Privacy Policy

1. What data we collect

• Account data: your email address and authentication credentials (password hash — we never see your plain password).
• Trip data: cities, travel dates, preferences, and the itinerary plans we generate for you.
• Usage data: basic request logs (timestamps, errors) used to maintain service reliability. No behavioural tracking or analytics.

2. Why we collect it

We collect only what is necessary to provide the service: authentication requires your email, and generating trip plans requires storing the results so you can access them later. We do not collect data for advertising, profiling, or resale.

3. Where data is stored

All user data is stored in Supabase, hosted on AWS in the EU (Frankfurt, eu-central-1). Data is encrypted at rest and in transit.

4. How long we keep it

Your data is retained for as long as your account is active. If you request account deletion, all personal data is permanently removed within 30 days.

5. Your rights (GDPR)

If you are in the EU/EEA, you have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: ask us to correct inaccurate data.
• Deletion: request erasure of your account and data.
• Portability: receive your data in a machine-readable format.
• Objection: object to processing in certain circumstances.

To exercise any of these rights, email privacy@martch.app. We will respond within 30 days.

6. Third-party services

• Google Maps: we use the Google Maps Routes API to calculate travel times between venues. Your trip origin and destination addresses are sent to Google for this purpose. Google Privacy Policy ↗
• Google Gemini AI: trip plans are generated using Google's Gemini API. City names and travel dates are sent to Google to produce your itinerary. Google AI Terms ↗

We do not use any third-party advertising networks or tracking pixels.

7. Contact

For any privacy-related questions or data requests: privacy@martch.app