GlobeTravi ("we", "us", or "our") is a travel companion app that helps you organise trips, import booking confirmations, and discover things to do at your destination. This policy explains what information we collect, why we collect it, and how you can control it.
We never sell your personal data to third parties.
We don't use your data to build ad profiles.
We collect only what's needed to make the app work.
1 Information we collect
Each data category below is tagged with the legal basis under Article 6 GDPR that allows us to process it:
Your email address and password (stored securely hashed), your display name if you set one, and the timestamp/version of the privacy policy you accepted at signup.
To prove your account was created lawfully, we record the moment you accepted the privacy policy and confirmed you are 16 or older — together with the policy version and the app's user-agent string at that moment. Each subsequent acceptance of an updated policy is logged in a small audit table. We do not store your IP address.
When you forward a confirmation email to import@globetravi.com, we extract structured booking details (dates, destinations, airline/hotel names, booking references) using AI and store them in your account. The raw email content is not stored after parsing.
Trips you create, notes you write, expenses you log, and photos you upload to trip albums. This data is private to your account unless you explicitly share a trip album link.
Travel style, interests, dietary preferences, and budget level that you set in your profile. Used only to personalise suggestions in the Discover tab.
Your device location, only when you open the Discover tab and grant permission. Used to show nearby restaurants. Location is never stored on our servers and is never collected in the background. You can revoke location permission at any time in your device settings.
Photos you upload to trip albums are stored securely in our cloud storage. If you generate a shared album link, photos become accessible to anyone with that link until you revoke it.
If you allow notifications, we store a push token to alert you when a booking is imported or a trip is about to start. Service notifications only — we never use push for marketing.
If you subscribe to GlobeTravi Pro, we store your subscription status and expiry date. Payment details are handled entirely by Apple or Google — we never see your card number or billing information.
If you respond to an in-app feedback prompt, we store your rating and any optional message you provide. This is used to improve the app. You can ignore the prompt at any time.
Basic app diagnostics such as crash reports, and anonymous counts of which features you use (e.g. booking imported, trip created). Stored on our own infrastructure in the EU, never sold or shared with third-party analytics providers. We do not track individual behaviour for advertising and do not build advertising profiles.
2 How we use your information
- To provide and operate the app — storing your trips, bookings, and preferences
- To parse booking confirmation emails using AI
- To generate personalised venue and activity suggestions in the Discover tab
- To send push notifications about new imports (with your permission)
- To authenticate you securely via email and password
- To display a world map of countries you have visited
- To manage your subscription status and unlock Pro features
We do not use your data to train AI models, build advertising profiles, or share it with data brokers.
3 Third-party services
We rely on a small number of service providers (data processors) to operate the app. They only process your data to deliver their service to us, under data processing agreements that restrict their use of your data.
- AI email parsing — when you forward a booking email, its content is sent to Anthropic (United States) for structured extraction. Anthropic does not use your data to train its models. Raw email content is not stored after parsing
- Cloud hosting, authentication, and database — your account, trips, bookings, notes, expenses, moments, and photos are stored on secure infrastructure hosted in the European Union (Ireland), with encryption in transit (TLS) and at rest
- Email routing — booking emails forwarded to import@globetravi.com are received by an email routing provider and forwarded to our backend. Content is not stored by the routing provider
- Venue suggestions — the Discover tab fetches restaurant and activity recommendations from public mapping APIs using your destination city or (with permission) current coordinates. Coordinates are sent per request and not retained by us
- Hotel suggestions — hotel lists are enriched with photos, ratings, and official website links from Google Maps Platform (Places). Only the destination city name and suggested hotel names are sent to Google; no personal data from your profile is shared
- Push notifications — when we notify you about imported bookings, your device push token is sent through a push delivery service
- Subscription management — a subscription management service tracks whether your GlobeTravi Pro subscription is active. Payment details are handled entirely by Apple or Google; we never see your card number
- In-app purchases and sign-in — Apple and Google process in-app purchases and, where enabled, authenticate you via Sign in with Apple or Google
We can provide the current list of named providers on request at privacy@globetravi.com.
4 Data storage & security
Your account, trips, bookings, notes, expenses, moments, photos, and analytics events are stored in the European Union (Ireland). Data is encrypted in transit (TLS) and at rest. Access is enforced by strict row-level security — your data is only accessible by your account.
International transfers. A small number of specific processors are located in the United States — the AI email parser, the push-notification delivery service, and the subscription-management service. Transfers to these processors are protected by the European Commission's Standard Contractual Clauses incorporated into each processor's data processing agreement, and by the EU–US Data Privacy Framework where the processor is certified.
Shared album links grant read/write access to anyone with the link. You can revoke a shared link at any time from the trip settings screen, which immediately invalidates it. Public album pages are served with X-Robots-Tag: noindex, nofollow, noarchive and a matching <meta name="robots"> directive so search engines don't index the page or its photos. This protects against accidental discovery via search; it does not stop direct access by anyone you've shared the link with.
5 Data retention
Your data is retained for as long as your account is active. Specifically:
- Account, profile, trips, bookings, photos, notes, moments, expenses, visited countries — kept while your account is active; deleted immediately on account deletion
- Email content (raw) — never stored; deleted in-memory immediately after AI parsing
- AI prompts and responses — retained by Anthropic according to their commercial policy (currently 30 days)
- Subscription billing records — kept 7 years from the transaction date as required by tax law, even after account deletion
- Consent log — kept while your account is active so we can demonstrate lawful processing under GDPR Art. 7
- Push tokens — kept until you uninstall the app or revoke notification permission
Account deletion is immediate and irreversible. When you delete your account from Settings → Delete account, your authentication record is removed and all associated data is deleted in the same operation via database cascade. There is no grace period and no recovery flow. We recommend exporting your data via Settings → Export my data first if you want to keep a copy.
6 Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and all associated data
- Export your data in a portable format
- Withdraw consent for optional data uses (e.g. location access)
You can delete your account directly in the app from the Settings tab. Deletion requires password confirmation and is immediate and permanent.
For other requests, email us at privacy@globetravi.com. We will respond within 30 days.
7 Data portability
You can export all your personal data at any time from Settings → Export my data. This generates a machine-readable JSON file containing your profile, trips, bookings, expenses, notes, moments, and visited countries. Photos can be saved individually from the app.
8 Data breach notification
In the unlikely event of a personal data breach that poses a high risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR
- Notify affected users without undue delay via email and/or in-app notification
- Provide a clear description of the breach, the data involved, and the measures taken to address it
9 Children's privacy
GlobeTravi is not directed at children under 16. At signup, every user must affirmatively confirm they are 16 or older — we record this confirmation alongside the consent record (see Section 1). We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe your child has created an account, please contact us at privacy@globetravi.com and we will delete the account promptly.
10 Changes to this policy
We may update this policy from time to time. When we do, we increment the version string at the top of this page. Material changes (changes that affect your rights or how we use your data) trigger an in-app re-prompt — you must accept the updated policy to keep using GlobeTravi, and the acceptance is recorded in the consent log alongside the new version number. Non-material changes (typo fixes, clarifications, a new sub-processor in the same role) are published silently with a new version string.
11 Contact
Questions or concerns? Reach us at:
- Email: privacy@globetravi.com
- In-app: Settings → Support
Our lead supervisory authority is the Commission nationale pour la protection des données (CNPD) in Luxembourg. You have the right to lodge a complaint with them at any time.