Privacy Policy | Anniwhere

1. Introduction

Welcome to Anniwhere ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our travel social network service.

By using Anniwhere, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you:

Register for an account (name, email address, username, password)
Complete your profile (bio, profile picture, home location)
Create trips and add destinations
Upload photos and content
Interact with other users (messages, friend requests, recommendations)
Mark countries and cities you've visited
Configure privacy settings and preferences

2.2 Information Collected Automatically

When you access and use Anniwhere, we automatically collect:

Device information (browser type, operating system, device identifiers)
Usage data (pages visited, features used, time spent on the platform)
IP address and general location data
Cookies and similar tracking technologies
Session information (login times, session duration)

2.3 Information from Third Parties

We may receive information about you from third-party services when you:

Sign in using OAuth providers (Google, Microsoft, Instagram, TikTok)
Allow us to access your social media profiles
Receive invitations from other users

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain our services
Enable you to create and manage trips
Connect you with friends and other travelers
Display your travel history on an interactive globe
Send you notifications about trip updates, invitations, and social interactions
Provide personalized travel recommendations using AI
Improve and optimize our platform through analytics
Create anonymized, aggregated datasets for research and commercial purposes
Prevent fraud, abuse, and security incidents
Comply with legal obligations
Send transactional emails (password resets, account notifications)
Moderate user-generated content for safety and compliance

4. How We Share Your Information

4.1 Sharing Based on Your Privacy Settings

Your content visibility is controlled by your privacy settings:

Public: Visible to all Anniwhere users and may appear in search results
Friends: Visible only to your accepted friends on the platform
Private: Visible only to you and trip members you explicitly invite

4.2 Third-Party Service Providers

We share your information with trusted service providers who assist us in operating our platform:

Supabase: Database hosting and storage services
Mapbox: Geocoding and location services
OpenAI: AI-powered features (recommendations, content moderation)
Resend: Transactional email delivery
PostHog: Analytics and product insights
Vercel: Hosting and infrastructure

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Anonymized Data for Research and Business Purposes

We may aggregate and anonymize your data to create datasets that cannot be used to identify you personally. This anonymized data may be sold or shared with third parties for purposes including:

Travel industry research and market analysis
Tourism trends and destination insights
Academic research on travel behavior and patterns
Business intelligence for travel-related industries

This anonymized data does not contain any personally identifiable information such as your name, email, photos, or specific user-generated content. It consists of aggregated statistics and patterns such as popular travel destinations, seasonal trends, and general demographic information. Once anonymized, this data cannot be traced back to individual users.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You may request deletion of your account at any time, and we will delete your personal information within 30 days, except where we are required to retain it for legal compliance or legitimate business purposes (such as fraud prevention).

Some information may remain in our backups for up to 90 days after deletion but will not be accessible in our production systems.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal information we hold about you
Rectification: Correct inaccurate or incomplete information
Deletion: Request deletion of your personal information
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing of your personal information
Restriction: Request restriction of processing your information
Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at privacy@anniwhere.app or through your account settings.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS/SSL) and at rest
Row-level security policies on database access
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Secure password hashing
Regular backups and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Children's Privacy

Anniwhere is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide, protect, and improve our services. This section explains what cookies are, how we use them, and how you can control them.

What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the platform to function properly. They include:

Session Cookies: Keep you signed in to your account and maintain your authentication state. These are managed by Better Auth and are essential for security.
Security Cookies: Help us detect and prevent security threats, including protecting against cross-site request forgery (CSRF) attacks.

Duration: Session cookies expire when you close your browser. Authentication cookies may persist for up to 30 days if you select "Remember me."

Functional Cookies

These cookies enable enhanced functionality and personalization:

Language Preference: Remembers your language selection (managed by next-intl) so you don't have to select it each time you visit.
User Preferences: Stores your display preferences, notification settings, and other customization options.

Duration: These cookies typically persist for up to 1 year.

Analytics Cookies

These cookies help us understand how visitors use our platform:

PostHog Analytics: Collects anonymous usage data including pages visited, features used, button clicks, and time spent on the platform. This helps us improve the user experience and identify issues.
Performance Monitoring: Tracks page load times and performance metrics to ensure the platform runs smoothly.

Duration: Analytics cookies typically persist for up to 1 year. Data collected is anonymized and aggregated.

Third-Party Cookies

Some cookies are placed by third-party services we use:

Google OAuth: When you sign in with Google, Google may set cookies to authenticate you and provide their services.
PostHog: Our analytics provider may set cookies to track usage patterns across sessions.

These third parties have their own privacy policies, and we have no control over their cookies. We recommend reviewing their privacy policies for more information.

How to Control Cookies

You have several options to manage or disable cookies:

Browser Settings

Most browsers allow you to control cookies through their settings. You can set your browser to:

Block all cookies
Block third-party cookies only
Delete cookies when you close your browser
Accept cookies by default but allow you to manually delete them

Learn how to manage cookies in popular browsers:

Chrome: Settings → Privacy and Security → Cookies and other site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Cookies and website data
Edge: Settings → Cookies and site permissions

Account Settings

You can manage analytics preferences in your account settings once logged in. This allows you to opt out of non-essential analytics while still using the platform.

Important Note:

Disabling strictly necessary cookies will prevent you from using essential features of Anniwhere, including signing in to your account and creating trips. Disabling functional or analytics cookies will not prevent you from using the platform, but may limit certain features and prevent us from improving the service based on usage data.

Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. Currently, there is no industry standard for how to respond to DNT signals. We do not currently respond to DNT signals, but we are committed to respecting your privacy choices. You can control tracking through the cookie management options described above.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Your continued use of Anniwhere after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@anniwhere.app

Data Protection Officer: dpo@anniwhere.app

Region-Specific Provisions

For European Economic Area (EEA) Users

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

For California Residents

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, delete your personal information, and opt-out of the sale of your personal information. While we may sell anonymized, aggregated data that cannot identify you personally, we do not sell your personal information.