Privacy Policy

1Introduction

Smart Trails ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered trekking itinerary service.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

• Account Information: Email address, first name, last name, password (encrypted)
• Profile Data: User preferences, subscription status, account settings
• Payment Information: Billing details processed through Stripe (we do not store credit card information)
• Communication Data: Messages you send to us, feedback, and support requests

2.2 Usage and Content Data

• Itinerary Data: Your trek preferences, generated itineraries, saved content
• Location Preferences: Destinations and regions you specify (not device location tracking)
• Usage Analytics: How you interact with our service, features used, time spent
• Device Information: Browser type, operating system, IP address, device identifiers

2.3 Automatically Collected Information

We automatically collect certain information when you use our Service:

• Log data (access times, pages viewed, IP address)
• Cookies and similar tracking technologies
• Performance and error data for service improvement

3How We Use Your Information

We use the information we collect to:

• Provide the Service: Generate personalized itineraries, manage your account, process payments
• Improve Our Service: Analyze usage patterns, develop new features, enhance AI algorithms
• Communicate: Send service updates, respond to inquiries, provide customer support
• Security: Protect against fraud, unauthorized access, and security threats
• Legal Compliance: Comply with applicable laws and legal obligations

4Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with trusted third-party providers who help us operate our Service:

Service Provider	Purpose	Data Shared
Google Firebase	Authentication & user management	Account data, authentication tokens
OpenAI	AI content generation	User prompts, preferences (anonymized)
MongoDB Atlas	Data storage	All user data (encrypted)
Stripe	Payment processing	Billing information, transaction data
Google Analytics	Usage analytics	Anonymous usage data
Render	Web hosting	All data (encrypted in transit/at rest)

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different Privacy Policy.

5Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Limited access to personal data on a need-to-know basis
• Authentication: OAuth 2.0 and Firebase security standards
• Regular Monitoring: Continuous security monitoring and updates
• Compliance: SOC 2 Type II and GDPR compliant infrastructure

6Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

• Account Data: Retained while your account is active
• Itinerary Data: Retained indefinitely for premium users, limited for free users
• Payment Data: Retained per legal requirements and Stripe policies
• Analytics Data: Aggregated data retained for service improvement

7Your Rights and Choices

7.1 Account Management

You can access, update, or delete your account information through your user dashboard.

7.2 Data Rights (GDPR/CCPA)

Depending on your location, you may have the right to:

1. Access: Request a copy of your personal data
2. Rectification: Correct inaccurate or incomplete data
3. Erasure: Request deletion of your personal data
4. Portability: Receive your data in a machine-readable format
5. Restriction: Limit processing of your personal data
6. Objection: Object to processing based on legitimate interests

7.3 Marketing Communications

You can opt out of marketing emails by following the unsubscribe instructions in any email or contacting us directly.

7.4 Cookies

You can control cookies through your browser settings, though this may affect service functionality.

8International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Service provider privacy certifications and compliance programs

9Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

10Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Providing notice through the Service

Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

11Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

For EU Residents

If you are located in the European Union and have concerns about our data processing that we cannot resolve, you have the right to lodge a complaint with your local data protection authority.