Privacy Policy
Last updated: March 11, 2026
1. Data Controller
Plennee ("we", "us", "our") is a travel planning platform that creates optimized itineraries. This privacy policy explains how we collect, use, and protect your personal data when you use our service at plennee.com.
Data Controller: Plennee
Contact email: contact@plennee.com
2. Data We Collect
2.1 Account Data
When you create an account, we collect:
- Email address — used for authentication and account recovery
- Display name — shown in the application interface
- Password — stored as a cryptographic hash (we never store plaintext passwords)
2.2 Travel Data
When you use plennee, we store:
- Trip details — destinations, dates, segments, and preferences
- Itineraries — generated schedules, activities, and customizations
- Travel preferences — wake time, pace, interests, and dining preferences
2.3 Technical Data
We automatically collect:
- Authentication cookies — to keep you signed in securely
- Basic usage data — page visits and feature usage via server logs
3. How We Use Your Data
- Provide the service — generate itineraries, save trips, remember preferences (legal basis: contract performance, GDPR Art. 6(1)(b))
- Authenticate you — verify your identity and secure your account (legal basis: contract performance, GDPR Art. 6(1)(b))
- Improve Plennee — understand usage patterns to build better features (legal basis: legitimate interest, GDPR Art. 6(1)(f))
We do not sell your personal data. We do not use your data for advertising.
4. Data Storage & Security
Your data is stored in a PostgreSQL database hosted on secure infrastructure. Authentication is handled by Supabase Auth with industry-standard JWT tokens. All connections use TLS encryption in transit.
5. Cookies
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
sb-*-auth-token | Authentication session (Supabase) | Session / 1 hour |
plennee-cookie-consent | Records your cookie consent choice | 1 year |
We do not use advertising or tracking cookies.
6. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and data
- Portability — receive your data in a structured format
- Withdraw consent — at any time, by contacting us
- Lodge a complaint — with your local data protection authority
To exercise any of these rights, contact us at contact@plennee.com.
7. Data Retention
We retain your data for as long as your account is active. When you delete your account, all personal data (profile, trips, itineraries, preferences) is permanently removed within 30 days.
8. Third-Party Services
We use the following third-party services to operate Plennee:
- Supabase — authentication and database infrastructure
- Vercel — application hosting and anonymous analytics
- Esri — map tile imagery
- OpenStreetMap / Nominatim — geocoding and address search
These services have their own privacy policies and comply with applicable data protection regulations. No personal data is shared with these services beyond what is technically necessary to provide the functionality described above.
9. Children's Privacy
Plennee is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at contact@plennee.com and we will promptly delete that information.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or through the application. The date at the top of this page indicates the last revision.
11. Contact
If you have questions about this privacy policy or your data, contact us at contact@plennee.com.