Planera AI

Privacy Policy

Last updated: April 2026

Planera ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Planera mobile application (iOS and Android), the Planera website (planeraai.app), and all related services (collectively, the "Service").

1. Who We Are

Planera is an AI-powered travel planning platform that provides personalized travel itineraries, flight search and booking, destination recommendations, and community travel insights. Planera does not operate as a travel agency — flight bookings are processed through Duffel, a licensed third-party provider.

Contact: privacy@planeraai.app

2. Information We Collect

2.1 Account & Authentication Data

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored as a salted SHA-256 hash — we never store your plain-text password)
  • Date of birth (optional)
  • Phone number and country code (optional)
  • Profile picture (optional, stored securely)
  • Authentication provider (email, Google, or Apple)

If you sign in with Google or Apple, we receive your name, email address, and profile picture from the respective provider. We verify identity tokens server-side and do not store your OAuth passwords or tokens.

2.2 Traveler Profiles

To book flights, you may create traveler profiles containing:

  • Full name (first and last)
  • Date of birth and gender
  • Passport number, issuing country, and expiry date
  • Email and phone number

Passport data is stored securely and used solely for flight booking purposes.

2.3 Trip & Travel Preference Data

  • Trip destinations and origin city
  • Travel dates, arrival time, and departure time
  • Budget (total and per-person)
  • Number of travelers and selected traveler profiles
  • Travel interests (e.g. food, culture, adventure, shopping)
  • Local experience preferences
  • Flight preferences (skip flights, preferred flight time)
  • Home airport, currency, and language preferences
  • Preferred airlines, seat preferences, and meal preferences
  • Hotel star rating and budget range preferences

2.4 Flight Booking Data

When you search for or book flights through the Service, we collect:

  • Passenger details (name, date of birth, gender, title)
  • Passport information (number, issuing country, expiry)
  • Contact details (email, phone)
  • Baggage and seat selections
  • Cabin class preference

Payment information is processed directly by our flight booking partner (Duffel) and is never stored on our servers.

2.5 Wishlist & Watched Destinations

  • Saved destinations with priority tags (dream, planned, someday)
  • Personal notes and target travel dates
  • Deal alert preferences per destination
  • Watched destination cities for fare monitoring

2.6 Community Content

  • Travel insights and tips you share with the community
  • Likes and interactions with other users' insights

2.7 Engagement & Activity Data

We track the following events internally to improve the Service:

  • Trip generation events (destination, success/failure)
  • Booking clicks and referral tracking
  • Achievement unlocks and daily check-in streaks
  • Referral code usage
  • Subscription purchases

We do not use any third-party analytics services (no Google Analytics, Mixpanel, Amplitude, or similar). All analytics are processed internally.

2.8 Device & Notification Data

  • Device push tokens (Expo Push Token) for sending notifications
  • Device platform (iOS/Android) and device name
  • Notification preferences (push, email, deal alerts, trip reminders)

2.9 Location Data

We may collect GPS coordinates only when you explicitly opt in to verify your presence at a trip destination (for achievement features). Location data is verified server-side to confirm proximity and is not continuously tracked, stored long-term, or shared with third parties.

2.10 Automatically Collected Data

We collect session tokens for authentication purposes and basic diagnostic data (crash logs) to ensure app stability. We do not use cookies for tracking. Session tokens are stored locally on your device and expire automatically.

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service, including AI-generated itineraries and recommendations
  • Search for and book flights on your behalf via our booking partner
  • Send transactional emails (booking confirmations, password resets)
  • Send push notifications (trip countdowns, morning briefings, deal alerts) based on your preferences
  • Power the Low Fare Radar and deal alert features
  • Enable trip collaboration and sharing with other users
  • Moderate community-submitted travel insights
  • Track achievements, streaks, and referral rewards
  • Process subscription purchases and manage trip credits
  • Improve app performance and fix bugs
  • Ensure security, prevent fraud, and enforce our terms

We do not sell your personal data.

4. AI & Automated Processing

Planera uses AI systems provided by OpenAI, Inc. (San Francisco, CA, USA) to generate personalized travel itineraries, recommend sights and attractions, moderate community insights, and power the Atlas travel assistant.

4.1 What Data Is Sent to OpenAI

When you use AI-powered features, the following data may be transmitted to OpenAI's API:

  • Trip destinations and origin city
  • Trip dates, arrival time, and departure time
  • Budget amount and number of travelers
  • Travel interests and local experience preferences
  • Language preference (for localized itineraries)
  • Messages you send to the Atlas travel assistant
  • Real-time weather data for your destination (sourced from Open-Meteo)
  • Restaurant search results for your destination (sourced from TripAdvisor)

4.2 What Data Is NOT Sent to OpenAI

We do not send the following personal data to OpenAI or any other third-party AI service:

  • Your name, email address, or account credentials
  • Payment or billing information
  • Passport or identity documents
  • Profile picture or photos
  • GPS location data

4.3 Purpose and Safeguards

Data is sent to OpenAI solely to generate AI-powered travel content. OpenAI processes data in accordance with their API data usage policy and does not use API inputs to train their models. AI outputs are automated and informational only — no automated decisions produce legal or similarly significant effects, and you remain in full control of your travel decisions.

4.4 Your Consent

Before any data is sent to OpenAI, Planera requests your explicit consent (in compliance with Apple guideline 5.1.1/5.1.2). You may grant or withdraw this consent at any time via Settings. If you decline consent, AI-powered features (trip generation, sights recommendations, and Atlas chat) will be unavailable, but all other app features will continue to work normally.

5. Third-Party Services & Data Sharing

We share data with the following third-party services, each for a specific purpose:

5.1 Duffel (Flight Booking)

When you search for or book flights, passenger details (name, date of birth, gender, passport information, email, phone, baggage and seat selections) are transmitted to Duffel, a licensed flight booking platform. Duffel processes payment information directly — we never store your credit card or payment details.

5.2 OpenAI (AI Features)

Trip and preference data (as described in Section 4) is sent to OpenAI to generate itineraries and power AI features. See Section 4 for full details.

5.3 TripAdvisor (Restaurant & Attraction Data)

Destination city names are sent to the TripAdvisor API to retrieve restaurant and attraction recommendations with ratings and reviews. No personal data is transmitted.

5.4 Viator (Tours & Experiences)

Destination city names are sent to the Viator API to retrieve tour and experience recommendations. No personal data is transmitted.

5.5 Unsplash (Images)

Search queries (destination names, activity types) are sent to the Unsplash API to retrieve destination and activity images. No personal data is transmitted.

5.6 Open-Meteo (Weather)

City coordinates are sent to the Open-Meteo API (a free public weather service) to retrieve real-time and forecast weather data for the Atlas assistant. No personal data is transmitted.

5.7 Google & Apple (Authentication)

If you sign in with Google or Apple, identity tokens are verified server-side using the respective provider's public key infrastructure. We receive your user ID, email, name, and profile picture. Tokens are validated and discarded — they are not stored.

5.8 Postmark & Gmail API (Email)

Transactional emails (flight booking confirmations, password reset codes) are sent through Postmark and the Gmail API. Emails contain booking references, flight details, and passenger names as needed. Emails are sent from support@planeraai.app.

5.9 Apple In-App Purchases (Subscriptions)

Subscription purchases are processed through Apple's App Store. Apple receipt data and transaction IDs are verified server-side to validate your subscription status. We do not process payments directly.

5.10 Expo Push Notifications

Push notification tokens and notification content (title and body text) are transmitted to Expo's push notification service to deliver notifications to your device.

5.11 Convex (Backend Infrastructure)

All user data is stored and processed on Convex, a serverless real-time database platform. Data is encrypted at rest and in transit.

All third-party partners are required to handle data securely and lawfully. We do not share data with any parties other than those listed above. We do not sell personal data to any third party.

6. Trip Collaboration & Sharing

Planera allows you to share trip information with others:

  • Trip Collaborators: You may invite others to view or edit your trips. Collaborators can see trip details including destination, dates, itinerary, and activities. Collaborators are invited via unique tokens that expire after use.
  • Trip Share Links: You may generate public share links (read-only) that allow anyone with the link to view your trip details. Share links expire after 30 days. Your personal information (name, email, user ID) is not exposed through share links.
  • Booking Links: Flight booking details may be shared via secure links that expire after 30+ days.

7. Notifications

With your consent, we may send the following notifications:

  • Trip countdowns — reminders 7, 3, and 1 day before your trip
  • Morning briefings — daily itinerary summaries during your trip
  • Post-trip reviews — feedback prompts after your trip
  • Anniversary reminders — one year after a completed trip
  • Deal alerts — fare drops for watched destinations or matching flights

You can manage notification preferences at any time via Settings. Notifications are opt-in and can be disabled individually (push notifications, email notifications, deal alerts, trip reminders).

8. Subscriptions & Payments

Planera offers a free tier and premium subscriptions. Subscription payments are processed through Apple's App Store in-app purchase system. We store transaction IDs and receipt validation results to manage your subscription status. We do not store or have access to your credit card number or Apple ID password.

Trip credit packs may also be purchased as one-time in-app purchases. Credit balances and purchase history are tracked in your account.

9. Referral Program

Each user receives a unique referral code. When someone signs up using your code, both parties receive trip credits. We track referral status (pending, completed, rewarded) and referral statistics associated with your account.

10. Third-Party Links

Planera may contain links to third-party websites or services (e.g. airlines, hotels, tour operators, booking platforms). We are not responsible for the privacy practices or content of third-party services. You should review their privacy policies before providing personal data.

11. Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Specific retention periods:

  • Account data: Retained until you request deletion
  • Session tokens: Expire automatically after the configured period
  • Password reset codes: Expire after 10 minutes
  • Trip share links: Expire after 30 days
  • Booking links: Expire after 30+ days
  • Cached destination data: Refreshed after 30 days
  • Notification logs: Retained to prevent duplicate notifications

You may request deletion of your account and all associated personal data by contacting us at privacy@planeraai.app.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Passwords stored as salted cryptographic hashes (never in plain text)
  • Data encrypted at rest and in transit
  • Server-side token verification for Google and Apple authentication
  • Session tokens with automatic expiration
  • Payment data processed by PCI-compliant third parties (Duffel, Apple)
  • No credit card or payment information stored on our servers

However, no system is completely secure, and we cannot guarantee absolute security.

13. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the right to:

  • Access your personal data
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — restrict or object to processing
  • Data portability — receive your data in a structured format
  • Withdraw consent — revoke consent for AI data processing, notifications, or location access at any time
  • Lodge a complaint — with your local data protection authority

To exercise your rights, contact us at privacy@planeraai.app. We will respond within 30 days.

14. Children's Privacy

Planera is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

15. International Data Transfers

Your data may be processed or stored on servers located outside your country, including the United States (OpenAI, Convex) and the United Kingdom (Duffel). We ensure appropriate safeguards are in place in accordance with applicable data protection laws, including standard contractual clauses where required.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted within the Service with an updated "Last updated" date. Continued use of Planera after updates constitutes acceptance of the revised Privacy Policy. For material changes, we will notify you via the app or email.

17. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, contact us at:

privacy@planeraai.app

Planera — Your journey, planned with intelligence.