Privacy Policy

We collect information you provide directly, such as your name, email address, profile photo, and travel preferences. We also collect usage data including trip plans, saved destinations, and app interaction patterns to improve your experience.

Your data is used to personalize your travel experience, provide crowd-level insights, generate recommendations, and improve our services. We do not sell your personal information to third parties. Marketing communications are only sent with your explicit opt-in consent and you can withdraw at any time via notification preferences in Settings.

We process your data under the following legal bases as defined by the General Data Protection Regulation: • Account data (name, email, profile): Contract performance — processing is necessary to provide you with our services (Art. 6(1)(b)). • Location data: Consent — we only process your location when you explicitly grant permission (Art. 6(1)(a)). You may withdraw consent at any time via your device settings. • Analytics and usage data: Legitimate interest — we analyze aggregated usage patterns to improve app performance and user experience (Art. 6(1)(f)). • Marketing and push notifications: Consent — we send promotional communications only with your opt-in consent (Art. 6(1)(a)). You may withdraw consent at any time via notification preferences in Settings.

With your permission, we collect location data to provide real-time crowd information and nearby destination suggestions. Approximate location coordinates (rounded to ~1km precision) are stored with crowd reports you submit. Your exact GPS location is never stored. You can disable location sharing at any time in your device settings, which immediately stops all location data processing.

We share data only with trusted service providers who help us operate Wandermi. All partners are bound by strict data protection agreements.

We use the following sub-processors to deliver our services: • Google Firebase (Cloud Firestore, Authentication, Cloud Storage) — United States. Data transfers are governed by EU Standard Contractual Clauses (SCCs). • Google Cloud Platform — United States. Data transfers are governed by EU Standard Contractual Clauses (SCCs). • Expo (EAS) — United States. Used for push notification delivery. • Mapbox — United States. Used for map display and geolocation services. Telemetry data collection is optional and can be disabled in Privacy Settings. Data transfers are governed by EU Standard Contractual Clauses (SCCs). • RevenueCat — United States. Used for subscription management (entitlement validation, receipt verification, billing event webhooks). RevenueCat receives an anonymous user identifier and Apple/Google transaction metadata only — no email or other personal data is shared. Data transfers are governed by EU Standard Contractual Clauses (SCCs). • Sentry — Germany (EU data residency, de.sentry.io). Used for error monitoring and crash reporting. Captures stack traces, app version, OS version, and an anonymized device identifier; no email or other personal data is captured unless explicitly attached. EU hosting ensures GDPR-aligned data residency. • Microsoft 365 (Outlook — hosted by Microsoft Ireland Operations Limited) — European Union. Used to host institutional mailboxes (support@, privacy@, dpo@, legal@) and process inbound communications you send to us. The standard Microsoft Online Services DPA applies.

We retain your data for the following specific periods: • Account data (name, email, profile photo, travel preferences): Retained while your account is active. Deleted immediately upon account deletion. • Messages: Retained while the conversation exists, up to a maximum of 12 months for active conversations. Deleted when all participants leave the conversation or upon individual account deletion. • Trip data (trip plans, saved destinations): Retained while your account is active. When you delete a trip, it enters a 30-day recovery period during which it can be restored. After 30 days, the trip and all associated data (photos, comments, expenses) are permanently deleted. All trip data is also permanently deleted upon account deletion. • Location data: Approximate coordinates (~1km) stored with crowd reports until account deletion. Exact GPS position is never persisted. • Analytics data: Aggregated and anonymized after 26 months.

Wandermi includes an in-app messaging feature that allows you to communicate with other travelers, share trip plans, photos, polls, and locations. • Encryption: All messages are encrypted in transit (TLS 1.2+) and at rest (AES-256). End-to-end encryption is not currently implemented; this allows server-side moderation and content reporting required by EU Digital Services Act (Regulation (EU) 2022/2065). • Content stored: Message text, attached media (photos), polls, locations, reactions, reply context, and edit/pin metadata. Read receipts are stored to power conversation unread counts. • Moderation: We apply automated rate limits (max 40 messages/minute, 300/hour per user) and process user reports as required by DSA Article 16. Reported messages are reviewed and may be removed; abusive accounts may be suspended. • Reporting illegal content: You can report any message via the long-press menu → Report. We respond to reports within the timelines required by the DSA. • Editing and deletion: You may edit your messages within 15 minutes of sending and delete your messages at any time. Deleting your account removes all messages you sent within 30 days. • Push notifications: Message previews may appear in push notifications. You can disable previews via Settings → Notifications. • Minors: Per GDPR Article 8 and the Italian implementation (Codice Privacy art. 2-quinquies), the minimum age to use messaging is 14 years.

Under the General Data Protection Regulation, you have the following rights regarding your personal data: • Right of access (Art. 15): You can request a copy of all personal data we hold about you. Use the Export Data option in Settings to download your data. • Right to rectification (Art. 16): You can correct inaccurate personal data at any time via the Edit Profile section in the app. • Right to erasure (Art. 17): You can request deletion of your personal data. Use the Delete Account option in Settings to permanently remove your account and all associated data. • Right to data portability (Art. 20): You can receive your personal data in a structured, machine-readable format. Use the Export Data option in Settings to download your data in JSON format. • Right to object (Art. 21): You can object to processing based on legitimate interests. Manage your preferences via notification preferences in Settings. • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully. To exercise any of these rights, contact us at privacy@wandermi.com or use the corresponding feature in the app.

Your personal data may be transferred to and processed in the United States, where our service providers are located. These transfers are safeguarded by EU Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an adequate level of protection regardless of where it is processed.

We have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection regulations. If you have any questions or concerns about how we handle your personal data, or if you wish to exercise your rights under the GDPR, you can contact our DPO directly at dpo@wandermi.com.

Wandermi offers an optional Premium subscription that unlocks unlimited AI Travel Agent conversations, unlimited trip creation, and additional features. • Payment processing: All payments are processed exclusively by Apple (App Store) on iOS and Google (Play Store) on Android. We do not collect or store your payment card details, billing address, or any other financial information — these are handled directly by the platform you use. • Subscription state: Through our subscription management sub-processor (RevenueCat), we receive only the anonymous transaction identifier issued by Apple/Google and your subscription status (active, in trial, cancelled, expired). This information is stored against your Wandermi account so that we can grant or revoke Premium features. • Subscription management: You can view, change, or cancel your subscription at any time via your Apple ID Settings → Subscriptions (iOS) or Google Play → Subscriptions (Android). Wandermi cannot cancel your subscription on your behalf. • Restore purchases: If you reinstall the app or change device, you can restore your active subscription via Profile → Subscription → Restore Purchases. • Refunds: Refund requests are handled directly by Apple or Google according to their respective policies. Wandermi does not process refunds.

Wandermi plans to offer optional printed photo albums in a future release. When this feature becomes available: • Sharing: Only the data strictly necessary to fulfil your order will be shared with our printing partner Peecho (based in the Netherlands, EU): your shipping name, shipping address, the photos you explicitly select for the album, and the order details. • No other data shared: We will not share your account email, travel plans, or any other personal information with Peecho. • Explicit opt-in per order: This feature requires explicit consent each time you place an order. No data is shared without an active order. • Current status: As of the current release this feature is not yet active. No data has been or is being shared with Peecho. We will update this Policy and notify users in-app before the feature becomes operational.

We implement industry-standard security measures including encryption in transit (TLS 1.2+) and at rest (AES-256) to protect your personal information from unauthorized access. Subscription receipts are validated server-side via Apple/Google official APIs to prevent fraud. Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.