Skip to main content
◉ Legal

Privacy Policy

Last updated: May 3, 2026

This policy explains what data TravelMaxing ("we", "us") collects when you use travelmaxing.app, why we collect it, who we share it with, and the rights you have over it. Plain language wherever possible.

1. Who is responsible for your data

TravelMaxing is operated by an independent developer. For any privacy-related question or request, contact us at admin@travelmaxing.app.

2. What we collect

  • Account information — email address, display name, password hash (for credentials login) or Google OAuth profile (for social login), nationality (used to look up visa rules).
  • Trip data — trips, destinations, dates, notes, and meetup invitations you create.
  • Payment information — handled by Stripe; we never see or store your full card number. We store the resulting credit balance and a Stripe customer ID.
  • Technical data — IP address, browser type, device type, pages viewed, referring URL, collected for security (rate-limiting, abuse prevention) and product analytics.
  • Cookies and similar technologies — see Section 5.

3. How we use your data

  • To create your account, authenticate you, and provide the trip-planning service.
  • To process payments, deliver credits, and send transactional email (e.g. invoices, password resets).
  • To send optional product updates if you opt in. You can unsubscribe at any time.
  • To detect abuse, prevent fraud, and enforce our Terms of Service.
  • To improve the product through aggregated, non-identifying analytics.

4. Who we share data with

We use a small set of trusted service providers to run the product. We do not sell your personal data.

  • MongoDB Atlas — primary database hosting (data resides in EU/US regions).
  • Vercel — application hosting and analytics (Vercel Analytics, Speed Insights).
  • Stripe — payment processing and billing.
  • Resend — transactional email delivery.
  • Google — OAuth sign-in (only if you choose "Sign in with Google").
  • Mapbox — interactive map tiles and geocoding.
  • Travelpayouts and affiliate networks — when you click a partner link (Booking.com, Aviasales, GetYourGuide, etc.) tracking parameters are passed so commissions can be attributed. See Section 6.

5. Cookies and tracking

We use three categories of cookies and similar technologies:

  • Essential — required for login (NextAuth session cookie), CSRF protection, and your cookie-consent preference. Cannot be disabled if you want to use the service.
  • Analytics — Vercel Analytics and Speed Insights, which use cookieless or privacy-preserving methods to measure aggregate usage.
  • Affiliate / advertising — when you click a partner link, the partner (e.g. Booking.com, Travelpayouts) may set their own cookies to attribute the click to us. These follow the partner's own policy.

6. Affiliate disclosure

TravelMaxing earns commission when you book travel services through partner links on the site (for example flights via Aviasales, hotels via Booking.com, activities via GetYourGuide, and ground transport via Omio, 12Go, or Busbud). The price you pay is the same as if you went directly to the partner — we receive a small share of their fee.

We label affiliate links with the rel="sponsored" HTML attribute and only recommend partners whose service we believe is genuinely useful for trip planning. Commission does not influence visa data, weather data, or cost-of-living data, which come from independent sources and are not monetized.

7. Your rights

If you are in the EU/EEA, UK, or California, you have the right to:

  • Request a copy of your personal data we hold.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing.
  • Export your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, email us at admin@travelmaxing.app. We respond within 30 days.

8. Data retention

We keep account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are legally required to retain certain records (e.g. tax records related to payments, kept for the period required by applicable tax law).

9. International transfers

Some of our service providers (notably Stripe and certain MongoDB Atlas regions) process data outside the EU/EEA. Where this is the case, transfers are protected by standard contractual clauses or equivalent safeguards.

10. Children

TravelMaxing is not directed at children under 16 and we do not knowingly collect data from them. If you believe we have collected data from a child, contact us and we will delete it.

11. Changes to this policy

We may update this policy when our service or applicable laws change. The "Last updated" date at the top will reflect any change. Material changes will be communicated by email or in-app notice.

12. Contact

Questions or concerns: admin@travelmaxing.app.

Terms of Service← Back to home
Privacy Policy | TravelMaxing