This Privacy Policy describes how TravelQ ("we", "us", or "TravelQ") collects, uses, shares, and protects personal information from users of the TravelQ mobile app and the travelq.com.br website (collectively, the "Service"). By using the Service, you agree to the practices described here.
1. Plain-language summary
The gist: We collect only what's needed to plan your trips — destination, dates, preferences, email, and usage data. We do not sell your data. You can delete your account anytime in the app. We use encryption in transit (TLS 1.3) and at rest (AES-256).
2. Who we are (Controller)
The data controller is:
- TravelQ Tecnologia Ltda.
- Tax ID (CNPJ): [to be filled before production]
- Address: [Brazilian business address]
- Data Protection Officer (DPO): privacy@travelq.app
3. Personal data we collect
3.1 Data you provide
- Account: name, email, password (hashed), profile photo (optional).
- Trips: destinations, dates, budget, style preferences, notes, photos attached to itineraries.
- Expenses: amounts, categories, splits with other users, currency.
- Shared content: messages in trip groups, invites.
3.2 Data collected automatically
- Device identifiers: Apple Advertising Identifier (only with ATT opt-in), IDFV, iOS model and version.
- Usage data: screens viewed, session duration, features used, crash logs.
- Approximate location: only to suggest nearby places, with your explicit permission.
- Precise location: only when actively using live maps, with explicit permission.
3.3 Data we do NOT collect
- We do not collect banking data, credit cards, or sensitive financial information.
- We do not access your contacts, calendar, photos, microphone, or camera without explicit permission.
- We do not track you across other apps or websites without your ATT consent.
4. How we use your data
| Purpose | Data used |
|---|---|
| Create and authenticate your account | Email, password, device identifier |
| Generate AI itineraries | Destinations, dates, preferences, budget |
| Show nearby places on map | Location (with permission) |
| Split expenses with friends | Expenses, group participants |
| Improve the product | Aggregated, anonymized usage data |
| Prevent fraud and abuse | Access logs, IP, device identifier |
| Transactional communication | Email (e.g., password recovery) |
| Marketing communication | Email, with explicit opt-in only |
5. Legal bases (LGPD / GDPR)
- Contract performance (GDPR Art. 6(1)(b)): to provide requested features.
- Consent (GDPR Art. 6(1)(a)): for location, marketing, and cross-app tracking.
- Legitimate interest (GDPR Art. 6(1)(f)): for security and product improvement.
- Legal obligation (GDPR Art. 6(1)(c)): to respond to authorities when required.
6. Data sharing
- With other users you choose: in group trips, members see the same itinerary and expenses.
- With service providers (processors): cloud infrastructure, product analytics, transactional email. All under data processing agreements.
- Legal requirement: in response to court orders or requests from competent authorities.
- Corporate transactions: merger, acquisition, or sale, with prior notice.
We never sell your personal data for marketing purposes.
7. Third-party services we use
| Service | Purpose | Region |
|---|---|---|
| Apple iCloud / CloudKit | Encrypted sync | US/EU |
| Apple Maps | Maps & geocoding | US/EU |
| OpenAI / Anthropic | AI itinerary generation | US |
| Firebase (Google) | Crash logs & analytics | US/EU |
| Sentry | Error monitoring | US/EU |
8. Apple App Store privacy compliance
We comply with App Store Review Guidelines (Section 5.1) and the App Tracking Transparency framework:
- We request explicit permission via native prompts before accessing location, notifications, or tracking activity across apps.
- We declare all data types collected in the App Store Privacy Nutrition Label.
- We offer in-app account deletion (Settings → Account → Delete account), as required by Apple since June 2022.
- You can use the Service without creating an account (guest mode), with limited features.
- You can unlink your Apple ID without creating a new account.
9. Data retention
- Active account: we retain your data while the account is active.
- After deletion: personal data is erased within 30 days. Encrypted backups are purged within 90 days.
- Anonymized data: may be retained indefinitely for aggregated analytics.
- Legal obligations: some data (e.g., access logs) retained up to 6 months per Brazilian Internet Framework Law (12.965/2014).
10. Security
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Sign in with Apple support (no passwords stored when used).
- Least-privilege internal access.
- Regular audits and penetration testing.
- Breach notification within 72 hours for material incidents (ANPD / GDPR).
11. Your rights
Under LGPD, GDPR, and CCPA, you have the right to:
- Access the data we hold about you.
- Correct incomplete, inaccurate, or outdated data.
- Delete unnecessary or unlawfully processed data.
- Portability in structured format (JSON).
- Complete account deletion in-app.
- Information about data sharing.
- Withdraw consent at any time.
- Object to processing based on legitimate interest.
- File a complaint with ANPD (Brazil) or your local data protection authority.
To exercise any right, email privacy@travelq.app. We respond within 15 days.
12. Children
TravelQ is not directed to children under 13. We do not knowingly collect data from children. If we discover such collection without verifiable parental consent, we will delete the data immediately. Parents may contact privacy@travelq.app.
13. International transfers
Some providers are located outside Brazil, including the US and EU. In those cases we ensure:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Adequacy-level assessment per LGPD Art. 33;
- End-to-end encryption during transit.
14. Changes to this policy
We may update this Policy periodically. Material changes will be communicated by email and in-app notification at least 30 days in advance. The last update date is at the top.
15. Contact
Talk to our DPO
Questions about privacy, exercising rights, or incidents?
📧 hello@travelq.app (general contact)