Privacy Policy
Last Updated: May 23, 2026
In plain language
We collect what you give us — your account details, trips, preferences, and collaborator info — along with standard device and usage data. We use it to run Journ and make your planning smarter. Your data is shared only with the providers that power the service (Supabase, Google, Vercel, Brevo, PostHog), and we don't sell it or use it for ad targeting. You can update, export, or delete your information at any time.
This Privacy Policy explains how Journ LLC ("we," "us," or "our") collects, uses, and shares information when you use the Journ website, web application, and related services (collectively, the "Service"). By using the Service, you agree to the practices described here.
This policy works alongside our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.
1. Information we collect
A. Account information
When you create an account, we collect your email address and a hashed password. If you sign in with Google, we receive your name, email address, and profile picture from Google in accordance with the permissions you grant.
B. Profile and travel preferences
You may provide additional information through your profile and settings, including your first and last name, username, avatar image, travel preferences, things you find joyful or stressful while traveling, loyalty program details, and other personalization settings.
C. Content you create
We store the content you create or upload in the Service, including trips and itineraries, bucket-list destinations, experiences, reviews, messages exchanged with trip collaborators, chats with our AI assistant, expense entries, visit notes, and any images you upload.
D. Information about others
When you invite someone to a trip, we collect and store the email address you provide so we can send the invitation. You should only invite people who you reasonably expect want to hear from you.
E. Automatically collected information
When you use the Service, we automatically collect information about your device and activity, including IP address, browser type, operating system, pages viewed, features used, referring URLs, and timestamps. We use cookies and similar technologies to keep you signed in and to measure how the Service is used. See Section 13 for details.
2. How we use your information
The table below summarizes how we use your information, who we share it with, and how you can control it.
| Data category | Examples | Purpose | Shared with | Your control |
|---|---|---|---|---|
| Account data | Email, hashed password, Google profile | Sign-in, security, support | Supabase, Google OAuth | Update or delete account |
| Travel profile | Name, username, preferences, travel tags | Personalization and recommendations | Supabase; Gemini when AI features are used | Edit in profile settings |
| Trip content | Destinations, dates, itinerary items, notes, expenses, images | Planning, collaboration, AI suggestions | Collaborators; Supabase; Gemini for AI | Edit or delete trip; manage sharing |
| AI chat | Prompts, recent history, trip context | Generate responses | Gemini; stored by Journ | Delete account to remove |
| Invitee data | Email addresses you provide when inviting others | Send trip invitations | Supabase, Brevo | Contact us to remove |
| Analytics | Events, device metadata, usage patterns | Improve product, diagnose issues | PostHog, Vercel | Browser settings; Do Not Track |
| Email address, name, opt-in status | Account notices, marketing (if opted in) | Brevo | Unsubscribe link; account settings |
3. AI processing
Journ uses third-party AI models (currently Google's Gemini) to power trip suggestions, itinerary drafting, and the in-app AI chat.
A. What goes to the AI
When you use AI features, Journ sends relevant trip context to the AI provider—including destinations, dates, itinerary items, member preferences, and the messages you send to the assistant. We limit context to what is needed to generate a useful response.
B. Training
We do not authorize Google to use your content to train its general-purpose models.
C. Chat privacy
Your AI chat history is associated with your account and is not shared with trip collaborators. Itinerary changes you accept and apply may become visible to collaborators as part of the shared trip.
D. Your control
AI suggestions are drafts. You decide whether to apply, edit, or discard them. You can delete your account to remove stored AI chat history.
E. Limitations
AI can be wrong, outdated, or incomplete. Always verify details—prices, hours, visa requirements, safety conditions—before relying on them for travel. See Section 5 of our Terms of Service for the related disclaimer.
5. Sub-processors
The following providers process personal information on our behalf under written data processing agreements:
| Provider | Role | Data processed | Privacy policy |
|---|---|---|---|
| Supabase | Authentication, database, and file storage | Account credentials, profile data, and all user-generated content | Supabase privacy policy |
| Vercel | Hosting, serverless compute, and performance analytics | Request metadata, IP addresses, and device information | Vercel privacy policy |
| Google (OAuth) | Optional sign-in | Name, email address, and profile picture (if you sign in with Google) | Google privacy policy |
| Google (Gemini) | AI trip planning and chat | Trip content, preferences, and chat messages submitted to AI features. See Section 3. | Google privacy policy |
| Google (Maps and Places) | Map rendering, location search, and place photos | Location queries and approximate location data; does not receive your account identifiers | Google privacy policy |
| Brevo | Transactional and marketing email | Email address, name, and opt-in status | Brevo privacy policy |
| PostHog | Product analytics | User identifier, email address, event metadata, and basic device information | PostHog privacy policy |
We may add or replace sub-processors as the Service evolves. Material changes will be reflected in this section and disclosed under Section 14.
6. Data retention and deletion
We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required to comply with legal obligations, resolve disputes, prevent fraud, or enforce our agreements. Information may persist in encrypted backups for up to 30 days after deletion before being overwritten in the ordinary course.
What deletion covers
When you delete your account, we remove your profile, private trip content, preferences, AI chat history, bucket list items, and uploaded images where technically feasible. We may retain legal records, security logs, abuse-prevention records, and de-identified analytics.
Shared trips
Contributions you made to shared trips may be anonymized rather than deleted, so the trip remains functional for your collaborators.
Public links
Revoking a public link removes access going forward, but cached copies held by search engines or external services may persist outside Journ's control.
7. Your choices and controls
A. Access and update
You can view and update your profile, travel preferences, and account settings at any time from within the Service.
B. Delete your account
Where account deletion is available in the Service, you can initiate it from your account settings. If a self-serve option is not available for your account, email support@journ.travel from the address associated with your account and we will process the request within 30 days.
C. Marketing communications
You can opt out of marketing email at any time by clicking the unsubscribe link in any marketing message, or by updating your preferences in your account settings. Transactional messages (e.g., security alerts, trip invitations) are required for the Service and cannot be opted out of while your account is active.
D. Analytics
We honor the standard "Do Not Track" signal where supported by your browser. You can also block analytics cookies through your browser settings.
8. Rights of users in the EEA, UK, and Switzerland (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data, subject to applicable law:
- The right to access the personal data we hold about you.
- The right to request correction of inaccurate or incomplete data.
- The right to request deletion of your personal data (the "right to be forgotten").
- The right to request restriction of processing.
- The right to data portability, where processing is based on consent or contract.
- The right to object to processing based on our legitimate interests.
- The right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
- The right to lodge a complaint with your local data protection supervisory authority.
We process your personal data on the following legal bases: performance of a contract (to operate the Service and your account), our legitimate interests (to secure the Service, prevent fraud, and improve features), your consent (for optional marketing communications), and compliance with legal obligations. To exercise any of these rights, contact us at support@journ.travel.
9. Rights of California residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- The right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
- The right to delete personal information we have collected.
- The right to correct inaccurate personal information.
- The right to opt out of the sale or sharing of personal information. We do not sell personal information and do not share it for cross-context behavioral advertising.
- The right to limit the use and disclosure of sensitive personal information.
- The right to non-discrimination for exercising any of these rights.
To exercise any of these rights, contact us at support@journ.travel. We may need to verify your identity before responding to your request. You may also designate an authorized agent to make a request on your behalf.
10. International data transfers
Journ is based in the United States and our sub-processors operate globally. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries that may have data protection laws different from those in your jurisdiction. Where required, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission to protect transfers of personal data outside the EEA or the United Kingdom.
11. Children's privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under 18, you may only use the Service with the consent and supervision of a parent or legal guardian. If you believe a child under 13 has provided us with personal information, please contact us at support@journ.travel and we will take steps to delete it.
12. Security
We use reasonable administrative, technical, and physical safeguards designed to protect your information, including encryption of data in transit, password hashing performed by our authentication provider, and access controls limiting who can view your data. No system is perfectly secure, and we cannot guarantee the absolute security of your information. If you believe your account has been compromised, contact us immediately at support@journ.travel.
14. Changes to this policy
We may update this Privacy Policy from time to time. If a revision is material, we will provide at least 30 days' notice prior to the new policy taking effect, either by email or through an in-app notice. The "Last Updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after a revised policy becomes effective constitutes your acceptance of the changes.
15. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us at:
- Email: support@journ.travel
- Address: 5900 Balcones Dr, Ste 100, Austin, TX 78731