Back

Privacy Policy

Last updated: April 10, 2026

Overview

The Travel Journalist ("the app") helps you organise travel itineraries by parsing confirmation emails and displaying your trips on maps and calendars. This policy explains what data we collect, how we use it, and what choices you have.

What we collect

  • Account information — email address, username, display name, timezone preference, and optional avatar image.
  • Travel data — trip details, flight confirmations, hotel bookings, car rentals, train tickets, and activity reservations including passenger names, confirmation codes, addresses, and dates.
  • Forwarded emails — when you forward a confirmation email to your personal intake address, we receive the email subject and body. After successful parsing, the raw email body is discarded. Failed parse attempts retain the body for up to 30 days for debugging, then it is purged.
  • Journal entries — text entries, photos, timestamps, and location data (coordinates, city, country) that you create within your trips. Location data is collected only when you explicitly use the "Use my location" or map picker features.
  • Uploaded images — trip cover photos, journal photos, and profile avatars you upload are stored on a cloud storage service.
  • Friendship data — the username and display names of users you connect with as friends.
  • Device tokens — if you use the iOS or Android app and enable push notifications, your device token is stored to deliver notifications.

Third-party services

To provide core functionality, the app sends data to the following third-party services:

Anthropic (Claude AI)

When you forward a confirmation email, the email subject and body are sent to Anthropic's Claude API to extract travel details (flights, hotels, etc.). Trip titles and entry details are also sent to determine destinations for cover image selection. This data may include passenger names, confirmation codes, and addresses.

Anthropic's privacy policy: anthropic.com/privacy

Unsplash

Destination names (e.g. "Paris, France") are sent to the Unsplash API to fetch cover photos for your trips. No personal information is shared — only city and country names.

Unsplash's privacy policy: unsplash.com/privacy

OpenStreetMap / Nominatim

Hotel addresses, activity locations, and other place names are sent to the Nominatim geocoding service (operated by OpenStreetMap) to determine coordinates for map display and travel statistics.

Nominatim usage policy: osmfoundation.org

Stripe

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card details — Stripe handles all payment information directly. Your email address is shared with Stripe to create your customer account.

Stripe's privacy policy: stripe.com/privacy

Mapbox

Location names, addresses, and coordinates may be sent to Mapbox for geocoding and location autocomplete when adding or editing trip segments and journal entries. No personal information beyond the location query is shared.

Mapbox's privacy policy: mapbox.com/legal/privacy

CARTO (Map Tiles)

Map views in the app load map tile images from CARTO's basemap servers. Your browser sends standard HTTP requests to fetch tiles — no personal data is transmitted beyond the map viewport coordinates and your IP address.

CARTO's privacy policy: carto.com/privacy

Apple Push Notification service (APNs)

If you use the iOS app and enable push notifications, notification content (titles, messages) and your device token are sent to Apple's push notification service for delivery. You can disable push notifications at any time in your device settings.

Apple's privacy policy: apple.com/legal/privacy

How we use your data

  • To parse confirmation emails and create trip itineraries.
  • To display trips on maps and calculate travel statistics.
  • To generate cover images for your trips via destination search.
  • To send email notifications about shared trips and friend requests (if enabled).
  • To provide a calendar subscription feed of your trips.

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is only shared with the third-party services listed above for the specific purposes described.

Your data is never used for AI training. When your emails and trip data are sent to Anthropic's Claude API for parsing, they are processed using Anthropic's commercial API which does not use inputs or outputs for model training. No data from this app is used to train, fine-tune, or improve any AI model.

Sharing and visibility

  • Your trips are private by default. No one can see your trips unless you explicitly share them.
  • Trip sharing — you can share trips with specific users or generate a public link. Each share has a "hide sensitive details" option that, when enabled, redacts confirmation codes, passenger names, and private notes from the shared view. Public links hide sensitive details by default; shares with specific users show full details by default. You can change this setting per share at any time.
  • Calendar feed — your iCal subscription URL is a secret token-based link. Anyone with the URL can view your trip schedule. You can regenerate the URL at any time to revoke access.
  • Email intake address — your forwarding address is a unique token. Anyone who knows it can submit emails to your account. You can regenerate it at any time.
  • Friends — accepted friends can see your email, display name, and avatar.

Data storage and security

Your data is stored in databases and served over HTTPS. Uploaded files (photos, avatars) are stored on cloud storage service(s). Authentication tokens are rotated automatically and expired tokens are purged. Passwords are hashed using industry-standard algorithms (PBKDF2 with SHA-256). Personally identifiable information (email addresses, email subjects) is redacted from application logs to prevent accidental exposure.

Data retention

  • Trip data — retained until you delete individual trips or your account.
  • Email parse logs — automatically purged after 30 days. Raw email bodies are cleared immediately on successful parsing.
  • Forwarded emails — moved to trash immediately after processing; trash is purged daily.
  • Expired shares — trip shares with an expiration date are automatically deleted after they expire.
  • Notifications — read notifications are automatically purged after 90 days.
  • Authentication tokens — expired JWT tokens are automatically purged.
  • Password reset tokens — expire after 1 hour and are deleted immediately upon use or expiry.

Your rights

  • Access and portability — you can view all your data through the app and export it at any time via Settings. The export includes your profile, all trips, entries, tags, shares, friends, and notification history in a machine-readable JSON format.
  • Deletion — you can delete your entire account and all associated data from Settings. This action is permanent and cannot be undone. All trips, entries, shares, friends, notifications, and uploaded files are removed.
  • Correction — you can edit your profile information and trip details at any time.
  • Revocation — you can regenerate your email intake address and iCal feed URL to revoke access. You can remove friends and delete trip shares.
  • Notification preferences — you can enable or disable email notifications from Settings.

Contact

If you have questions about this privacy policy or your data, please contact the application administrator.

This site uses cookies for authentication and to remember your preferences. No tracking or advertising cookies are used. Privacy Policy