Last updated: June 17, 2026
Privacy Policy
1. Introduction
This Privacy Policy explains how TravDraft ("TravDraft", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our trip planning service at https://travdraft.com (the "Service").
TravDraft helps users create trip projects, compare trip options, build itineraries, track costs, share trip summaries by email, and generate AI-powered itinerary suggestions. We are committed to handling personal information responsibly and transparently.
This policy is intended for users worldwide, including users in the European Union and Brazil. If you do not agree with this Privacy Policy, please do not use the Service.
2. Information We Collect
We collect information in the following categories, depending on how you use the Service:
- Account information, such as your name and email address when you register or sign in.
- Authentication information, such as account identifiers, session information, and information received from authentication providers like Google OAuth.
- Trip planning data you enter, including project names, trip options, destinations, dates, notes, and related planning details.
- Flight information entered by you, such as routes, prices, carriers, airports, and other travel details you choose to store.
- Lodging information you enter, such as accommodation names, locations, dates, and costs.
- Transportation information you enter, such as road legs, distances, durations, and related route details.
- Cost and budgeting information you enter, including expenses, splits, currencies, and totals.
- Email addresses you provide when sharing trip summaries with others. If you share a report, you are responsible for ensuring you have permission to share those recipients' email addresses.
- Analytics and usage information, such as pages visited, features used, and interactions with the Service when analytics is enabled.
- Error and diagnostic information when the Service fails, such as error messages, stack traces, the page or API route involved, browser or device type, and related technical metadata. We configure error monitoring to avoid sending email addresses, authentication tokens, session cookies, and similar sensitive data where possible.
- Technical information, such as IP address, browser type, device information, operating system, language preferences, referral URLs, and server or application log data.
TravDraft is not designed to collect or process sensitive categories of personal data. Please do not enter health information, government identification numbers, financial account credentials, or other highly sensitive personal information into the Service unless strictly necessary for your travel planning purposes.
3. How We Use Information
We use personal information for the following purposes:
- Creating and managing your account and authenticating access to the Service.
- Providing trip planning features, including projects, trip options, itineraries, and cost tracking.
- Helping you compare trip options within a project.
- Generating AI itinerary suggestions based on trip context you provide.
- Sending trip summary emails to recipients you choose.
- Improving, maintaining, and developing the Service.
- Monitoring, detecting, and fixing errors and reliability issues in the Service (including through our error monitoring provider).
- Protecting the security of the Service, preventing fraud, and troubleshooting issues.
- Complying with applicable legal obligations and responding to lawful requests.
4. AI Features
TravDraft offers optional AI-powered itinerary suggestions. When you use this feature, user-provided trip context (such as destinations, dates, route details, and related planning information) may be sent to OpenAI to generate suggestions.
AI-generated content may be inaccurate, incomplete, or outdated. You should review all suggestions carefully before relying on them for travel decisions.
Do not enter highly sensitive personal information into AI prompts or trip fields if it is not necessary for planning. This includes information such as passport numbers, government identifiers, financial account details, health information, or other data you would not want processed by a third-party AI provider.
6. Third-Party Service Providers
We use trusted third-party providers to help us operate the Service. These providers process personal information on our behalf and only receive data necessary to perform their services. Providers we use include:
- OpenAI — AI itinerary suggestions.
- Google Analytics — website analytics.
- Sentry — error monitoring and diagnostics for the production Service (for example, uncaught application errors and related technical context). Sentry may process data in the United States and other countries where it operates.
- Google — OAuth authentication, when you choose to sign in with Google.
- Hostinger — email delivery infrastructure used to send account and trip-related emails.
- Neon / PostgreSQL — database infrastructure used to store account and trip data.
- Photon and/or Pelias — geocoding and place autocomplete services.
- OSRM — road routing services.
- Stadia Maps — map tile services displayed in the application.
We may also use hosting, infrastructure, and security providers necessary to run the Service. We require service providers to handle personal information in line with applicable law and our instructions, where applicable.
7. International Data Transfers
TravDraft is used by people in different countries. Some of our service providers may process personal information in countries other than the country where you live, including countries that may not provide the same level of data protection as your home country.
Where required by applicable law, we take steps designed to ensure appropriate safeguards are in place for international transfers of personal information, such as contractual protections with service providers.
8. Data Retention
We retain personal information for as long as necessary to provide the Service and for legitimate business purposes.
- Account and trip data is generally retained while your account remains active.
- You may request deletion of your account and associated data, subject to applicable law.
- We may retain certain records for legal, security, fraud-prevention, or backup purposes for a limited period, even after deletion requests, where permitted or required by law.
9. User Rights (GDPR)
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that provides similar rights under the General Data Protection Regulation (GDPR) or equivalent laws, you may have the following rights, subject to applicable conditions and exceptions:
- Right of access — request information about the personal data we process about you.
- Right to rectification — request correction of inaccurate or incomplete personal data.
- Right to deletion — request deletion of personal data in certain circumstances.
- Right to restriction — request that we limit processing in certain circumstances.
- Right to portability — request a copy of certain personal data in a structured, commonly used format.
- Right to object — object to certain processing, including processing based on legitimate interests where applicable.
- Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time.
To exercise these rights, contact us at support@travdraft.com. You may also have the right to lodge a complaint with your local data protection authority.
10. User Rights (LGPD)
If you are located in Brazil, you may have rights under the Lei Geral de Proteção de Dados (LGPD), subject to applicable conditions and exceptions. These may include:
- Confirmation of processing and access to your personal data.
- Correction of incomplete, inaccurate, or outdated data.
- Anonymization, blocking, or deletion of unnecessary or unlawfully processed data.
- Portability of personal data to another service provider, where applicable.
- Information about entities with which we have shared personal data.
- Revocation of consent, where processing is based on consent.
To exercise your rights under the LGPD, contact us at support@travdraft.com.
11. Data Security
We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, error monitoring, and secure infrastructure practices.
No method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of personal information.
12. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe a child has provided personal information to us, please contact us at support@travdraft.com. Where required by law, accounts should not be created by children without appropriate parental authorization.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Service, our practices, or applicable law. When we make changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this page periodically. Your continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated policy, to the extent permitted by law.
14. Contact Information
If you have questions about this Privacy Policy or how we handle personal information, please contact us:
- Product: TravDraft
- Website: https://travdraft.com
- Email: support@travdraft.com