Privacy Policy

Last updated: February 28, 2026

1. Introduction

Itinera ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

2. Information We Collect

We collect the following types of information:

  • Account Information: When you create an account, we collect your email address and authentication credentials through Firebase Authentication.
  • Trip Data: Information you provide about your trips, including destinations, dates, preferences, and itinerary details.
  • Chat Data: Messages you send to our AI assistant for trip planning purposes. These messages are processed by third-party AI providers to generate responses (see Section 7).
  • Location Data: Location queries you make within the app are processed through Google Maps Platform to provide map display, place search, and route optimization. Your location queries are processed by Google in accordance with Google's Privacy Policy.
  • Gmail Data (Optional): If you choose to link your Gmail account, we access your emails in read-only mode solely to identify and import travel booking confirmations (flights, hotels, car rentals). We do not read, store, or process any emails unrelated to travel bookings.
  • Purchase Data: If you subscribe to premium features, purchase and subscription data is collected and managed by RevenueCat and the applicable app store (Apple App Store or Google Play Store).
  • Device Information: Device type, operating system, and app version for analytics and troubleshooting. We do not use the Apple Identifier for Advertisers (IDFA) or track you across other apps or websites for advertising purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Generate personalized travel itineraries based on your preferences
  • Import booking confirmations from your email to your itinerary (Gmail integration)
  • Process and manage your subscriptions
  • Send trip reminders and relevant notifications
  • Respond to your inquiries and provide support
  • Analyze usage patterns to improve our AI recommendations

4. Gmail Data Usage and Google API Limited Use Disclosure

Itinera's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you grant Itinera access to your Gmail account:

  • We only request read-only access (gmail.readonly scope).
  • We only scan for emails that match travel booking patterns (e.g., flight confirmations, hotel reservations).
  • We do not read, store, or process personal emails, financial information, or any content unrelated to travel bookings.
  • Extracted booking data (dates, confirmation numbers, hotel/airline names) is stored securely and associated with your trip.
  • You can revoke Gmail access at any time from within the app or from your Google Account settings.

Limited Use Requirements. In addition to the above, our use of Gmail data adheres to the following restrictions:

  • We do not use Gmail data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not transfer Gmail data to third parties unless necessary to provide or improve the Service, comply with applicable law, or as part of a merger, acquisition, or asset sale with prior user consent.
  • We do not use Gmail data for purposes unrelated to the Service's core functionality of importing travel booking confirmations.
  • Humans do not read your Gmail data unless you have given affirmative consent for a specific message, it is necessary for security purposes or abuse investigation, it is required to comply with applicable law, or the data is aggregated and anonymized for internal operations.

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over encrypted connections (HTTPS/TLS).
  • Authentication is managed through Firebase Authentication with secure token handling.
  • Gmail OAuth tokens are stored server-side and never exposed to the client application.
  • We use secure cloud infrastructure (Amazon Web Services) with access controls and monitoring.

6. International Data Transfers

Your personal data may be transferred to and processed in the United States, where our servers are located. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, we rely on Standard Contractual Clauses and other approved transfer mechanisms to ensure your data is protected in accordance with applicable law.

7. Data Sharing and Service Providers

We do not sell, trade, or rent your personal information. We share data with the following categories of service providers solely to operate and improve the Service:

  • AI Service Providers (Anthropic, OpenAI): Your chat messages and trip-related inputs are processed by third-party AI providers to generate travel recommendations and itineraries. We do not share your account information or Gmail data with AI providers.
  • Cloud Infrastructure (Amazon Web Services): Our servers and databases are hosted on AWS.
  • Authentication (Google Firebase): Account authentication and user management.
  • Maps and Location (Google Maps Platform): Location search, map display, and route optimization.
  • Subscription Management (RevenueCat): Processes subscription status and purchase data. RevenueCat may collect device identifiers and purchase history. See RevenueCat's Privacy Policy.
  • Payment Processing (Apple App Store, Google Play Store): In-app purchases and subscription billing are processed by the respective app store.
  • Legal Requirements: We may disclose your data when required by law or to protect our rights.

8. Data Retention

We retain your data for as long as your account is active. Specific retention periods are as follows:

  • Account and trip data: Retained for the duration of your account.
  • Chat history: Retained for the duration of your account.
  • Gmail tokens and imported booking data: Deleted when you unlink your Gmail account.
  • Account deletion: Upon request, all personal data is deleted within 30 days, except where retention is required by law.
  • Server logs: Logs containing incidental personal data are retained for up to 90 days.

9. Your Rights

You have the right to:

  • Access and download your personal data
  • Correct inaccurate information
  • Delete your account and data
  • Revoke Gmail access at any time
  • Opt out of non-essential communications

To exercise any of these rights, contact us at support@itinera-ai.com.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

We do not sell or share your personal information as defined by the CCPA. We do not use your personal information for cross-context behavioral advertising.

To submit a request, contact us at support@itinera-ai.com.

11. Tracking and Analytics

We do not track you across other companies' apps or websites for advertising purposes. We do not use the Apple Identifier for Advertisers (IDFA). Our mobile app does not use cookies. Third-party services integrated into the app (such as Firebase and RevenueCat) may use device identifiers and local storage for functionality and analytics purposes.

12. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

support@itinera-ai.com