DiscoverPlacesTrips

Privacy Policy

Last updated: March 26, 2026

1. Introduction

Travyl ("we," "our," or "us") operates the website at gotravyl.com and the Travyl mobile applications for iOS and Android (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Display name
  • Profile photo (optional)
  • Authentication data from third-party providers if you sign in via Google, Apple, Facebook, or Microsoft

2.2 Trip & Travel Data

When you use Travyl to plan trips, we collect:

  • Trip details: destinations, dates, budget, number of travelers
  • Itinerary activities: names, times, locations, estimated costs, and notes
  • Packing lists, budget entries, and saved places
  • Travel preferences: travel style, pace, budget range, and cabin class

2.3 Usage Data

We automatically collect:

  • Interaction data (e.g., which suggestions you view, dismiss, or add to your trip) to improve recommendations
  • Device and browser information for compatibility and debugging
  • Audit logs of itinerary changes for collaborative editing features

2.4 Cookies & Local Storage

We use:

  • Essential cookies: Supabase authentication session tokens (required for sign-in)
  • Local storage: Theme preference (light/dark) and language selection

We do not use advertising or third-party tracking cookies.

3. How We Use Your Information

  • To provide and maintain the Service, including trip planning and itinerary generation
  • To personalize recommendations based on your travel preferences and past interactions
  • To enable real-time collaborative trip editing with other users you invite
  • To send transactional emails (e.g., trip invitations, password resets)
  • To improve the Service through aggregated, anonymized usage analytics
  • To detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate Travyl. These services may process your data as described:

  • Supabase — Database hosting, user authentication, and real-time collaboration. Your account data, trips, and activities are stored in Supabase's PostgreSQL database.
  • Amazon Web Services (AWS) — Cloud infrastructure including AI-powered features (Amazon Bedrock for trip enrichment and recommendations), caching (DynamoDB), email delivery (SES), and content delivery (CloudFront). Trip context data is processed by AWS services to generate personalized suggestions.
  • Foursquare, SerpAPI, TripAdvisor — Location and venue data providers. When you search for destinations or activities, we send location queries (coordinates, place names) to these services to retrieve venue information. We do not send your personal data to these providers.
  • Pexels — Destination photography. We fetch images based on destination names. No personal data is shared.
  • Google, Apple, Facebook, Microsoft — OAuth authentication providers. If you choose to sign in with these services, we receive your name, email, and profile photo as authorized by you during the sign-in flow.

5. Data Sharing & Collaboration

Trip collaborators: When you invite someone to collaborate on a trip, they can view and edit trip details, itinerary, packing lists, and budget. You control who has access and can revoke access at any time.

Public/link-shared trips: If you set a trip's visibility to "link" or "public," anyone with the link can view (but not edit) the trip. You can change visibility or revoke shared links at any time.

We do not sell your personal information to third parties. We do not share your data with advertisers.

6. Data Retention

We retain your account data for as long as your account is active. Trip data is retained until you delete it. Recommendation cache data expires automatically (typically within 6 hours). Interaction data used for personalization expires within 30 days.

You can delete your account and all associated data by contacting us at the email below.

7. Data Security

We implement industry-standard security measures including encrypted connections (TLS), row-level security policies on all database tables, hashed passwords (handled by Supabase Auth), and access-controlled AWS infrastructure. However, no method of transmission over the Internet is 100% secure.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your trip data
  • Withdraw consent for optional data processing

To exercise these rights, contact us at the email below.

9. Children's Privacy

Travyl is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at: privacy@gotravyl.com