Privacy Policy
Last updated: January 26, 2026
1. Introduction
Welcome to Xplored ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.
Data Controller: Benji
Contact: support@xplored.app
Data Location: European Union (Netherlands/Germany)
2. Information We Collect
2.1 Personal Information You Provide
We collect personal information that you voluntarily provide when you register, create content, update your profile, or contact us.
Account Information
- Email address (required)
- Username (required, 3-20 characters)
- Password (stored securely hashed)
- Full name and profile picture (optional)
Trip and Travel Data
- Destinations and country codes
- Travel dates, notes, and tags
- Cover images and GPS coordinates
Social Data
- Comments on trips
- Likes on trips and comments
- Follow relationships
2.2 Information Collected Automatically
We automatically collect device information (type, OS, app version), error/performance data via Sentry (with sensitive data filtered), and temporary IP addresses for rate limiting.
2.3 What We Don't Use
- No Google Analytics
- No Facebook tracking pixels
- No advertising networks
- No third-party analytics platforms
3. How We Use Your Information
Core Services
Account management, travel tracking, displaying trips and statistics
Social Features
Following, liking, commenting, personalized feed, notifications
Communications
Email verification, password resets, security notifications
Security
Fraud prevention, rate limiting, error debugging
4. Service Providers
We share data with trusted service providers:
| Provider | Purpose | Location |
|---|---|---|
| Sentry | Error tracking (filtered) | EU |
| Resend | Email delivery | US (SCCs) |
| Expo | Push notifications | US (SCCs) |
| S3-compatible | Image hosting | EU |
We never sell your data. We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. Data Retention
Account Deletion
- Request via Settings > Privacy > Delete Account
- 30-day grace period to cancel
- After 30 days: permanent deletion of all data
6. Your Rights
Access & Export
Download all your data in JSON format via Settings > Privacy > Export My Data
Correction
Edit your profile, trips, and preferences directly in the app
Deletion
Delete your account with 30-day grace period
Withdraw Consent
Disable notifications, change visibility to private
7. Data Security
- All data transmitted via HTTPS/TLS encryption
- Passwords hashed with bcrypt (12 rounds)
- Two-factor authentication (TOTP) available
- Rate limiting on sensitive endpoints
- Servers located in the European Union
8. Children's Privacy
Xplored is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal information, please contact us immediately.
9. GDPR Rights (European Users)
If you are in the European Economic Area (EEA), you have additional rights under GDPR including: right to information, access, rectification, erasure, restrict processing, data portability, and the right to object.
Legal Basis for Processing
- Contract: To provide our services to you
- Consent: For optional features like push notifications
- Legitimate Interest: For security and service improvement
10. CCPA Rights (California Users)
California residents have rights under CCPA including: right to know what information is collected, right to delete, right to opt-out (we do not sell data), and right to non-discrimination.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights:
Email: support@xplored.app
We aim to respond to all requests within 30 days.