1. Introduction
Welcome to Xplored ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.
Data Controller: Benji
Contact: support@xplored.app
Data Location: European Union (Netherlands/Germany)
2. Information We Collect
2.1 Personal Information You Provide
We collect personal information that you voluntarily provide when you register, create content, update your profile, or contact us.
Account Information
- Email address (required)
- Username (required)
- Password (stored securely hashed)
- Full name and profile picture (optional)
Trip and Travel Data
- Destinations and country codes
- Travel dates, notes, and tags
- Cover images and GPS coordinates
Social Data
- Comments on trips
- Likes on trips and comments
- Follow relationships
2.2 Information Collected Automatically
We automatically collect device information (type, OS, app version), error/performance data via Sentry (with sensitive data filtered), product analytics via PostHog (EU-hosted, pseudonymised), and temporary IP addresses for rate limiting.
2.3 AI Assistant Data
When you use the optional AI Travel Buddy feature, the text you type, a short context summary (your visited countries, wishlist and nationality), and the conversation history are sent to our AI provider (DeepSeek) to generate a response. Do not include sensitive personal, medical, financial, or legal information in AI chats. You can avoid this processing entirely by not using the AI feature.
2.4 What We Don't Use
- No Google Analytics
- No Facebook or TikTok tracking pixels
- No advertising networks or ad tracking
- We never sell your personal data
- We do not use your content or AI prompts to train AI models
3. How We Use Your Information
Core Services
Account management, travel tracking, displaying trips and statistics
Social Features
Following, liking, commenting, personalized feed, notifications
Communications
Email verification, password resets, security notifications
Security
Fraud prevention, rate limiting, error debugging
4. Service Providers
We share data with trusted service providers:
| Provider | Purpose | Location |
|---|---|---|
| Sentry | Error & crash tracking (sensitive data filtered) | EU (Germany) |
| PostHog | Product analytics & feature flags (pseudonymised) | EU |
| Resend | Transactional email delivery | US (SCCs) |
| Expo (EAS) | Push notifications & app updates | US (SCCs) |
| S3-compatible storage | User-uploaded image hosting | EU |
| DeepSeek | AI Travel Buddy chat responses (only when you use the AI feature) | China (SCCs + opt-in use) |
| Apple / Google | Sign-in with Apple / Google (if you choose to use it) | US (SCCs) |
We never sell your data. We do not sell, rent, or trade your personal information to third parties for marketing purposes.
International transfers: providers outside the EEA process your data under Standard Contractual Clauses (SCCs). The DeepSeek AI provider is based in China and only receives data when you actively use the AI Travel Buddy feature; we rely on your explicit use of that feature as an additional safeguard.
5. Data Retention
Account Deletion
- Request via Settings > Privacy > Delete Account
- 30-day grace period to cancel
- After 30 days: permanent deletion of all data
6. Your Rights
Access & Export
Download all your data in JSON format via Settings > Privacy > Export My Data
Correction
Edit your profile, trips, and preferences directly in the app
Deletion
Delete your account with 30-day grace period
Withdraw Consent
Disable notifications, change visibility to private
7. Data Security
- All data transmitted via HTTPS/TLS encryption
- Passwords hashed with bcrypt (12 rounds)
- Two-factor authentication (TOTP) available
- Rate limiting on sensitive endpoints
- Servers located in the European Union
8. Children's Privacy
Xplored is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal information, please contact us immediately.
9. GDPR Rights (European Users)
If you are in the European Economic Area (EEA), you have additional rights under GDPR including: right to information, access, rectification, erasure, restrict processing, data portability, and the right to object.
Legal Basis for Processing
- Contract: To provide our services to you
- Consent: For optional features like push notifications
- Legitimate Interest: For security and service improvement
10. CCPA Rights (California Users)
California residents have rights under CCPA including: right to know what information is collected, right to delete, right to opt-out (we do not sell data), and right to non-discrimination.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights:
Email: support@xplored.app
We aim to respond to all requests within 30 days.