Legal
Privacy Policy
How we collect, use, and protect your data.
Last updated: 2026-05-13
Registered office: [Company Address]
Governing law / jurisdiction: [Jurisdiction]
Company registration no.: [Company Registration Number]
VAT no.: [VAT Number]
Legal contact: [Legal Contact Email]
Support contact: [Support Email]
Replace the bracketed placeholders above (and any "support@roadtripai.app" / "RoadTripAI" references) with your final legal entity details after lawyer review.
This Privacy Policy describes how RoadTripAI ("we", "us") collects, uses, shares, and protects personal data when you use the Service. We act as data controller for the personal data described below.
1. Data We Collect
- Account data — email, display name, handle, password hash, avatar, country, bio.
- User Content — routes, stops, descriptions, photos, comments, collections, tips, completions, likes, saves, ratings.
- AI Planner inputs — prompts, preferences, generated outputs, usage counts.
- Subscription & billing — plan, status, customer and subscription identifiers, environment. Payment card data is handled by Paddle (our Merchant of Record); we do not store full card details.
- Communications — support tickets, reports, in-app messages.
- Device & usage — IP address, user agent, device identifiers, language, pages viewed, actions taken, timestamps, referrers, error logs.
- Cookies & similar technologies — see our Cookie Policy.
2. How We Use Data
- To provide the Service (authentication, content delivery, AI planning, payments, notifications).
- To personalise routes and recommendations.
- To secure the Service and prevent fraud, abuse, and policy violations.
- To communicate with you (transactional emails, product notifications, and — only with consent — marketing emails).
- To improve and analyse the Service.
- To comply with legal obligations and enforce our Terms.
3. Legal Bases (GDPR / UK GDPR)
- Performance of contract — to provide the Service you have signed up for.
- Legitimate interests — to operate, secure, and improve the Service, and to prevent fraud.
- Consent — for marketing emails, non-essential cookies, and where law requires.
- Legal obligation — for tax, accounting, and law-enforcement requests.
4. Sharing
- Service providers / sub-processors — hosting (Lovable Cloud / Supabase), payments and tax (Paddle), email delivery, analytics, and customer support tooling.
- Other users — your public profile and published User Content are visible to others.
- Authorities — where required by law or to protect rights, property, or safety.
- Successors — in connection with a merger, acquisition, or sale of assets.
We do not sell your personal data.
5. International Transfers
Data may be processed in countries outside your own. Where required, we rely on Standard Contractual Clauses, adequacy decisions, or other appropriate safeguards.
6. Retention
We retain personal data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Backups and audit logs may persist for limited additional periods.
7. Your Rights
Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent. To exercise these rights, use the in-app controls or contact us via Contact & Support. EU/EEA and UK users may also lodge a complaint with their local supervisory authority.
8. Security
We use appropriate technical and organisational measures (encryption in transit, access controls, isolation, logging). No system is perfectly secure; you use the Service at your own risk.
9. Children
The Service is not directed to children under 16. If you believe a child has provided us personal data, contact us and we will delete it.
10. Changes
We will post material changes here and, where appropriate, notify you in-app or by email.