Privacy Policy
This policy explains what personal data TravelWavi collects, how we use it, who we share it with, and your rights. It applies to the TravelWavi iOS app and the website at travelwavi.com.
1. Who we are
TravelWavi is operated from Israel. For privacy questions, contact info@travelwavi.com.
2. What we collect
| Category | Examples | Why |
|---|---|---|
| Account | Email, display name, avatar, country, birthday, gender, preferred language | Provide the service |
| Activity | Pins you drop, tips you write, chat messages, places saved, itineraries, expenses, achievements | Provide the service |
| Location | Coarse (country) and precise (with permission) | Show nearby pins; auto-detect country |
| Photos | Images you attach to pins or tips | Display the content you create |
| Third-party identity | Apple / Google / Instagram OAuth identifiers | Sign-in |
| Diagnostics | Crash reports, performance metrics, anonymized usage events | Operate, fix bugs, improve the product |
3. Legal bases (GDPR Art 6)
- Consent — location, photos, analytics. You can withdraw consent at any time.
- Contract — running your account.
- Legitimate interest — fraud prevention, abuse moderation, basic security telemetry.
4. Sub-processors
We share data with the following service providers under written processor agreements:
- Google Firebase — authentication, database, file storage, crash reporting (United States, EU-US Data Privacy Framework)
- Google Gemini — AI summaries and itinerary generation (United States; paid tier configured to not retain Customer Data for training)
- Google Cloud Translation — automatic translation of community content (United States)
- Apple — Sign in with Apple, App Store payments, push notifications
- Meta / Instagram — optional Instagram OAuth login
5. Retention
- Profile data: until you delete your account.
- Chat messages: 24 months, then automatically purged.
- Place pins and tips: until you delete the content or your account.
- Diagnostics: 90 days.
6. Your rights
Depending on your location you may have rights under GDPR (EU/EEA/UK), Israeli Privacy Protection Law (Israel), or CCPA / CPRA (California). Specifically:
- Access — request a copy of your data.
- Rectify — correct inaccurate data via Settings → Profile or by emailing us.
- Erase — delete your account inside the app: Settings → Delete My Account. We process within 30 days.
- Port — request a machine-readable export.
- Object — to processing based on legitimate interest.
- Withdraw consent — for analytics, location, or notifications, in Settings.
- Complaint — to the Israeli Privacy Protection Authority (Israel) or your local EU Data Protection Authority.
To exercise these rights, email info@travelwavi.com.
7. International transfers
Most processing occurs on Google Cloud (United States) under the EU-US Data Privacy Framework and Standard Contractual Clauses. Israeli users benefit from Israel's EU adequacy decision (2011).
8. Children
TravelWavi is intended for users aged 16 and over. We do not knowingly collect data from children under 13 (United States) or under 16 (EEA). If you believe a minor has registered, contact us and we will delete the account.
9. Security
We use TLS 1.3 in transit, encrypted-at-rest cloud storage, and Firebase App Check to deter unauthorized clients. No system is perfectly secure; please use a strong password and enable device biometrics.
10. Changes
We post material changes here and notify users in-app at least 14 days before they take effect.
11. Contact
Email info@travelwavi.com or write to: TravelWavi · Israel.