Privacy Policy

What we collect

Account information. When you sign up, we collect your email address and display name via Supabase Auth (using Google, Apple, or magic link). We use this to authenticate you and identify you across devices.

Trip content. Trips you create — destinations, places, itineraries, expenses, photos, notes — are stored in our database (Supabase, EU region) and linked to your account.

Photos. Photos you attach to places are uploaded to Supabase Storage and linked to your trip. We do not scan, train models on, or share your photos.

Location.With your permission, we use your device’s location to center the map and suggest nearby places. We do not store your real-time location on our servers.

Push notification tokens.If you enable notifications, we store the Apple/Google push token against your account to deliver trip-related notifications you’ve opted into.

Crash and performance data. We use Sentry to collect anonymized crash reports and performance traces. These are linked to your account ID internally so we can debug issues affecting specific users.

Product analytics. We use Vexo to understand how features are used. Events are linked to your account ID. We do not track you across other apps or websites.

What we don't do

• We don’t sell your data.
• We don’t share your data with advertisers or data brokers.
• We don’t track you across third-party apps or websites.
• We don’t train AI models on your trips, photos, or notes.

AI features

When you use AI itinerary generation, we send your trip parameters (destination, dates, vibe selections) to our AI provider Anthropic (Claude) to generate suggestions. We do not send your name, email, or photos to the AI provider. Anthropic may temporarily process this data per their own privacy policy but is contractually prohibited from training on it.

Where data is stored

User accounts, trip content, and photos are stored in Supabase’s EU region. Crash data is processed by Sentry (US). Analytics events are processed by Vexo. Push notifications are routed through Apple (APNs) and Google (FCM).

Data retention

We retain your data for as long as your account is active. When you delete your account (Settings → Delete Account), all your trips, photos, and personal data are permanently deleted within 30 days. Anonymized crash and analytics data may persist for up to 90 days for debugging.

Your rights

You can:

• Access your data — visible in the app at any time
• Export your data — email us at hello@oumuamua.app
• Delete your account — Settings → Delete Account, or email us
• Objectto analytics — contact us to opt out (we’ll honor this within 7 days)

Under GDPR (EU) and CCPA (California), you have additional rights including the right to lodge a complaint with your local data protection authority.

Children

Oumuamua is intended for users aged 13 and older and is not directed at children. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

If we change this policy, we’ll update the “Last updated” date and notify active users via email if changes are material.

Contact

Questions? hello@oumuamua.app