Planici

Privacy Policy

Last Updated: December 5, 2025

🇪🇺 For European Union Users

This Privacy Policy includes specific information for users in the European Economic Area (EEA), United Kingdom, and Switzerland regarding your rights under the General Data Protection Regulation (GDPR). See Section 13 for EU-specific information.

1. Introduction

Welcome to Planici ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our travel planning platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services located at www.planici.com (the "Service").

By using Planici, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password, and profile preferences
  • Trip Information: Travel destinations, dates, itineraries, and travel preferences
  • Payment Information: Billing details processed securely through Stripe (we do not store complete credit card numbers)
  • Communication Data: Feedback, support requests, and correspondence with our team

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, and user interactions
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Location Data: Approximate location based on IP address and precise location if you grant permission
  • Cookies and Tracking: Session data, preferences, and analytics information

2.3 Third-Party Integration Data

  • Google Calendar: Calendar events, availability, and sync data (with your explicit permission)
  • Gmail Integration: Email content from forwarded booking confirmations to trips@planici.com
  • Google Maps: Location searches, map interactions, and destination coordinates

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, maintain, and improve our Service
  • To create and manage your account and trip itineraries
  • To process your subscription payments and manage billing
  • To send you technical notices, updates, and security alerts
  • To provide customer support and respond to your requests
  • To personalize your experience and provide AI-powered recommendations
  • To analyze usage patterns and improve our features
  • To detect, prevent, and address technical issues or fraudulent activity
  • To comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

  • Payment Processors: Secure payment processing and subscription management
  • Google Services: Maps, location data, and calendar integration (with your permission)
  • Cloud Hosting: Secure application and database hosting
  • Analytics Services: Usage analytics and performance monitoring

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

4.3 Business Transfers

If Planici is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data transmitted using secure HTTPS connections with industry-standard encryption
  • Secure Authentication: Multi-layer authentication system with secure token management
  • Password Protection: Industry-standard password hashing and salting
  • Session Management: Automatic session expiration and security monitoring
  • Database Security: Encrypted data storage with secure access controls
  • Access Controls: Role-based permissions system for administrative functions

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing your data
  • Withdraw Consent: Revoke consent for data processing at any time

To exercise these rights, please contact us at privacy@planici.com

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information, please see our Cookie Policy.

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Service and maintain your account
  • Comply with legal obligations (e.g., tax, accounting requirements)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law.

You can delete your account at any time through your Account Settings (Settings tab → Danger Zone), or by contacting us at privacy@planici.com. Account deletion is permanent and cannot be undone.

9. Children's Privacy

Planici is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Planici

Email: privacy@planici.com

Support: support@planici.com

Website: www.planici.com

🇪🇺 13. EU/GDPR Specific Information

This section provides additional information for users in the European Economic Area (EEA), United Kingdom, and Switzerland as required by the General Data Protection Regulation (GDPR).

13.1 Data Controller

Planici is the data controller responsible for processing your personal data. Our contact information is provided in Section 12 above.

13.2 Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our Service and fulfill our contractual obligations to you (e.g., account management, trip planning features, payment processing)
  • Consent: Where you have given explicit consent for specific processing activities (e.g., Google Calendar integration, email import, marketing communications)
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Service, preventing fraud, and ensuring security (balanced against your rights and interests)
  • Legal Obligation: Processing required to comply with legal obligations (e.g., tax records, accounting requirements, law enforcement requests)

13.3 Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

✅ Right to Access (Article 15)

You can request a copy of all personal data we hold about you. Access your data anytime through your Profile page, or contact us for a complete data export.

✏️ Right to Rectification (Article 16)

You can update or correct inaccurate personal information. Edit your profile, trip data, and preferences directly in your account settings.

🗑️ Right to Erasure (Article 17)

You can request deletion of your personal data ("right to be forgotten"). Use the "Delete Account" feature in Settings, and we will permanently delete your account within 30 days, except where retention is required by law.

🔒 Right to Restriction (Article 18)

You can request that we restrict processing of your personal data in certain circumstances (e.g., while we verify accuracy of data you've contested).

📦 Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format. Export your trips via PDF or iCal format from your dashboard.

⛔ Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. Opt out of marketing emails via unsubscribe links or contact preferences.

🚫 Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time. Disconnect Google Calendar, unlink OAuth accounts, or revoke email import permissions in your account settings.

⚖️ Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements.

⏱️ Response Time: We will respond to all rights requests within 30 days as required by GDPR Article 12. For complex requests, we may extend this by an additional 60 days and will notify you of any extension.

13.4 International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer agreements with our service providers
  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Encryption: All data encrypted in transit (TLS/HTTPS) and at rest
  • Data Processing Agreements: Contractual obligations with all processors to ensure GDPR compliance

13.5 Third-Party Data Processors

We work with the following third-party processors who handle your data on our behalf:

ServicePurposeData LocationGDPR Safeguards
StripePayment processingEU & USSCCs, PCI DSS certified
Google CloudMaps, OAuth, CalendarGlobalSCCs, Privacy Shield successor
VercelApplication hostingGlobal CDNSCCs, SOC 2 Type II
MongoDB AtlasDatabase hostingEU regions availableSCCs, ISO 27001, SOC 2
FacebookOAuth authenticationGlobalSCCs, optional login method

13.6 Data Retention Periods

We retain your personal data for the following periods:

  • Active Accounts: Data retained as long as your account is active
  • Deleted Accounts: Soft deletion (account deactivated immediately), full deletion within 30 days
  • Backup Systems: Removed from backups within 90 days after account deletion
  • Financial Records: Payment and subscription data retained for 7 years to comply with tax and accounting laws
  • Legal Hold: Data may be retained longer if required for legal proceedings or investigations

13.7 Automated Decision-Making

We use limited automated processing for the following purposes:

  • AI Recommendations: Personalized travel suggestions based on your preferences and trip history
  • Fraud Detection: Automated analysis to detect and prevent fraudulent activity
  • Email Parsing: AI-powered extraction of trip details from forwarded booking confirmations

No profiling with legal effects: We do not make automated decisions that produce legal effects or similarly significantly affect you without human intervention. You can request human review of any automated decision by contacting us.

13.8 Data Protection Authority

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with your national data protection authority:

Find your local authority:

European Data Protection Board - Member Authorities →

13.9 How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. Self-Service Options:
    • Access/Edit data: Visit your Profile page
    • Export trips: Use PDF or iCal export from your dashboard
    • Delete account: Settings tab → Danger Zone → Delete Account
    • Manage consents: Profile → Linked Accounts (disconnect OAuth providers)
  2. Email Requests:

    Send requests to privacy@planici.com with:

    • Your name and email address associated with your account
    • Specific right you wish to exercise (access, deletion, etc.)
    • Any additional details to help us process your request
  3. Identity Verification:

    To protect your privacy, we may ask you to verify your identity before processing rights requests. This may include confirming account details or answering security questions.

✅ No Fees: Exercising your GDPR rights is free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests, particularly for repetitive requests.