Legal
Privacy Policy
This Privacy Policy describes how Planoptx ("we", "us", "the app") collects, uses, and shares information when you use our iOS travel planning application and related websites. By using Planoptx, you agree to this policy.
1. Who we are
Planoptx is operated by the developer of the Planoptx application (contact: ayan.rchowdhury@outlook.com). For privacy requests, use the same address or see account deletion.
2. Information we collect
2.1 Account information
When you create an account, we collect:
- Email address (required for sign-up and sign-in)
- Display name (optional, if provided at registration)
- Authentication tokens and session metadata managed by our auth provider
2.2 Trip and usage data
To provide planning and in-trip features, we process:
- Trip names, destinations, start/end dates, budgets, and preferences (travel style, interests, walking tolerance, food preferences)
- Itineraries (day plans, activities, times, estimated costs, locations)
- Expenses (amounts, categories, titles, dates, currencies, exchange rates)
- Bookings (flights, hotels, references, times — as you enter or import)
- Saved receipt and booking proof photos (premium) — kept on your device with the related expense or booking
- Pre-trip checklist items and completion state
- Premium pass type and expiry (entitlement state)
Data is stored locally on your device (SwiftData) and, if you use cloud sync (premium), mirrored to our backend. Saved receipt and booking images stay on your device only and are not included in synced data.
2.3 Location and destination data
- Destination search — When you pick a destination, we use Apple's location search to resolve place names, coordinates, country codes, and time zones. We store destination latitude/longitude on your trip for maps and place discovery.
- Device location (optional) — With your permission, we may read your approximate location to suggest home currency, origin country for international trip detection, and route hints. We do not continuously track your location in the background for advertising.
2.4 Photos, camera, and voice
- Receipt photos — If you use receipt OCR (premium), images are processed on-device using Apple's Vision framework to extract text and amounts. The photo is also saved on your device as proof and can be viewed later in the expense and trip summary. Receipt images are never uploaded to our servers, including when cloud sync is enabled — only the derived expense fields (amount, category, etc.) sync.
- Booking photos — Similarly processed on-device for text extraction and, for premium users, saved on-device as booking proof. Booking images are not uploaded to our servers.
- Voice input — With your permission, audio is transcribed on-device via Apple's Speech framework to log expenses. Voice audio is not stored on our servers.
- Camera — Used only when you choose to capture a receipt or booking; library access when you pick an existing photo.
2.5 Document import
If you import a PDF, RTF, or Word itinerary, text is extracted on-device and may be sent to on-device AI (Apple Foundation Models) or heuristic parsers to structure day plans. Document files are not uploaded to our servers by default.
2.6 Device and technical data
- Device type, iOS version, app version (for support and compatibility)
- Crash or error logs if you opt in to Apple's analytics or contact support
- Biometric lock preference (stored locally; Face ID / Touch ID never leaves your device)
3. How we use information
- Provide trip planning, itineraries, budgets, expenses, checklists, and notifications
- Authenticate you and sync data across devices (premium)
- Resolve real venues via Apple Maps and show weather via Open-Meteo
- Convert expenses to your home currency using exchange rates
- Improve reliability and respond to support requests
- Comply with legal obligations
We do not sell your personal information. We do not use your data for third-party advertising.
4. On-device AI (Apple Intelligence)
On supported iPhones, itinerary generation, expense categorisation, budget allocation narrative, and document parsing may use Apple's Foundation Models framework. Processing occurs on your device. Apple's own privacy terms apply to system AI features. When on-device AI is unavailable, offline heuristics are used instead.
5. Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication and cloud database sync | Account email, user ID, trip/expense/booking records you sync |
| Apple Maps (MapKit) | Destination autocomplete, place search, map links | Search queries and coordinates (subject to Apple's policies) |
| Open-Meteo | Climate / weather forecasts for destinations | Latitude, longitude (no account required) |
| Frankfurter API (ECB rates) | Currency conversion | Currency codes and dates (no personal identifiers) |
| Apple App Store | In-app purchases (when enabled) | Handled entirely by Apple |
Each provider has its own privacy policy. We choose services that minimize personal data collection where possible.
6. Legal bases (EEA/UK users)
Where GDPR applies, we rely on:
- Contract — to provide the app you requested
- Legitimate interests — security, fraud prevention, product improvement
- Consent — location, camera, microphone, speech recognition, notifications (you can withdraw in iOS Settings)
7. Retention
- Account data — kept until you delete your account (see account deletion).
- Local device data — remains until you delete the app or individual trips.
- Backups — server backups may retain deleted data up to 90 days before overwrite.
8. Security
We use HTTPS for network traffic, row-level security on our database, and industry-standard auth practices. No method of transmission is 100% secure; use a strong password and enable biometric lock in the app.
9. Your rights
Depending on your region, you may have the right to:
- Access, correct, or delete your personal data
- Export your data (contact support)
- Object to or restrict certain processing
- Lodge a complaint with your data protection authority
Exercise these rights via ayan.rchowdhury@outlook.com.
10. Children
Planoptx is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children.
11. International transfers
Your data may be processed in countries where our service providers operate (e.g. United States for Supabase hosting regions you select). Appropriate safeguards apply where required by law.
12. Changes
We may update this policy. We will post the new date at the top and, for material changes, notify you in-app or by email where appropriate.