Privacy Policy

Privacy Policy

Privacy Policy

Last updated: 24 May 2026
Scope: The mobile app "Journeys" (iOS) and the associated website at https://getjourneys.app

This Privacy Policy informs you about how we process your personal data when you use the Journeys app and the associated online services — in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws (in particular the German Federal Data Protection Act, BDSG).

We have tried to keep this Policy as plain-language as possible. If you have any questions, write to us at support@getjourneys.app.


Note on language versions: This English version is provided for your convenience. The legally binding version of this Policy is the German original at https://getjourneys.app/privacy-de. In the event of any inconsistency between the German original and this translation, the German version prevails.


Section 1 — Data Controller

Lukas Seitz
Siemensstraße 1
93055 Regensburg
Germany

Email (support and data protection requests): support@getjourneys.app

We are not required to appoint a Data Protection Officer, since we do not meet the criteria of Section 38 of the German Federal Data Protection Act (BDSG): we do not have 20 or more people regularly engaged in automated processing of personal data, nor do we process special categories of personal data within the meaning of Article 9 GDPR as our core activity. Data protection requests are handled directly by Lukas Seitz at the email address above and will be responded to within one month (Article 12(3) GDPR).


Section 2 — Categories of Personal Data We Process


We process the following categories of personal data:


2.1 Account and identification data

  • Email address (via Apple Sign-In or magic-link)

  • Optional display name (provided by Apple Sign-In or chosen by you)

  • Pseudonymous user ID (Supabase UUID, used internally as a technical identifier)

  • With Apple Sign-In: Apple user identifier (anonymous ID generated by Apple)


2.2 Content data (entered or created by you)

  • Trip names, stop names, notes, journal entries

  • Uploaded photos (including photo bingo tasks, see Section 3.4)

  • Trip documents (PDFs, tickets, booking confirmations)

  • Packing lists, reminders, emergency info, saved addresses, custom phrases

  • Reviews, review tags, and reports of content you have flagged (when using the community features)

  • Social-media links (TikTok, Instagram) you add for the import feature, see Section 5


2.3 Location data

  • Geo-coordinates of trip stops (chosen by you or determined via Google Places)

  • GPS tracks, if you actively use the optional route-recording feature

  • Approximate map center (for map-tile requests to Mapbox)

  • Photo capture location in the photo bingo game mode (see Section 3.4)

  • Current device position (only during an active session, when you use a location-based feature — e.g. "near me", trip tracking)


2.4 Technical and telemetry data

  • Anonymous event counters (e.g. "Trip created", "Stop added") via PostHog

  • Crash reports and non-fatal errors via Sentry

  • Device information (iOS version, device model, app version, anonymous install IDs) as part of Sentry diagnostics

  • Sync error logs (anonymized, retained for 30 days)

  • Rate-limit counters (anonymized, retained for approx. 10 minutes)


2.5 Push notification data

  • Apple Push Notification Service device token (APNs token)

  • For configured notifications: mapping of the token to your user ID


2.6 Communication data

  • Support requests including attachments

  • Consent logs (which version of the Terms and Privacy Policy you accepted and when)


What we do NOT collect

We explicitly do not collect the following:

  • Advertising identifiers (IDFA, IDFV)

  • Cross-app tracking IDs of any kind

  • Browser history outside the app

  • Phone number

  • Payment data (the app currently has no paid features)

  • Contacts / address book / calendar

  • Microphone recordings or continuous background location tracking


Section 3 — Data Processing for the Trip Function

When you create a trip in Journeys, the following data is stored in our EU-hosted database (Supabase, Frankfurt region) and linked to your account.


3.1 Trip and stop data

Trip master data: trip name, travel period, destination and its geo-coordinates, optional accommodation info (name, address, booking code, notes), budget settings, transport info.

Stop data: name, category and geo-coordinates of each stop, optional notes, attachments and sort order, photo gallery per stop.


3.2 Attachments and documents

Notes, photos and PDFs you add are stored in a private storage bucket that is protected by Row-Level Security (RLS) so that only you and any travel companions you have invited can access them. Bucket access requires a valid authentication session — third parties cannot retrieve the files even if they know the URL.


3.3 Shared trips

If you share a trip with other people, those travel companions see all data of that trip (stops, notes, attachments, journal entries, etc.). Companions are linked via their user ID. You can remove a companion from a trip at any time. This terminates their access immediately.


3.4 Photo bingo and EXIF data in photos

Uploaded photos (in journal entries, bingo cells, trip documents) typically contain EXIF metadata, including:

  • Capture date and time

  • GPS coordinates of the capture location (if your device had location capture enabled at the time)

  • Camera model, exposure values

We deliberately do not strip this metadata before upload, because the photo bingo feature shows the capture location on the map ("Here I completed the task"). If you do not want a specific photo's GPS location to be stored, you can:

  • disable location capture in your iOS camera settings (before taking the photo)

  • strip the EXIF data from a photo with a third-party tool before uploading

EXIF data is not extracted into our structured database — it remains exclusively in the uploaded image file inside the storage bucket, visible only to you and any travel companions you have invited.


3.5 Travel activity data

GPS tracks that you optionally record in the app are processed locally on the device and, when needed, sent to the Mapbox Map Matching API to be "snapped" onto the nearest road network. The result is stored only on your device and in your trip data set.

Legal basis: Art. 6(1)(b) GDPR (contract performance — the app functions are the subject of our contract with you).


Section 4 — Sign-In and Email Delivery

You can sign in to Journeys in two ways:


4.1 Apple Sign-In (recommended)

  • Authentication via the Apple system

  • Apple provides us with a short-lived identity token, which we exchange for a Supabase session

  • Apple may optionally transmit your name and email address (or an Apple relay address such as xyz@privaterelay.appleid.com)

  • We store: display name (optional), email address, Apple user ID


4.2 Magic link (email)

  • You enter your email address

  • We send you a one-time sign-in link via our email service provider Brevo (Sendinblue GmbH, Berlin / Paris)

  • Brevo processes exclusively: your email address, the time of dispatch, technical delivery data (bounce, open, click status)

  • The magic link is valid for 60 minutes

  • Brevo hosting: EU (France)


4.3 Storage

Your email address is stored in the Supabase authentication table and in your user profile. Upon account deletion, both entries are removed.

Legal basis: Art. 6(1)(b) GDPR (contract performance — signing in is a prerequisite for using the app).


Section 5 — AI Features and Social-Media Import

Journeys offers AI-assisted features that send requests to our AI provider Anthropic PBC (Claude). Anthropic is based in the USA, but is certified under the EU-US Data Privacy Framework (see Section 11).


5.1 AI Trip Assistant

When you use the Trip Assistant (e.g. "Suggest 3 cafés in Paris"), we send the following to Anthropic:

  • Your message (prompt)

  • Optionally: context from your current trip (trip name, existing stops, date range) — to the extent necessary for the response

  • Your pseudonymous user ID (to map the response back to you)

We do not send to Anthropic: your email, your real name, photos, attachments.


5.2 Social-media import (TikTok / Instagram)

When you share or paste a TikTok or Instagram link into the app, the following process runs:

  1. The app detects the link type locally (no external call)

  2. Our Edge Function retrieves the publicly accessible preview information of the post (title, description, thumbnail — no private data)

  3. The description is sent to Anthropic Claude to extract place suggestions

  4. You receive the extracted suggestions in the app and decide which ones to import

What we cache: Results of the AI analysis are stored in a shared cache (same video URL → same result) to reduce requests. The cache is anonymous — it only contains the URL and the AI result, no user IDs.


5.3 Anthropic retention

Under our data processing agreement with Anthropic, the data transmitted is used exclusively to respond to your request, is not used to train AI models, and is deleted after no more than 30 days.


5.4 AI translations (curated content)

To provide multilingual content (e.g. city guides), we translate internally (in our admin area) using Anthropic Claude. No user data is transmitted in this process — only editorial content we maintain ourselves.

Legal basis: Art. 6(1)(b) GDPR (contract performance — the AI function is part of the subject of our contract with you).


Section 6 — External Maps and Place Services

When you add a stop or display a map, requests are sent to external services.


6.1 Google Places API (via our EU-hosted proxy)

  • We send: the name of the place being searched, an approximate geo search area (around a 200 m radius around the selected stop), your app language

  • We receive: place name, photo references, rating summary, opening hours, address — this data is reused in our database for other users (shared cache, saves API costs and data traffic)

  • Kill switch: If the administrator disables the Places search switch (e.g. on quota exhaustion), no requests are sent to Google


6.2 Mapbox Maps SDK and Map Matching API

  • Map display: When displaying a map, tile requests are sent to Mapbox servers; these contain the approximate map center (geo-coordinate), zoom level and an anonymous Mapbox access token for our app

  • GPS track snapping: If you record a GPS track and want to align it with the road network, you send the track to our Edge Function proxy, which forwards it to the Mapbox Matching API

  • What Mapbox does not receive: your trip names, notes, images, user IDs, email addresses

Legal basis: Art. 6(1)(b) GDPR (contract performance — the maps function is part of the contract).


Section 7 — Telemetry, Crash Reports and Product Analytics

We use the following technical tools. All are configured so that no personal content (trip names, notes, emails) is transmitted to the providers.


7.1 Sentry (crash and error logging)

  • Data region: EU (Sentry DE region)

  • Transmitted: stack traces, iOS version, device model, anonymous breadcrumbs

  • Not transmitted: screenshots, view hierarchies, trip content, emails

  • User linkage: only the anonymous Supabase UUID

  • Performance sampling rate: 10%

  • Retention: up to 90 days (depending on the current Sentry plan)


7.2 PostHog (product analytics)

  • Data region: EU (eu.posthog.com)

  • Transmitted: event names from a fixed list (e.g. "Trip created", "Stop added", "Onboarding completed") together with anonymous properties (e.g. trip type, number of stops)

  • Not transmitted: trip names, stop names, notes, user-entered text, images, locations

  • Profiling: only for signed-in users; no anonymous cross-app tracking

  • No session replays, no heatmaps

  • Retention: 12 months


7.3 Slack (internal notifications to our support team)

  • Slack receives no user content. When you open a support ticket or submit a report, all we see in our internal Slack channel is a technical hint message (e.g. "New support ticket — status: open" + link to the admin panel). The actual content stays in our EU database.

  • Administrator emails are mentioned as the actor in Slack messages, but are not app-user content.


7.4 Apple App Tracking Transparency

We do not track in the Apple sense. In our app's Privacy Manifest, NSPrivacyTracking = false is set; we do not use IDFA, cross-app identifiers or advertising cookies. For this reason, the app does not display an ATT dialog ("Would you like to be tracked?").


7.5 Your right to object to telemetry (Art. 21 GDPR)

Because we use Sentry and PostHog on the basis of our legitimate interest (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time.

How to object:
Send a short email to support@getjourneys.app with the subject "Telemetry objection" and tell us the email address of your account. We will then set your account to "opt-out" in both tools — after that, no further events or crash reports are recorded for your account. You will receive a confirmation within 7 days.

Note: We are working on an in-app toggle that makes this objection directly available in the app settings. Until that ships, the objection runs exclusively via email.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in app stability and improvement).


Section 8 — Push Notifications

Journeys uses the Apple Push Notification Service (APNs) to send you the following types of notifications:

  • Trip reminders (e.g. upcoming stops, trip start)

  • Sync hints (e.g. when a companion has added something to your trip)

  • Important system notifications (e.g. "app update available")


How it works

  1. On first launch, iOS asks for your consent ("Do you want to receive push notifications?")

  2. If you agree, we receive an anonymous device token (APNs push token) from Apple

  3. We store this token in our database, linked to your pseudonymous user ID

  4. When we want to send you a message, we pass the token to Apple along with the push payload


What Apple sees

Apple is the carrier of push messages and sees the delivered content. We only send technical hints via push (e.g. "Your flight to Lisbon departs tomorrow") and no sensitive data.


Disabling push notifications

You can disable push notifications at any time:

  • In the iOS settings → Journeys → Notifications → Allow notifications (off)

  • In the app settings of the Journeys app (if a toggle is available there)

On full revocation, the token is deleted from our database.

Legal basis: Art. 6(1)(a) GDPR (consent via the iOS push dialog).


Section 9 — Community Reviews, Reports and Moderation

If you use the optional community feature, the following additional notes apply:


9.1 Reviews

When you rate a place and publicly share your review, it is visible to other users of the app — including:

  • your display name

  • your star rating

  • the optional review text and tags

  • the rated place (name + approximate geo-coordinates)

Reviews are linked to your user ID. You can edit or delete your own reviews in the app at any time.


9.2 Reports

When you report a review for violating the community guidelines, we store your user ID, the reported review ID, and the report reason (an enum value such as "Spam", "Insult"). We respond to reports within 24 hours at the latest.

The reported user does not learn who reported them (except in rare cases where required by law, e.g. on request from law enforcement authorities).


9.3 Blocks

If an administrator blocks you for repeated violations, the block is documented with a reason. You can appeal the block at support@getjourneys.app.


9.4 Digital Services Act (DSA)

As a small provider (not a "Very Large Online Platform" within the meaning of the DSA), we are subject to the minimum obligations under the DSA. We comply with these through:

  • an internal notice-and-action procedure (reporting and response mechanism, see Section 9.2)

  • the ability to appeal moderation decisions (Section 9.3)

  • transparent community guidelines (see https://getjourneys.app/community-guidelines)

Legal basis for moderation: Art. 6(1)(f) GDPR (legitimate interest in a respectful community) and compliance with legal obligations under the Digital Services Act.


Section 10 — Processors and Third-Party Providers

We use the following processors. We have concluded a data processing agreement under Art. 28 GDPR with each of them.

ProviderHeadquartered inHosting regionPurposeSupabase Inc.USA (Delaware)🇪🇺 EU (Frankfurt)Database, authentication, storage, realtime, Edge FunctionsVercel Inc.USA🇺🇸 USAHosting of internal admin panelFramer B.V.🇪🇺 Netherlands (Amsterdam)🇪🇺 EU / global (via AWS)Hosting of the website https://getjourneys.app (legal pages, marketing)Anthropic PBCUSA🇺🇸 USAAI features (trip suggestions, social-media import, translations)Sentry / Functional Software Inc.USA🇪🇺 EU (DE region)Crash reports, error loggingPostHog Inc.USA🇪🇺 EU (eu.posthog.com)Product analytics (anonymous events)Google LLC (Places API + Cloud)USAglobalPlace information, photo URLsMapbox Inc.USAglobalMap display, route snappingSlack Technologies LLC (Salesforce)USA🇺🇸 USAInternal notifications (no user content)Sendinblue GmbH (Brevo)🇪🇺 France/Berlin🇪🇺 EUEmail delivery (magic-link)Apple Inc.USAglobalApple Sign-In, App Store distribution, Push Notification Service

The data processing agreements (DPAs) are available for inspection on our side — upon legitimate interest, we will send you a confirmation of the conclusion of the agreement on request.


Section 11 — Data Transfers to Third Countries (USA)

Some of the processors listed above are based in the USA or process data there. Data transfers to the USA take place on the basis of the EU-US Data Privacy Framework (DPF) — adequacy decision of the European Commission of 10 July 2023 (C(2023) 4745 final) — provided that the respective providers are DPF-certified.


DPF-certified providers we use (as of 24 May 2026)

  • Vercel Inc.

  • Anthropic PBC

  • Sentry / Functional Software Inc.

  • PostHog Inc.

  • Google LLC (Cloud + Places API)

  • Mapbox Inc.

  • Slack Technologies LLC

  • Apple Inc.

You can verify the certifications in the public DPF register at https://www.dataprivacyframework.gov/list.

For processors whose parent company is based in the USA but whose data is in fact processed in the EU (Supabase: AWS Frankfurt; Sentry: DE region; PostHog: EU Cloud), the EU hosting location additionally serves as a technical safeguard.

In addition, we have concluded Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR with all US providers. These clauses oblige providers to maintain a level of data protection equivalent to that of the GDPR.

If you have any concerns about a specific data transfer, you can contact us at support@getjourneys.app at any time.


Section 12 — Retention Period and Deletion

We retain personal data only for as long as necessary for the respective purposes.

Data typeRetentionAccount master data (profile, email)Until account deletionTrip data (trips, stops, attachments)Until account deletionSoft-deleted trips (trash)30 days, then irreversible deletionSync error logs30 daysRate-limit logsapprox. 10 minutesCrash reports (Sentry)up to 90 daysProduct telemetry (PostHog)12 monthsSupport ticketsup to 90 days after closingMagic-link tokensvalid for 60 minutesConsent logs (which Terms / Privacy version accepted)Until account deletionPush notification token (APNs)Until you disable notifications / account deletionAnthropic requests (AI)max. 30 days (per our DPA with Anthropic)Encrypted backup snapshots30 daysPlace enrichment cache (anonymous)Until next cleanup (no user linkage)


Account deletion

You can delete your account at any time in the app settings under "Profile → Delete account" with double confirmation. Upon account deletion:

  • all trips, stops, attachments, journal entries, bingo boards, and packing lists are irreversibly removed from the database,

  • all files are removed from the storage buckets,

  • the user ID linkage in PostHog and Sentry is reset,

  • the push notification token is deleted,

  • the entry in the authentication table and in the user profile is deleted.

Deletion takes effect immediately in live operations. Backup retention is 30 days (encrypted snapshots at Supabase); deletion is then complete in backups as well.


Section 13 — Your Rights

As a data subject, you have the following rights under the GDPR:

  • Access (Art. 15 GDPR) — we will tell you what personal data we process about you

  • Rectification (Art. 16 GDPR) — you can have incorrect data corrected

  • Erasure (Art. 17 GDPR) — you can request deletion of your data (fully via the in-app "Delete account" feature or by email to support@getjourneys.app)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR) — you can request your data in machine-readable format (JSON export by email to support@getjourneys.app, processing within one month)

  • Objection (Art. 21 GDPR) — for processing based on legitimate interests (in particular telemetry, see Section 7.5)

  • Withdrawal of consent (Art. 7(3) GDPR) — where processing is based on consent (e.g. push notifications)

  • Lodging a complaint with the supervisory authority (Art. 77 GDPR, see Section 14)

To exercise your rights, contact: support@getjourneys.app

We respond within one month (Art. 12(3) GDPR). For particularly complex requests, this period may be extended by another two months; in this case we will inform you.


Section 14 — Right to Complain to the Supervisory Authority

You have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: https://www.lda.bayern.de

You may also contact the data protection authority at your usual place of residence or work.


Section 15 — Website (getjourneys.app)

Our website at https://getjourneys.app is hosted by Framer and serves solely to provide information about the app and to host the legal documents (Privacy Policy, Terms, Imprint, Community Guidelines).

We use no tracking cookies, no analytics tools, and no advertising pixels on the website. Only strictly necessary cookies / local storage mechanisms are used that are required to deliver the page (e.g. Framer session to prevent infinite reloads).

When the website is accessed, anonymous connection logs (IP address, timestamp, user agent) are stored server-side for the customary duration (usually 7 days). This data is not used for profiling.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional, secure website).


Section 16 — Security of Processing

We implement technical and organizational measures to protect your data against unauthorized access. These include:

  • Encryption of data transmission (HTTPS / TLS 1.3) and data storage (Supabase "at rest" encryption with AES-256)

  • Row-Level Security (RLS) on all database tables — you only see your own data (even on direct DB access)

  • Storage bucket isolation — uploaded photos and PDFs are private; even if a URL is known, no access is possible without valid authentication

  • Rate-limiting + quota on all API endpoints to protect against abuse

  • Pseudonymization where possible (user IDs as UUID, no direct email linkage in telemetry)

  • Regular backups with encrypted snapshots (30 days retention)

  • Account deletion with CASCADE — all dependent data is removed in a single transaction

  • No advertising IDs (no IDFA, no cross-app tracking)

  • Audit log for administrative access to user data

  • Smoke tests for database-relevant schema changes to prevent permission bugs


Section 17 — Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in legislation, new app features, or new processors. The date under "Last updated" at the top shows the current version.

Material changes (e.g. new third parties, new data categories, changes to the legal basis) will be announced to you by email or via an in-app notice — usually at least 14 days before they take effect. For purely editorial changes (typos, formatting), no separate notice is given.

We document which version of the Privacy Policy you have accepted in an internal table (user_consents) with timestamp and version number.


Section 18 — Contact

For questions about this Privacy Policy or about the processing of your data, you can reach us at:

Email: support@getjourneys.app

We usually respond within 24 hours, and at the latest within one month under Art. 12(3) GDPR.

This Privacy Policy was published on 24 May 2026.

Last updated: 24 May 2026
Scope: The mobile app "Journeys" (iOS) and the associated website at https://getjourneys.app

This Privacy Policy informs you about how we process your personal data when you use the Journeys app and the associated online services — in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws (in particular the German Federal Data Protection Act, BDSG).

We have tried to keep this Policy as plain-language as possible. If you have any questions, write to us at support@getjourneys.app.


Note on language versions: This English version is provided for your convenience. The legally binding version of this Policy is the German original at https://getjourneys.app/privacy-de. In the event of any inconsistency between the German original and this translation, the German version prevails.


Section 1 — Data Controller

Lukas Seitz
Siemensstraße 1
93055 Regensburg
Germany

Email (support and data protection requests): support@getjourneys.app

We are not required to appoint a Data Protection Officer, since we do not meet the criteria of Section 38 of the German Federal Data Protection Act (BDSG): we do not have 20 or more people regularly engaged in automated processing of personal data, nor do we process special categories of personal data within the meaning of Article 9 GDPR as our core activity. Data protection requests are handled directly by Lukas Seitz at the email address above and will be responded to within one month (Article 12(3) GDPR).


Section 2 — Categories of Personal Data We Process


We process the following categories of personal data:


2.1 Account and identification data

  • Email address (via Apple Sign-In or magic-link)

  • Optional display name (provided by Apple Sign-In or chosen by you)

  • Pseudonymous user ID (Supabase UUID, used internally as a technical identifier)

  • With Apple Sign-In: Apple user identifier (anonymous ID generated by Apple)


2.2 Content data (entered or created by you)

  • Trip names, stop names, notes, journal entries

  • Uploaded photos (including photo bingo tasks, see Section 3.4)

  • Trip documents (PDFs, tickets, booking confirmations)

  • Packing lists, reminders, emergency info, saved addresses, custom phrases

  • Reviews, review tags, and reports of content you have flagged (when using the community features)

  • Social-media links (TikTok, Instagram) you add for the import feature, see Section 5


2.3 Location data

  • Geo-coordinates of trip stops (chosen by you or determined via Google Places)

  • GPS tracks, if you actively use the optional route-recording feature

  • Approximate map center (for map-tile requests to Mapbox)

  • Photo capture location in the photo bingo game mode (see Section 3.4)

  • Current device position (only during an active session, when you use a location-based feature — e.g. "near me", trip tracking)


2.4 Technical and telemetry data

  • Anonymous event counters (e.g. "Trip created", "Stop added") via PostHog

  • Crash reports and non-fatal errors via Sentry

  • Device information (iOS version, device model, app version, anonymous install IDs) as part of Sentry diagnostics

  • Sync error logs (anonymized, retained for 30 days)

  • Rate-limit counters (anonymized, retained for approx. 10 minutes)


2.5 Push notification data

  • Apple Push Notification Service device token (APNs token)

  • For configured notifications: mapping of the token to your user ID


2.6 Communication data

  • Support requests including attachments

  • Consent logs (which version of the Terms and Privacy Policy you accepted and when)


What we do NOT collect

We explicitly do not collect the following:

  • Advertising identifiers (IDFA, IDFV)

  • Cross-app tracking IDs of any kind

  • Browser history outside the app

  • Phone number

  • Payment data (the app currently has no paid features)

  • Contacts / address book / calendar

  • Microphone recordings or continuous background location tracking


Section 3 — Data Processing for the Trip Function

When you create a trip in Journeys, the following data is stored in our EU-hosted database (Supabase, Frankfurt region) and linked to your account.


3.1 Trip and stop data

Trip master data: trip name, travel period, destination and its geo-coordinates, optional accommodation info (name, address, booking code, notes), budget settings, transport info.

Stop data: name, category and geo-coordinates of each stop, optional notes, attachments and sort order, photo gallery per stop.


3.2 Attachments and documents

Notes, photos and PDFs you add are stored in a private storage bucket that is protected by Row-Level Security (RLS) so that only you and any travel companions you have invited can access them. Bucket access requires a valid authentication session — third parties cannot retrieve the files even if they know the URL.


3.3 Shared trips

If you share a trip with other people, those travel companions see all data of that trip (stops, notes, attachments, journal entries, etc.). Companions are linked via their user ID. You can remove a companion from a trip at any time. This terminates their access immediately.


3.4 Photo bingo and EXIF data in photos

Uploaded photos (in journal entries, bingo cells, trip documents) typically contain EXIF metadata, including:

  • Capture date and time

  • GPS coordinates of the capture location (if your device had location capture enabled at the time)

  • Camera model, exposure values

We deliberately do not strip this metadata before upload, because the photo bingo feature shows the capture location on the map ("Here I completed the task"). If you do not want a specific photo's GPS location to be stored, you can:

  • disable location capture in your iOS camera settings (before taking the photo)

  • strip the EXIF data from a photo with a third-party tool before uploading

EXIF data is not extracted into our structured database — it remains exclusively in the uploaded image file inside the storage bucket, visible only to you and any travel companions you have invited.


3.5 Travel activity data

GPS tracks that you optionally record in the app are processed locally on the device and, when needed, sent to the Mapbox Map Matching API to be "snapped" onto the nearest road network. The result is stored only on your device and in your trip data set.

Legal basis: Art. 6(1)(b) GDPR (contract performance — the app functions are the subject of our contract with you).


Section 4 — Sign-In and Email Delivery

You can sign in to Journeys in two ways:


4.1 Apple Sign-In (recommended)

  • Authentication via the Apple system

  • Apple provides us with a short-lived identity token, which we exchange for a Supabase session

  • Apple may optionally transmit your name and email address (or an Apple relay address such as xyz@privaterelay.appleid.com)

  • We store: display name (optional), email address, Apple user ID


4.2 Magic link (email)

  • You enter your email address

  • We send you a one-time sign-in link via our email service provider Brevo (Sendinblue GmbH, Berlin / Paris)

  • Brevo processes exclusively: your email address, the time of dispatch, technical delivery data (bounce, open, click status)

  • The magic link is valid for 60 minutes

  • Brevo hosting: EU (France)


4.3 Storage

Your email address is stored in the Supabase authentication table and in your user profile. Upon account deletion, both entries are removed.

Legal basis: Art. 6(1)(b) GDPR (contract performance — signing in is a prerequisite for using the app).


Section 5 — AI Features and Social-Media Import

Journeys offers AI-assisted features that send requests to our AI provider Anthropic PBC (Claude). Anthropic is based in the USA, but is certified under the EU-US Data Privacy Framework (see Section 11).


5.1 AI Trip Assistant

When you use the Trip Assistant (e.g. "Suggest 3 cafés in Paris"), we send the following to Anthropic:

  • Your message (prompt)

  • Optionally: context from your current trip (trip name, existing stops, date range) — to the extent necessary for the response

  • Your pseudonymous user ID (to map the response back to you)

We do not send to Anthropic: your email, your real name, photos, attachments.


5.2 Social-media import (TikTok / Instagram)

When you share or paste a TikTok or Instagram link into the app, the following process runs:

  1. The app detects the link type locally (no external call)

  2. Our Edge Function retrieves the publicly accessible preview information of the post (title, description, thumbnail — no private data)

  3. The description is sent to Anthropic Claude to extract place suggestions

  4. You receive the extracted suggestions in the app and decide which ones to import

What we cache: Results of the AI analysis are stored in a shared cache (same video URL → same result) to reduce requests. The cache is anonymous — it only contains the URL and the AI result, no user IDs.


5.3 Anthropic retention

Under our data processing agreement with Anthropic, the data transmitted is used exclusively to respond to your request, is not used to train AI models, and is deleted after no more than 30 days.


5.4 AI translations (curated content)

To provide multilingual content (e.g. city guides), we translate internally (in our admin area) using Anthropic Claude. No user data is transmitted in this process — only editorial content we maintain ourselves.

Legal basis: Art. 6(1)(b) GDPR (contract performance — the AI function is part of the subject of our contract with you).


Section 6 — External Maps and Place Services

When you add a stop or display a map, requests are sent to external services.


6.1 Google Places API (via our EU-hosted proxy)

  • We send: the name of the place being searched, an approximate geo search area (around a 200 m radius around the selected stop), your app language

  • We receive: place name, photo references, rating summary, opening hours, address — this data is reused in our database for other users (shared cache, saves API costs and data traffic)

  • Kill switch: If the administrator disables the Places search switch (e.g. on quota exhaustion), no requests are sent to Google


6.2 Mapbox Maps SDK and Map Matching API

  • Map display: When displaying a map, tile requests are sent to Mapbox servers; these contain the approximate map center (geo-coordinate), zoom level and an anonymous Mapbox access token for our app

  • GPS track snapping: If you record a GPS track and want to align it with the road network, you send the track to our Edge Function proxy, which forwards it to the Mapbox Matching API

  • What Mapbox does not receive: your trip names, notes, images, user IDs, email addresses

Legal basis: Art. 6(1)(b) GDPR (contract performance — the maps function is part of the contract).


Section 7 — Telemetry, Crash Reports and Product Analytics

We use the following technical tools. All are configured so that no personal content (trip names, notes, emails) is transmitted to the providers.


7.1 Sentry (crash and error logging)

  • Data region: EU (Sentry DE region)

  • Transmitted: stack traces, iOS version, device model, anonymous breadcrumbs

  • Not transmitted: screenshots, view hierarchies, trip content, emails

  • User linkage: only the anonymous Supabase UUID

  • Performance sampling rate: 10%

  • Retention: up to 90 days (depending on the current Sentry plan)


7.2 PostHog (product analytics)

  • Data region: EU (eu.posthog.com)

  • Transmitted: event names from a fixed list (e.g. "Trip created", "Stop added", "Onboarding completed") together with anonymous properties (e.g. trip type, number of stops)

  • Not transmitted: trip names, stop names, notes, user-entered text, images, locations

  • Profiling: only for signed-in users; no anonymous cross-app tracking

  • No session replays, no heatmaps

  • Retention: 12 months


7.3 Slack (internal notifications to our support team)

  • Slack receives no user content. When you open a support ticket or submit a report, all we see in our internal Slack channel is a technical hint message (e.g. "New support ticket — status: open" + link to the admin panel). The actual content stays in our EU database.

  • Administrator emails are mentioned as the actor in Slack messages, but are not app-user content.


7.4 Apple App Tracking Transparency

We do not track in the Apple sense. In our app's Privacy Manifest, NSPrivacyTracking = false is set; we do not use IDFA, cross-app identifiers or advertising cookies. For this reason, the app does not display an ATT dialog ("Would you like to be tracked?").


7.5 Your right to object to telemetry (Art. 21 GDPR)

Because we use Sentry and PostHog on the basis of our legitimate interest (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time.

How to object:
Send a short email to support@getjourneys.app with the subject "Telemetry objection" and tell us the email address of your account. We will then set your account to "opt-out" in both tools — after that, no further events or crash reports are recorded for your account. You will receive a confirmation within 7 days.

Note: We are working on an in-app toggle that makes this objection directly available in the app settings. Until that ships, the objection runs exclusively via email.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in app stability and improvement).


Section 8 — Push Notifications

Journeys uses the Apple Push Notification Service (APNs) to send you the following types of notifications:

  • Trip reminders (e.g. upcoming stops, trip start)

  • Sync hints (e.g. when a companion has added something to your trip)

  • Important system notifications (e.g. "app update available")


How it works

  1. On first launch, iOS asks for your consent ("Do you want to receive push notifications?")

  2. If you agree, we receive an anonymous device token (APNs push token) from Apple

  3. We store this token in our database, linked to your pseudonymous user ID

  4. When we want to send you a message, we pass the token to Apple along with the push payload


What Apple sees

Apple is the carrier of push messages and sees the delivered content. We only send technical hints via push (e.g. "Your flight to Lisbon departs tomorrow") and no sensitive data.


Disabling push notifications

You can disable push notifications at any time:

  • In the iOS settings → Journeys → Notifications → Allow notifications (off)

  • In the app settings of the Journeys app (if a toggle is available there)

On full revocation, the token is deleted from our database.

Legal basis: Art. 6(1)(a) GDPR (consent via the iOS push dialog).


Section 9 — Community Reviews, Reports and Moderation

If you use the optional community feature, the following additional notes apply:


9.1 Reviews

When you rate a place and publicly share your review, it is visible to other users of the app — including:

  • your display name

  • your star rating

  • the optional review text and tags

  • the rated place (name + approximate geo-coordinates)

Reviews are linked to your user ID. You can edit or delete your own reviews in the app at any time.


9.2 Reports

When you report a review for violating the community guidelines, we store your user ID, the reported review ID, and the report reason (an enum value such as "Spam", "Insult"). We respond to reports within 24 hours at the latest.

The reported user does not learn who reported them (except in rare cases where required by law, e.g. on request from law enforcement authorities).


9.3 Blocks

If an administrator blocks you for repeated violations, the block is documented with a reason. You can appeal the block at support@getjourneys.app.


9.4 Digital Services Act (DSA)

As a small provider (not a "Very Large Online Platform" within the meaning of the DSA), we are subject to the minimum obligations under the DSA. We comply with these through:

  • an internal notice-and-action procedure (reporting and response mechanism, see Section 9.2)

  • the ability to appeal moderation decisions (Section 9.3)

  • transparent community guidelines (see https://getjourneys.app/community-guidelines)

Legal basis for moderation: Art. 6(1)(f) GDPR (legitimate interest in a respectful community) and compliance with legal obligations under the Digital Services Act.


Section 10 — Processors and Third-Party Providers

We use the following processors. We have concluded a data processing agreement under Art. 28 GDPR with each of them.

ProviderHeadquartered inHosting regionPurposeSupabase Inc.USA (Delaware)🇪🇺 EU (Frankfurt)Database, authentication, storage, realtime, Edge FunctionsVercel Inc.USA🇺🇸 USAHosting of internal admin panelFramer B.V.🇪🇺 Netherlands (Amsterdam)🇪🇺 EU / global (via AWS)Hosting of the website https://getjourneys.app (legal pages, marketing)Anthropic PBCUSA🇺🇸 USAAI features (trip suggestions, social-media import, translations)Sentry / Functional Software Inc.USA🇪🇺 EU (DE region)Crash reports, error loggingPostHog Inc.USA🇪🇺 EU (eu.posthog.com)Product analytics (anonymous events)Google LLC (Places API + Cloud)USAglobalPlace information, photo URLsMapbox Inc.USAglobalMap display, route snappingSlack Technologies LLC (Salesforce)USA🇺🇸 USAInternal notifications (no user content)Sendinblue GmbH (Brevo)🇪🇺 France/Berlin🇪🇺 EUEmail delivery (magic-link)Apple Inc.USAglobalApple Sign-In, App Store distribution, Push Notification Service

The data processing agreements (DPAs) are available for inspection on our side — upon legitimate interest, we will send you a confirmation of the conclusion of the agreement on request.


Section 11 — Data Transfers to Third Countries (USA)

Some of the processors listed above are based in the USA or process data there. Data transfers to the USA take place on the basis of the EU-US Data Privacy Framework (DPF) — adequacy decision of the European Commission of 10 July 2023 (C(2023) 4745 final) — provided that the respective providers are DPF-certified.


DPF-certified providers we use (as of 24 May 2026)

  • Vercel Inc.

  • Anthropic PBC

  • Sentry / Functional Software Inc.

  • PostHog Inc.

  • Google LLC (Cloud + Places API)

  • Mapbox Inc.

  • Slack Technologies LLC

  • Apple Inc.

You can verify the certifications in the public DPF register at https://www.dataprivacyframework.gov/list.

For processors whose parent company is based in the USA but whose data is in fact processed in the EU (Supabase: AWS Frankfurt; Sentry: DE region; PostHog: EU Cloud), the EU hosting location additionally serves as a technical safeguard.

In addition, we have concluded Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR with all US providers. These clauses oblige providers to maintain a level of data protection equivalent to that of the GDPR.

If you have any concerns about a specific data transfer, you can contact us at support@getjourneys.app at any time.


Section 12 — Retention Period and Deletion

We retain personal data only for as long as necessary for the respective purposes.

Data typeRetentionAccount master data (profile, email)Until account deletionTrip data (trips, stops, attachments)Until account deletionSoft-deleted trips (trash)30 days, then irreversible deletionSync error logs30 daysRate-limit logsapprox. 10 minutesCrash reports (Sentry)up to 90 daysProduct telemetry (PostHog)12 monthsSupport ticketsup to 90 days after closingMagic-link tokensvalid for 60 minutesConsent logs (which Terms / Privacy version accepted)Until account deletionPush notification token (APNs)Until you disable notifications / account deletionAnthropic requests (AI)max. 30 days (per our DPA with Anthropic)Encrypted backup snapshots30 daysPlace enrichment cache (anonymous)Until next cleanup (no user linkage)


Account deletion

You can delete your account at any time in the app settings under "Profile → Delete account" with double confirmation. Upon account deletion:

  • all trips, stops, attachments, journal entries, bingo boards, and packing lists are irreversibly removed from the database,

  • all files are removed from the storage buckets,

  • the user ID linkage in PostHog and Sentry is reset,

  • the push notification token is deleted,

  • the entry in the authentication table and in the user profile is deleted.

Deletion takes effect immediately in live operations. Backup retention is 30 days (encrypted snapshots at Supabase); deletion is then complete in backups as well.


Section 13 — Your Rights

As a data subject, you have the following rights under the GDPR:

  • Access (Art. 15 GDPR) — we will tell you what personal data we process about you

  • Rectification (Art. 16 GDPR) — you can have incorrect data corrected

  • Erasure (Art. 17 GDPR) — you can request deletion of your data (fully via the in-app "Delete account" feature or by email to support@getjourneys.app)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR) — you can request your data in machine-readable format (JSON export by email to support@getjourneys.app, processing within one month)

  • Objection (Art. 21 GDPR) — for processing based on legitimate interests (in particular telemetry, see Section 7.5)

  • Withdrawal of consent (Art. 7(3) GDPR) — where processing is based on consent (e.g. push notifications)

  • Lodging a complaint with the supervisory authority (Art. 77 GDPR, see Section 14)

To exercise your rights, contact: support@getjourneys.app

We respond within one month (Art. 12(3) GDPR). For particularly complex requests, this period may be extended by another two months; in this case we will inform you.


Section 14 — Right to Complain to the Supervisory Authority

You have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: https://www.lda.bayern.de

You may also contact the data protection authority at your usual place of residence or work.


Section 15 — Website (getjourneys.app)

Our website at https://getjourneys.app is hosted by Framer and serves solely to provide information about the app and to host the legal documents (Privacy Policy, Terms, Imprint, Community Guidelines).

We use no tracking cookies, no analytics tools, and no advertising pixels on the website. Only strictly necessary cookies / local storage mechanisms are used that are required to deliver the page (e.g. Framer session to prevent infinite reloads).

When the website is accessed, anonymous connection logs (IP address, timestamp, user agent) are stored server-side for the customary duration (usually 7 days). This data is not used for profiling.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional, secure website).


Section 16 — Security of Processing

We implement technical and organizational measures to protect your data against unauthorized access. These include:

  • Encryption of data transmission (HTTPS / TLS 1.3) and data storage (Supabase "at rest" encryption with AES-256)

  • Row-Level Security (RLS) on all database tables — you only see your own data (even on direct DB access)

  • Storage bucket isolation — uploaded photos and PDFs are private; even if a URL is known, no access is possible without valid authentication

  • Rate-limiting + quota on all API endpoints to protect against abuse

  • Pseudonymization where possible (user IDs as UUID, no direct email linkage in telemetry)

  • Regular backups with encrypted snapshots (30 days retention)

  • Account deletion with CASCADE — all dependent data is removed in a single transaction

  • No advertising IDs (no IDFA, no cross-app tracking)

  • Audit log for administrative access to user data

  • Smoke tests for database-relevant schema changes to prevent permission bugs


Section 17 — Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in legislation, new app features, or new processors. The date under "Last updated" at the top shows the current version.

Material changes (e.g. new third parties, new data categories, changes to the legal basis) will be announced to you by email or via an in-app notice — usually at least 14 days before they take effect. For purely editorial changes (typos, formatting), no separate notice is given.

We document which version of the Privacy Policy you have accepted in an internal table (user_consents) with timestamp and version number.


Section 18 — Contact

For questions about this Privacy Policy or about the processing of your data, you can reach us at:

Email: support@getjourneys.app

We usually respond within 24 hours, and at the latest within one month under Art. 12(3) GDPR.

This Privacy Policy was published on 24 May 2026.

Last updated: 24 May 2026
Scope: The mobile app "Journeys" (iOS) and the associated website at https://getjourneys.app

This Privacy Policy informs you about how we process your personal data when you use the Journeys app and the associated online services — in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws (in particular the German Federal Data Protection Act, BDSG).

We have tried to keep this Policy as plain-language as possible. If you have any questions, write to us at support@getjourneys.app.


Note on language versions: This English version is provided for your convenience. The legally binding version of this Policy is the German original at https://getjourneys.app/privacy-de. In the event of any inconsistency between the German original and this translation, the German version prevails.


Section 1 — Data Controller

Lukas Seitz
Siemensstraße 1
93055 Regensburg
Germany

Email (support and data protection requests): support@getjourneys.app

We are not required to appoint a Data Protection Officer, since we do not meet the criteria of Section 38 of the German Federal Data Protection Act (BDSG): we do not have 20 or more people regularly engaged in automated processing of personal data, nor do we process special categories of personal data within the meaning of Article 9 GDPR as our core activity. Data protection requests are handled directly by Lukas Seitz at the email address above and will be responded to within one month (Article 12(3) GDPR).


Section 2 — Categories of Personal Data We Process


We process the following categories of personal data:


2.1 Account and identification data

  • Email address (via Apple Sign-In or magic-link)

  • Optional display name (provided by Apple Sign-In or chosen by you)

  • Pseudonymous user ID (Supabase UUID, used internally as a technical identifier)

  • With Apple Sign-In: Apple user identifier (anonymous ID generated by Apple)


2.2 Content data (entered or created by you)

  • Trip names, stop names, notes, journal entries

  • Uploaded photos (including photo bingo tasks, see Section 3.4)

  • Trip documents (PDFs, tickets, booking confirmations)

  • Packing lists, reminders, emergency info, saved addresses, custom phrases

  • Reviews, review tags, and reports of content you have flagged (when using the community features)

  • Social-media links (TikTok, Instagram) you add for the import feature, see Section 5


2.3 Location data

  • Geo-coordinates of trip stops (chosen by you or determined via Google Places)

  • GPS tracks, if you actively use the optional route-recording feature

  • Approximate map center (for map-tile requests to Mapbox)

  • Photo capture location in the photo bingo game mode (see Section 3.4)

  • Current device position (only during an active session, when you use a location-based feature — e.g. "near me", trip tracking)


2.4 Technical and telemetry data

  • Anonymous event counters (e.g. "Trip created", "Stop added") via PostHog

  • Crash reports and non-fatal errors via Sentry

  • Device information (iOS version, device model, app version, anonymous install IDs) as part of Sentry diagnostics

  • Sync error logs (anonymized, retained for 30 days)

  • Rate-limit counters (anonymized, retained for approx. 10 minutes)


2.5 Push notification data

  • Apple Push Notification Service device token (APNs token)

  • For configured notifications: mapping of the token to your user ID


2.6 Communication data

  • Support requests including attachments

  • Consent logs (which version of the Terms and Privacy Policy you accepted and when)


What we do NOT collect

We explicitly do not collect the following:

  • Advertising identifiers (IDFA, IDFV)

  • Cross-app tracking IDs of any kind

  • Browser history outside the app

  • Phone number

  • Payment data (the app currently has no paid features)

  • Contacts / address book / calendar

  • Microphone recordings or continuous background location tracking


Section 3 — Data Processing for the Trip Function

When you create a trip in Journeys, the following data is stored in our EU-hosted database (Supabase, Frankfurt region) and linked to your account.


3.1 Trip and stop data

Trip master data: trip name, travel period, destination and its geo-coordinates, optional accommodation info (name, address, booking code, notes), budget settings, transport info.

Stop data: name, category and geo-coordinates of each stop, optional notes, attachments and sort order, photo gallery per stop.


3.2 Attachments and documents

Notes, photos and PDFs you add are stored in a private storage bucket that is protected by Row-Level Security (RLS) so that only you and any travel companions you have invited can access them. Bucket access requires a valid authentication session — third parties cannot retrieve the files even if they know the URL.


3.3 Shared trips

If you share a trip with other people, those travel companions see all data of that trip (stops, notes, attachments, journal entries, etc.). Companions are linked via their user ID. You can remove a companion from a trip at any time. This terminates their access immediately.


3.4 Photo bingo and EXIF data in photos

Uploaded photos (in journal entries, bingo cells, trip documents) typically contain EXIF metadata, including:

  • Capture date and time

  • GPS coordinates of the capture location (if your device had location capture enabled at the time)

  • Camera model, exposure values

We deliberately do not strip this metadata before upload, because the photo bingo feature shows the capture location on the map ("Here I completed the task"). If you do not want a specific photo's GPS location to be stored, you can:

  • disable location capture in your iOS camera settings (before taking the photo)

  • strip the EXIF data from a photo with a third-party tool before uploading

EXIF data is not extracted into our structured database — it remains exclusively in the uploaded image file inside the storage bucket, visible only to you and any travel companions you have invited.


3.5 Travel activity data

GPS tracks that you optionally record in the app are processed locally on the device and, when needed, sent to the Mapbox Map Matching API to be "snapped" onto the nearest road network. The result is stored only on your device and in your trip data set.

Legal basis: Art. 6(1)(b) GDPR (contract performance — the app functions are the subject of our contract with you).


Section 4 — Sign-In and Email Delivery

You can sign in to Journeys in two ways:


4.1 Apple Sign-In (recommended)

  • Authentication via the Apple system

  • Apple provides us with a short-lived identity token, which we exchange for a Supabase session

  • Apple may optionally transmit your name and email address (or an Apple relay address such as xyz@privaterelay.appleid.com)

  • We store: display name (optional), email address, Apple user ID


4.2 Magic link (email)

  • You enter your email address

  • We send you a one-time sign-in link via our email service provider Brevo (Sendinblue GmbH, Berlin / Paris)

  • Brevo processes exclusively: your email address, the time of dispatch, technical delivery data (bounce, open, click status)

  • The magic link is valid for 60 minutes

  • Brevo hosting: EU (France)


4.3 Storage

Your email address is stored in the Supabase authentication table and in your user profile. Upon account deletion, both entries are removed.

Legal basis: Art. 6(1)(b) GDPR (contract performance — signing in is a prerequisite for using the app).


Section 5 — AI Features and Social-Media Import

Journeys offers AI-assisted features that send requests to our AI provider Anthropic PBC (Claude). Anthropic is based in the USA, but is certified under the EU-US Data Privacy Framework (see Section 11).


5.1 AI Trip Assistant

When you use the Trip Assistant (e.g. "Suggest 3 cafés in Paris"), we send the following to Anthropic:

  • Your message (prompt)

  • Optionally: context from your current trip (trip name, existing stops, date range) — to the extent necessary for the response

  • Your pseudonymous user ID (to map the response back to you)

We do not send to Anthropic: your email, your real name, photos, attachments.


5.2 Social-media import (TikTok / Instagram)

When you share or paste a TikTok or Instagram link into the app, the following process runs:

  1. The app detects the link type locally (no external call)

  2. Our Edge Function retrieves the publicly accessible preview information of the post (title, description, thumbnail — no private data)

  3. The description is sent to Anthropic Claude to extract place suggestions

  4. You receive the extracted suggestions in the app and decide which ones to import

What we cache: Results of the AI analysis are stored in a shared cache (same video URL → same result) to reduce requests. The cache is anonymous — it only contains the URL and the AI result, no user IDs.


5.3 Anthropic retention

Under our data processing agreement with Anthropic, the data transmitted is used exclusively to respond to your request, is not used to train AI models, and is deleted after no more than 30 days.


5.4 AI translations (curated content)

To provide multilingual content (e.g. city guides), we translate internally (in our admin area) using Anthropic Claude. No user data is transmitted in this process — only editorial content we maintain ourselves.

Legal basis: Art. 6(1)(b) GDPR (contract performance — the AI function is part of the subject of our contract with you).


Section 6 — External Maps and Place Services

When you add a stop or display a map, requests are sent to external services.


6.1 Google Places API (via our EU-hosted proxy)

  • We send: the name of the place being searched, an approximate geo search area (around a 200 m radius around the selected stop), your app language

  • We receive: place name, photo references, rating summary, opening hours, address — this data is reused in our database for other users (shared cache, saves API costs and data traffic)

  • Kill switch: If the administrator disables the Places search switch (e.g. on quota exhaustion), no requests are sent to Google


6.2 Mapbox Maps SDK and Map Matching API

  • Map display: When displaying a map, tile requests are sent to Mapbox servers; these contain the approximate map center (geo-coordinate), zoom level and an anonymous Mapbox access token for our app

  • GPS track snapping: If you record a GPS track and want to align it with the road network, you send the track to our Edge Function proxy, which forwards it to the Mapbox Matching API

  • What Mapbox does not receive: your trip names, notes, images, user IDs, email addresses

Legal basis: Art. 6(1)(b) GDPR (contract performance — the maps function is part of the contract).


Section 7 — Telemetry, Crash Reports and Product Analytics

We use the following technical tools. All are configured so that no personal content (trip names, notes, emails) is transmitted to the providers.


7.1 Sentry (crash and error logging)

  • Data region: EU (Sentry DE region)

  • Transmitted: stack traces, iOS version, device model, anonymous breadcrumbs

  • Not transmitted: screenshots, view hierarchies, trip content, emails

  • User linkage: only the anonymous Supabase UUID

  • Performance sampling rate: 10%

  • Retention: up to 90 days (depending on the current Sentry plan)


7.2 PostHog (product analytics)

  • Data region: EU (eu.posthog.com)

  • Transmitted: event names from a fixed list (e.g. "Trip created", "Stop added", "Onboarding completed") together with anonymous properties (e.g. trip type, number of stops)

  • Not transmitted: trip names, stop names, notes, user-entered text, images, locations

  • Profiling: only for signed-in users; no anonymous cross-app tracking

  • No session replays, no heatmaps

  • Retention: 12 months


7.3 Slack (internal notifications to our support team)

  • Slack receives no user content. When you open a support ticket or submit a report, all we see in our internal Slack channel is a technical hint message (e.g. "New support ticket — status: open" + link to the admin panel). The actual content stays in our EU database.

  • Administrator emails are mentioned as the actor in Slack messages, but are not app-user content.


7.4 Apple App Tracking Transparency

We do not track in the Apple sense. In our app's Privacy Manifest, NSPrivacyTracking = false is set; we do not use IDFA, cross-app identifiers or advertising cookies. For this reason, the app does not display an ATT dialog ("Would you like to be tracked?").


7.5 Your right to object to telemetry (Art. 21 GDPR)

Because we use Sentry and PostHog on the basis of our legitimate interest (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time.

How to object:
Send a short email to support@getjourneys.app with the subject "Telemetry objection" and tell us the email address of your account. We will then set your account to "opt-out" in both tools — after that, no further events or crash reports are recorded for your account. You will receive a confirmation within 7 days.

Note: We are working on an in-app toggle that makes this objection directly available in the app settings. Until that ships, the objection runs exclusively via email.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in app stability and improvement).


Section 8 — Push Notifications

Journeys uses the Apple Push Notification Service (APNs) to send you the following types of notifications:

  • Trip reminders (e.g. upcoming stops, trip start)

  • Sync hints (e.g. when a companion has added something to your trip)

  • Important system notifications (e.g. "app update available")


How it works

  1. On first launch, iOS asks for your consent ("Do you want to receive push notifications?")

  2. If you agree, we receive an anonymous device token (APNs push token) from Apple

  3. We store this token in our database, linked to your pseudonymous user ID

  4. When we want to send you a message, we pass the token to Apple along with the push payload


What Apple sees

Apple is the carrier of push messages and sees the delivered content. We only send technical hints via push (e.g. "Your flight to Lisbon departs tomorrow") and no sensitive data.


Disabling push notifications

You can disable push notifications at any time:

  • In the iOS settings → Journeys → Notifications → Allow notifications (off)

  • In the app settings of the Journeys app (if a toggle is available there)

On full revocation, the token is deleted from our database.

Legal basis: Art. 6(1)(a) GDPR (consent via the iOS push dialog).


Section 9 — Community Reviews, Reports and Moderation

If you use the optional community feature, the following additional notes apply:


9.1 Reviews

When you rate a place and publicly share your review, it is visible to other users of the app — including:

  • your display name

  • your star rating

  • the optional review text and tags

  • the rated place (name + approximate geo-coordinates)

Reviews are linked to your user ID. You can edit or delete your own reviews in the app at any time.


9.2 Reports

When you report a review for violating the community guidelines, we store your user ID, the reported review ID, and the report reason (an enum value such as "Spam", "Insult"). We respond to reports within 24 hours at the latest.

The reported user does not learn who reported them (except in rare cases where required by law, e.g. on request from law enforcement authorities).


9.3 Blocks

If an administrator blocks you for repeated violations, the block is documented with a reason. You can appeal the block at support@getjourneys.app.


9.4 Digital Services Act (DSA)

As a small provider (not a "Very Large Online Platform" within the meaning of the DSA), we are subject to the minimum obligations under the DSA. We comply with these through:

  • an internal notice-and-action procedure (reporting and response mechanism, see Section 9.2)

  • the ability to appeal moderation decisions (Section 9.3)

  • transparent community guidelines (see https://getjourneys.app/community-guidelines)

Legal basis for moderation: Art. 6(1)(f) GDPR (legitimate interest in a respectful community) and compliance with legal obligations under the Digital Services Act.


Section 10 — Processors and Third-Party Providers

We use the following processors. We have concluded a data processing agreement under Art. 28 GDPR with each of them.

ProviderHeadquartered inHosting regionPurposeSupabase Inc.USA (Delaware)🇪🇺 EU (Frankfurt)Database, authentication, storage, realtime, Edge FunctionsVercel Inc.USA🇺🇸 USAHosting of internal admin panelFramer B.V.🇪🇺 Netherlands (Amsterdam)🇪🇺 EU / global (via AWS)Hosting of the website https://getjourneys.app (legal pages, marketing)Anthropic PBCUSA🇺🇸 USAAI features (trip suggestions, social-media import, translations)Sentry / Functional Software Inc.USA🇪🇺 EU (DE region)Crash reports, error loggingPostHog Inc.USA🇪🇺 EU (eu.posthog.com)Product analytics (anonymous events)Google LLC (Places API + Cloud)USAglobalPlace information, photo URLsMapbox Inc.USAglobalMap display, route snappingSlack Technologies LLC (Salesforce)USA🇺🇸 USAInternal notifications (no user content)Sendinblue GmbH (Brevo)🇪🇺 France/Berlin🇪🇺 EUEmail delivery (magic-link)Apple Inc.USAglobalApple Sign-In, App Store distribution, Push Notification Service

The data processing agreements (DPAs) are available for inspection on our side — upon legitimate interest, we will send you a confirmation of the conclusion of the agreement on request.


Section 11 — Data Transfers to Third Countries (USA)

Some of the processors listed above are based in the USA or process data there. Data transfers to the USA take place on the basis of the EU-US Data Privacy Framework (DPF) — adequacy decision of the European Commission of 10 July 2023 (C(2023) 4745 final) — provided that the respective providers are DPF-certified.


DPF-certified providers we use (as of 24 May 2026)

  • Vercel Inc.

  • Anthropic PBC

  • Sentry / Functional Software Inc.

  • PostHog Inc.

  • Google LLC (Cloud + Places API)

  • Mapbox Inc.

  • Slack Technologies LLC

  • Apple Inc.

You can verify the certifications in the public DPF register at https://www.dataprivacyframework.gov/list.

For processors whose parent company is based in the USA but whose data is in fact processed in the EU (Supabase: AWS Frankfurt; Sentry: DE region; PostHog: EU Cloud), the EU hosting location additionally serves as a technical safeguard.

In addition, we have concluded Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR with all US providers. These clauses oblige providers to maintain a level of data protection equivalent to that of the GDPR.

If you have any concerns about a specific data transfer, you can contact us at support@getjourneys.app at any time.


Section 12 — Retention Period and Deletion

We retain personal data only for as long as necessary for the respective purposes.

Data typeRetentionAccount master data (profile, email)Until account deletionTrip data (trips, stops, attachments)Until account deletionSoft-deleted trips (trash)30 days, then irreversible deletionSync error logs30 daysRate-limit logsapprox. 10 minutesCrash reports (Sentry)up to 90 daysProduct telemetry (PostHog)12 monthsSupport ticketsup to 90 days after closingMagic-link tokensvalid for 60 minutesConsent logs (which Terms / Privacy version accepted)Until account deletionPush notification token (APNs)Until you disable notifications / account deletionAnthropic requests (AI)max. 30 days (per our DPA with Anthropic)Encrypted backup snapshots30 daysPlace enrichment cache (anonymous)Until next cleanup (no user linkage)


Account deletion

You can delete your account at any time in the app settings under "Profile → Delete account" with double confirmation. Upon account deletion:

  • all trips, stops, attachments, journal entries, bingo boards, and packing lists are irreversibly removed from the database,

  • all files are removed from the storage buckets,

  • the user ID linkage in PostHog and Sentry is reset,

  • the push notification token is deleted,

  • the entry in the authentication table and in the user profile is deleted.

Deletion takes effect immediately in live operations. Backup retention is 30 days (encrypted snapshots at Supabase); deletion is then complete in backups as well.


Section 13 — Your Rights

As a data subject, you have the following rights under the GDPR:

  • Access (Art. 15 GDPR) — we will tell you what personal data we process about you

  • Rectification (Art. 16 GDPR) — you can have incorrect data corrected

  • Erasure (Art. 17 GDPR) — you can request deletion of your data (fully via the in-app "Delete account" feature or by email to support@getjourneys.app)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR) — you can request your data in machine-readable format (JSON export by email to support@getjourneys.app, processing within one month)

  • Objection (Art. 21 GDPR) — for processing based on legitimate interests (in particular telemetry, see Section 7.5)

  • Withdrawal of consent (Art. 7(3) GDPR) — where processing is based on consent (e.g. push notifications)

  • Lodging a complaint with the supervisory authority (Art. 77 GDPR, see Section 14)

To exercise your rights, contact: support@getjourneys.app

We respond within one month (Art. 12(3) GDPR). For particularly complex requests, this period may be extended by another two months; in this case we will inform you.


Section 14 — Right to Complain to the Supervisory Authority

You have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: https://www.lda.bayern.de

You may also contact the data protection authority at your usual place of residence or work.


Section 15 — Website (getjourneys.app)

Our website at https://getjourneys.app is hosted by Framer and serves solely to provide information about the app and to host the legal documents (Privacy Policy, Terms, Imprint, Community Guidelines).

We use no tracking cookies, no analytics tools, and no advertising pixels on the website. Only strictly necessary cookies / local storage mechanisms are used that are required to deliver the page (e.g. Framer session to prevent infinite reloads).

When the website is accessed, anonymous connection logs (IP address, timestamp, user agent) are stored server-side for the customary duration (usually 7 days). This data is not used for profiling.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional, secure website).


Section 16 — Security of Processing

We implement technical and organizational measures to protect your data against unauthorized access. These include:

  • Encryption of data transmission (HTTPS / TLS 1.3) and data storage (Supabase "at rest" encryption with AES-256)

  • Row-Level Security (RLS) on all database tables — you only see your own data (even on direct DB access)

  • Storage bucket isolation — uploaded photos and PDFs are private; even if a URL is known, no access is possible without valid authentication

  • Rate-limiting + quota on all API endpoints to protect against abuse

  • Pseudonymization where possible (user IDs as UUID, no direct email linkage in telemetry)

  • Regular backups with encrypted snapshots (30 days retention)

  • Account deletion with CASCADE — all dependent data is removed in a single transaction

  • No advertising IDs (no IDFA, no cross-app tracking)

  • Audit log for administrative access to user data

  • Smoke tests for database-relevant schema changes to prevent permission bugs


Section 17 — Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in legislation, new app features, or new processors. The date under "Last updated" at the top shows the current version.

Material changes (e.g. new third parties, new data categories, changes to the legal basis) will be announced to you by email or via an in-app notice — usually at least 14 days before they take effect. For purely editorial changes (typos, formatting), no separate notice is given.

We document which version of the Privacy Policy you have accepted in an internal table (user_consents) with timestamp and version number.


Section 18 — Contact

For questions about this Privacy Policy or about the processing of your data, you can reach us at:

Email: support@getjourneys.app

We usually respond within 24 hours, and at the latest within one month under Art. 12(3) GDPR.

This Privacy Policy was published on 24 May 2026.