(c)): tax record-keeping and responding to lawful authority requests.
Legitimate Interests (Art. 6(1)(f)): security, fraud prevention, error monitoring, and product analytics — where these do not override your fundamental rights.

9. Disclosure of Data & International Transfers

9.1 Service Providers (Data Processors)

We share data with the following third-party processors under Data Processing Agreements (DPAs):

Google Firebase (Authentication, Firestore, Cloud Storage, Analytics) — Google LLC / Google Ireland Ltd
Google Gemini API (AI Assistant) — Google LLC
Google Maps Platform (maps and geocoding) — Google LLC
Stripe (payment processing) — Stripe, Inc. / Stripe Payments Europe, Ltd.
Sentry (error and performance monitoring) — Functional Software, Inc.
ZeptoMail by Zoho (transactional email delivery) — Zoho Corporation Pvt. Ltd.
Google reCAPTCHA v3 (bot and fraud detection on sign-in and sign-up forms) — Google LLC. reCAPTCHA collects hardware and software information (device and application data) and sends it to Google for analysis. This processing is based on our legitimate interest in protecting the Service from automated abuse. See Google's Privacy Policy.

9.2 Business Transfers

If LifeTravel undergoes a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data becomes subject to a different Privacy Policy.

9.3 Law Enforcement

We may disclose Personal Data when required by law or valid legal process. Where permitted, we will notify you of such requests.

9.4 International Transfers

Some processors (including Google and Stripe) transfer data outside the EEA. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU–U.S. Data Privacy Framework.

10. Data Retention

Account Data: retained while active; deleted within 30 days of account deletion.
User Content (photos, trips): deleted within 30 days of account deletion.
AI Interaction Logs: automatically deleted after 30 days.
Usage & Error Data: up to 14 months (Firebase Analytics); Sentry error reports up to 90 days.
Transaction Records: 7 years (Dutch legal requirement).
Encrypted Backups: deleted within 90 days after account deletion, then permanently purged.

11. Security & Data Breach Notification

We implement industry-standard security measures including:

Encryption in transit (TLS 1.2+) for all Service communications
Encryption at rest for Firestore data and Firebase Storage
Firebase Security Rules restricting data access per authenticated user
Real-time error and performance monitoring via Sentry

No system is 100% secure. In the event of a data breach likely to result in risk to your rights, we will notify affected users and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours as required by GDPR Art. 33.

12. Your Data Protection Rights (GDPR)

If you are in the EEA, you have the following rights:

Right of Access (Art. 15): request a copy of your Personal Data.
Right of Rectification (Art. 16): request correction of inaccurate or incomplete data.
Right of Erasure (Art. 17): request deletion of your data ("right to be forgotten").
Right to Restriction (Art. 18): request limited processing in certain circumstances.
Right to Data Portability (Art. 20): receive your data in a structured, machine-readable format.
Right to Object (Art. 21): object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: withdraw consent at any time for consent-based processing.
Right to Lodge a Complaint: file a complaint with the Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl.

Most rights can be exercised in the app (Settings → Privacy & Data) or by emailing [email protected]. We aim to respond within 30 days.

13. California Privacy Rights (CCPA/CPRA)

LifeTravel does not sell Personal Data. California residents have the following rights under CCPA/CPRA:

Right to Notice: to know which categories of Personal Data are collected and why.
Right to Know / Access: to request disclosure of Personal Data we hold about you.
Right to Delete: to request deletion of your Personal Data.
Right to Correct: to request correction of inaccurate Personal Data.
Right to Opt-Out of Sale or Sharing: LifeTravel does not sell or share Personal Data for cross-context behavioural advertising.
Right to Limit Sensitive Data Use: we collect precise geolocation only with your explicit consent.
Non-Discrimination: we will not discriminate against you for exercising any of these rights.

To submit a California privacy request, email [email protected].

14. Automated Decision-Making

LifeTravel does not make legally significant automated decisions about you as defined by GDPR Article 22. AI-generated travel suggestions are informational only, do not produce legal effects, and do not significantly affect you in any binding way.

We do not respond to browser Do Not Track (DNT) signals. Firebase Analytics and Sentry use their own tracking mechanisms; please consult their respective privacy policies.

15. Children's Privacy, Third-Party Links, Severability & Governing Law

Children's Privacy

Our Service is not directed to persons under the age of 16. We do not knowingly collect Personal Data from anyone under 16. If we become aware that a child under 16 has provided Personal Data without verified parental consent, we will delete that information promptly. Contact [email protected] if you believe this has occurred.

Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their policies before providing data.

Severability

If any provision of this Privacy Policy is found unenforceable, it will be interpreted to accomplish its objectives to the greatest extent possible, with remaining provisions continuing in full effect.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before the change takes effect.

Governing Law

This Privacy Policy is governed by the laws of The Netherlands. Disputes are subject to the jurisdiction of the courts of The Netherlands, without prejudice to your rights as an EU consumer.

16. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to raise a privacy concern, contact us at [email protected] or visit https://lifetravel.app.