Privacy Policy – Pocket Traveler

Pocket Traveler is a digital service for AI-powered GPS walking tours. We are the data controller under GDPR. Questions? Email privacy@pockettraveler.app.

Via the waitlist we process: email address (required), city/destination (optional), trip type (optional), marketing consent, UTM parameters, hashed IP (SHA-256 + salt, never readable), and user-agent string.

Consent (Art. 6(1)(a) GDPR) for waitlist sign-up and optional marketing. Legitimate interest (Art. 6(1)(f) GDPR) for fraud prevention via IP hash and user-agent.

Waitlist data is kept until you unsubscribe or the service launches and your account is migrated. Unused records are deleted within 12 months of the waitlist closing.

We never sell or rent your data. We use Supabase (EU data storage, GDPR-compliant) as our sole processor. No other recipients.

No tracking cookies. No third-party analytics scripts (no Google Analytics, no Meta Pixel). Only strictly necessary functional cookies are used.

You have the right of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Send requests to privacy@pockettraveler.app. We respond within 30 days. You may also lodge a complaint with your national supervisory authority.

We apply appropriate measures: TLS encryption, hashed IP addresses, database access controls, and server-side-only API keys.

We will notify you by email of material changes. The date at the top reflects the latest version.

Questions or requests: privacy@pockettraveler.app.