Last updated: April 8, 2026 | Effective: April 8, 2026
Overplanned ("we," "us," or "our") operates a travel planning web application that generates personalized itineraries using behavioral signals and artificial intelligence. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").
We are committed to protecting your privacy and being transparent about our data practices. By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
When you create an account, we collect the following personal information through Google OAuth:
We do not collect demographic information such as your age, income, home city, gender, or ethnicity. Our recommendation system is built entirely on behavioral signals, not demographic profiling.
When you use the Service, you may provide:
To personalize your experience, we collect behavioral signals based on how you interact with the Service. These include:
Behavioral signals are used to build a travel preference profile that improves your recommendations over time. These signals are never linked to demographic data.
We automatically collect certain technical information, including:
We use the information we collect to:
Overplanned uses artificial intelligence at multiple layers of the Service:
Our recommendation models are trained on:
Your personal content (trip notes, diary entries, uploaded photos) is never used to train our models. This content is only processed to deliver the Service to you.
We generate anonymized behavioral embeddings — mathematical representations of travel preference patterns — and store them in a vector database (Qdrant). These embeddings:
We send trip descriptions and venue data to Anthropic (Claude API) for itinerary generation. Anthropic processes this data under their Privacy Policy. Per Anthropic's commercial API terms, your data is not used to train their models.
Our AI systems make automated recommendations but do not make decisions that produce legal effects or similarly significant effects on you. All itineraries and recommendations are suggestions that you can modify, reorder, or reject. You always have full control over your travel plans.
We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google OAuth | Authentication | OAuth tokens (we receive name, email, profile picture) |
| Anthropic (Claude) | AI itinerary generation | Trip descriptions, venue names, preference context |
| Google Places | Venue data and details | Search queries, location coordinates |
| Mapbox | Map rendering | Map viewport coordinates, route data |
| Unsplash | Venue and destination images | Image search queries |
| Stripe | Payment processing | Email, payment method (card details go directly to Stripe) |
| Sentry | Error monitoring | Error logs, device info, anonymized user ID |
| Resend | Transactional email | Email address, email content |
| Google Cloud Platform | Hosting and storage | All service data (encrypted at rest and in transit) |
We may also disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Overplanned, our users, or others.
We retain your data for the following periods:
Depending on your location, you may have the following rights regarding your personal information:
To exercise any of these rights, contact us at privacy@overplanned.app. We will respond within 30 days (or sooner if required by applicable law).
Overplanned uses a minimal cookie approach. We do not use advertising cookies, social media tracking pixels, or third-party analytics trackers.
We honor Do Not Track (DNT) browser signals. Since we do not engage in cross-site tracking, our practices are consistent with DNT requests by default.
The Service is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under the applicable age threshold, we will take steps to delete that information promptly.
If you believe a child has provided us with personal information, please contact us at privacy@overplanned.app.
Overplanned is based in the United States. Your data is processed and stored on Google Cloud Platform servers located in the United States.
If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. We rely on the following mechanisms to ensure adequate protection of your data:
By using the Service, you acknowledge that your data will be processed in the United States, which may have different data protection laws than your country of residence.
We implement industry-standard security measures to protect your data:
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
For privacy-related inquiries, data requests, or complaints, contact us:
We aim to respond to all privacy inquiries within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights.
In the preceding 12 months, we have collected:
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Under the CCPA definition of "sale" and "sharing," Overplanned does not engage in either practice.
As a California resident, you have the right to:
To submit a request, email privacy@overplanned.app. We will verify your identity before processing your request and respond within 45 days.
You may designate an authorized agent to submit a request on your behalf. The agent must provide written authorization signed by you. We may require you to verify your identity directly with us.
We do not offer financial incentives in exchange for the retention or sale of personal information.
Overplanned is the data controller responsible for your personal data. For contact details, see Section 12.
We process your personal data on the following legal bases:
In addition to the rights listed in Section 6, EEA and UK residents have:
We conduct Data Protection Impact Assessments (DPIAs) for processing activities that pose a high risk to your rights, including our use of behavioral profiling for travel recommendations.
We retain personal data only for as long as necessary for the purposes set out in this policy (see Section 5). When personal data is no longer required, it is securely deleted or anonymized.
This privacy policy was last updated on April 8, 2026. For questions about this policy or your data, contact us at privacy@overplanned.app.