Privacy Policy

Last updated: 14 June 2026

This Privacy Policy explains how Planidge (“Planidge”, “we”, “us”, or “our”) collects, uses, and protects your personal information when you use the Planidge website and application at planidge.com and related services (the “Service”). Planidge is operated as a sole trader. We are the controller of your personal information.

If you have any questions, contact us at privacy@planidge.com.

1. Information we collect

Information you provide to us

• Account information — your email address and password, or, if you sign in with Google, the basic profile information Google shares with us (such as your name and email). You may also use the Service temporarily without an account via an anonymous session tied to your device.
• Profile and travel preferences — your first and last name and optional preferences such as interests, travel style, pace, who you travel with, and dietary needs. Some dietary information (for example allergies) may reveal health-related details; we process it only to personalise your itineraries and only with your consent.
• Trip content — trips you create or join, including trip names, dates, descriptions, day-by-day events, locations, notes, traveller/roster names, and the names of people you invite or assign to events.
• Uploaded documents — files you upload (such as booking confirmations, PDFs, and images), which may contain personal data including names, booking references, flight numbers, and travel details.
• Payments — if you purchase a paid plan, your payment is handled by our third-party payment processor. We do not store full card details; we receive limited information such as your subscription status, plan, and partial billing identifiers.
• Communications — messages you send us and the content of requests you make through AI features (for example chat messages and prompts).

Information collected automatically

• Usage and device data — basic technical information such as IP address, browser and device type, and interactions with the Service, collected through our hosting and infrastructure providers and used for security, diagnostics, and abuse prevention.
• Local storage and cookies — we store a list of your trips and your authentication session in your browser’s local storage so the Service works across visits and devices. These are essential to providing the Service.

2. How we use your information

• To provide, maintain, and operate the Service, including syncing and sharing your trips in real time.
• To power AI features such as itinerary generation, event suggestions, the chat assistant, and reading booking documents (see Section 4).
• To manage your account, subscription, and billing, and to send transactional emails such as trip invitations and trip summaries.
• To personalise itineraries and recommendations based on your stated preferences.
• To secure the Service, prevent fraud and abuse, and enforce our Terms of Service.
• To comply with legal obligations and respond to lawful requests.

3. Legal bases for processing (UK/EU users)

Where UK or EU data protection law applies, we rely on the following legal bases:

• Performance of a contract — to provide the Service you request.
• Consent — for optional features such as processing dietary/health-related preferences and for any marketing communications. You may withdraw consent at any time.
• Legitimate interests — to secure, improve, and operate the Service, where not overridden by your rights.
• Legal obligation — to comply with applicable laws.

4. AI features and your data

Some features use third-party artificial-intelligence services (currently Anthropic’s Claude models) to generate suggestions, build itineraries, answer questions, and extract details from documents you upload. When you use these features, the relevant content — which may include your trip description, preferences, chat messages, and the contents of uploaded booking documents — is sent to the AI provider to produce a response. We instruct our AI provider to process this data only to provide the feature. AI output can be inaccurate or incomplete; always verify important details such as flights, bookings, and reservations independently.

5. How we share your information

We do not sell your personal information. We share it with service providers (“sub-processors”) who process data on our behalf to operate the Service:

Provider	Purpose
Google Firebase (Google LLC / Google Cloud)	Authentication, database, file storage, hosting, and serverless functions
Anthropic	AI itinerary generation, suggestions, chat, and document parsing
Google Places API	Searching for real places and venues
AeroDataBox (via RapidAPI)	Flight schedule and status lookups
Resend	Sending transactional emails (invitations, trip summaries)
Our payment processor	Processing subscription payments

We may also share information when required by law, to protect our rights or the safety of users, in connection with a business transfer (such as a merger or acquisition), or with your consent. When you share a trip, the trip content you create becomes visible to others you invite or who hold the trip link, according to the sharing settings you choose.

6. International data transfers

Our providers may process your information in countries outside the UK/EEA, including the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum, the EU Standard Contractual Clauses, or an adequacy decision, as applicable.

7. Data retention

We keep your personal information for as long as your account is active or as needed to provide the Service. Trip content remains until you or another authorised user deletes it. Uploaded documents are retained until deleted. When you delete your account or content, we delete or anonymise the associated personal data within a reasonable period, except where we must retain it to comply with legal obligations or resolve disputes.

8. Security

We use technical and organisational measures to protect your information, including authentication, access-control rules that restrict trip and document access to authorised users, server-side validation, and time-limited links for private documents. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your rights

UK/EU (GDPR): you have the right to access, correct, delete, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

California (CCPA/CPRA): you have the right to know what personal information we collect and how we use it, the right to request deletion or correction, and the right to opt out of any “sale” or “sharing” of personal information. We do not sell your personal information. We will not discriminate against you for exercising these rights.

To exercise any of these rights, email privacy@planidge.com. We may need to verify your identity before responding.

10. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

11. Third-party links

The Service may link to third-party websites (for example map or venue links). We are not responsible for the privacy practices of those sites; please review their policies.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date above and, where appropriate, notify you. Continued use of the Service after changes take effect constitutes acceptance.

13. Contact us

Questions or requests: privacy@planidge.com.