WanderWith Logo
WanderWith
WanderWith Logo
WanderWith

Privacy Policy

Effective Date: March 2, 2026 · Last Updated: March 2, 2026

1. Introduction

WanderWith ("we", "our", or "us") is a travel-planning platform operated from India. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and the choices you have when you use our mobile application ("App") available on Android, and our website at www.wanderwith.online ("Site"). By using WanderWith, you agree to the practices described herein. If you have questions, contact us at wanderwithplan@gmail.com.

2. Data We Collect

A. Information You Provide Directly

  • Account Registration: Name, email address, and profile picture—supplied via Google Sign-In (OAuth 2.0) or email/password signup through Supabase Auth.
  • Trip & Itinerary Data: Destinations, travel dates, itineraries, budgets, notes, checklists, and collaborative invite links you create or join.
  • User-Generated Content: Photos uploaded to trip galleries, messages sent in group chats, published memories, and public trip posts.
  • Expense & Budget Data: Trip expense entries, split details, and budget categories you record within the app.
  • Support & Feedback: Any information you provide when contacting us via email or in-app feedback forms.

B. Information Collected Automatically

  • Device Information: Operating system, device model, app version, screen resolution, and language/locale.
  • Usage & Crash Data: Feature interactions, navigation paths, error/crash logs, and performance metrics to help us improve reliability.
  • Network Information: Connection type (WiFi/mobile) used solely to optimise sync behaviour and offline support.

C. Permissions-Based Data

  • Camera & Photo Library: Accessed only when you choose to upload photos to a trip gallery. We do not access your camera or photos without your explicit action.
  • Location (Optional): If you grant location permission, we use it to show nearby places on the map and to auto-fill location fields. Location is never tracked in the background.
  • Notifications: Push notification tokens are stored to deliver trip reminders, chat messages, and collaboration invites. You can disable notifications in your device settings at any time.
  • Internet Access: Required for syncing trip data, authentication, and real-time collaboration features.

3. How We Use Your Data

  • Provide & Operate the Service: Create accounts, manage trips, enable real-time collaboration, sync data across devices, and deliver push notifications.
  • AI-Powered Itinerary Generation: When you request AI suggestions, your trip preferences (destination, dates, interests) are sent to Gemini AI to generate personalised itineraries. This data is used only for that single request and is not stored by Google or used to train AI models.
  • Improve & Debug: Analyse usage patterns and crash reports to fix bugs, optimise performance, and develop new features.
  • Safety & Security: Detect abuse, prevent fraud, and enforce our Terms & Conditions.
  • Communications: Send transactional emails (password resets, invite confirmations) and, with your consent, occasional product updates. You can opt-out of non-essential emails at any time.

4. Legal Basis for Processing

  • Contractual Necessity: Processing required to provide the service you signed up for (account management, trip planning, collaboration).
  • Legitimate Interests: Improving app performance, preventing misuse, and generating aggregated analytics.
  • Consent: For optional features such as camera/photo access, location permission, and push notifications. You may withdraw consent at any time via device settings.
  • Legal Obligation: Where processing is required to comply with applicable laws or regulations.

5. Third-Party Services & Sub-processors

We rely on trusted third-party providers to deliver core functionality. Each processes data under our instructions and their own privacy policies:

ProviderPurposeData Processed
SupabaseDatabase, Auth, File Storage, Edge FunctionsAccount info, trip data, photos, auth tokens
Google Cloud / MapsMaps, Places API, GeocodingLocation queries, map interactions
Gemini AI (Google)AI itinerary generationTrip preferences (single-session only)
Google Sign-InOAuth authenticationEmail, name, profile picture
VercelWebsite hostingStandard HTTP logs, cookies

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. Information is shared only in these limited scenarios:

  • Trip Collaborators: Users you explicitly invite to a trip can see the trip's itinerary, gallery, chat, and expense data.
  • Public Content: If you choose to "Publish" a trip or memory, it becomes visible to the WanderWith community and may appear in search results.
  • Service Providers: The sub-processors listed above, solely to operate and improve the service.
  • Legal Requirements: If required by law, subpoena, court order, or to protect the rights, property, or safety of WanderWith, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred. We will notify you before your data is subject to a different privacy policy.

7. Cookies & Tracking Technologies

Our website uses only essential/functional cookies to maintain your session and security (managed by Supabase Auth). We do not use third-party advertising cookies or cross-site tracking pixels.

The mobile app does not use cookies. Authentication tokens are stored securely in device-native secure storage.

8. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • All data transmitted between your device and our servers is encrypted via TLS/SSL.
  • Passwords are hashed using industry-standard algorithms (bcrypt via Supabase Auth); we never store plaintext passwords.
  • Database access is governed by Row-Level Security (RLS) policies, ensuring users can only access data they are authorised to view.
  • File uploads (photos) are stored in Supabase Storage with access-controlled bucket policies.
  • Authentication uses PKCE (Proof Key for Code Exchange) flow for enhanced security.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Data Retention & Deletion

We retain your personal data only as long as necessary to provide the service and fulfil the purposes described in this policy:

  • Active Accounts: Data is retained for the lifetime of your account.
  • Account Deletion: You can delete your account from the App settings. Upon deletion, your profile, private trips, uploaded photos, and personal data are permanently removed within 30 days.
  • Group Trips: If you delete your account while part of a group trip, the trip remains for other members. Your messages and contributions are anonymised (displayed as "Deleted User").
  • Backup Retention: Encrypted database backups may retain residual data for up to 90 days before being purged.

10. International Data Transfers

WanderWith is operated from India. Our infrastructure providers (Supabase, Google Cloud, Vercel) may process data in regions outside your country of residence, including the United States and the European Economic Area. These providers maintain appropriate safeguards (such as Standard Contractual Clauses) for cross-border data transfers. By using WanderWith, you consent to the transfer of your data to these jurisdictions.

11. Children's Privacy

WanderWith is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a user is under 13, we will promptly terminate the account and delete all associated data. If you believe a child has provided us with personal information, please contact us at wanderwithplan@gmail.com.

12. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete personal data via your profile settings.
  • Deletion: Request deletion of your account and associated data.
  • Data Portability: Request your data in a structured, commonly used format.
  • Withdraw Consent: Revoke permissions (camera, location, notifications) at any time through your device settings.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, use the in-app account settings or email us at wanderwithplan@gmail.com. We will respond within 30 days.

13. Google API Services Disclosure

WanderWith's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum scopes necessary for authentication (email, profile) and do not use Google user data for serving advertisements or for any purpose other than providing and improving WanderWith.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top and, where appropriate, notify you via the App or email. Your continued use of WanderWith after any changes constitutes acceptance of the revised policy.

15. Contact Us

For any privacy-related inquiries, data requests, or concerns, please contact us:

WanderWith

Email: wanderwithplan@gmail.com

Website: www.wanderwith.online