Privacy Policy

Last updated: March 12, 2025

Introduction

VoyaBear ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at voyabear.com (the "Service"). Please read this policy carefully before using the Service.

Information We Collect

1. Account Information

  • Email address (required for account creation)
  • Password (encrypted using industry-standard hashing — never stored in plain text)
  • Display name (from Google OAuth or entered by you)
  • Profile picture (from Google OAuth, if applicable)
  • Authentication metadata (signup method, timestamps, session tokens)

2. Travel Personality & Preferences

  • Responses to the VoyaBear personality quiz
  • Your assigned bear travel personality type (e.g., Balanced Bear, Adventure Bear, Culture Bear)
  • Personality traits, travel pace preferences, and exploration style scores
  • Selected and unlocked bear avatars from your avatar collection

3. Travel Data

  • Destinations saved to your Bucket List (Want to Visit / Visited)
  • Trip itineraries created via AI, including destination, dates, and activities
  • Attraction ratings, notes, and visit status
  • Countries and cities marked as visited on your travel map
  • Shared trips and collaborator data

4. Gamification Data

  • Experience points (XP) earned from app activity
  • User level and progression milestones
  • Achievements and badges unlocked
  • Daily login streaks and quest completion history
  • Bear avatar collection — unlocked and equipped avatars

5. Usage & Analytics

  • Pages viewed and features used within the app
  • Device type, browser, and operating system
  • Session duration and interaction patterns
  • Error logs and performance metrics

How We Use Your Information

We use the information we collect to:

  • Determine your bear travel personality type and provide personalized destination recommendations
  • Generate AI-powered trip itineraries tailored to your travel style and preferences
  • Save and sync your bucket list, itineraries, and visited destinations across devices
  • Power the gamification system — XP, levels, achievements, streaks, and bear avatar unlocks
  • Enable trip sharing and collaboration with other users
  • Improve the Service through aggregate analytics and usage patterns
  • Send transactional emails (account verification, password reset, trip sharing invitations)
  • Provide customer support and respond to your feedback
  • Maintain security, prevent fraud, and enforce our Terms of Service

Third-Party Services

VoyaBear integrates with the following third-party services. Each has its own privacy policy:

  • Supabase — Authentication, database storage, and file storage (avatars, snapshots)
  • Google OAuth — Optional sign-in with your Google account
  • OpenAI — AI-powered itinerary and recommendation generation
  • Google Maps API — Location search, maps, and attraction data
  • Viator API — Activity and tour data for destinations
  • Unsplash API — Destination photography
  • Resend — Transactional email delivery
  • Vercel — Hosting, edge functions, and performance monitoring
  • PostHog — Anonymous usage analytics to improve the app

We do not sell your personal data to any third party. Data shared with the above services is limited to what is necessary to provide the Service.

Data Security

We implement industry-standard security measures to protect your information:

  • Passwords are hashed using bcrypt — never stored in plain text
  • Row Level Security (RLS) on all database tables ensures users can only access their own data
  • All data is transmitted over HTTPS
  • OAuth tokens and session cookies use secure, HTTP-only storage
  • Supabase storage buckets are private by default

Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Update your display name, avatar, and preferences via Profile Settings
  • Deletion — Request deletion of your account and all associated data
  • Data Portability — Export your bucket list, itineraries, and travel history
  • Opt-out of Analytics — Contact us to opt out of usage tracking

To exercise any of these rights, contact us at admin@voyagerai.io.

Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will remove your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymized, aggregate analytics data may be retained indefinitely.

Children's Privacy

VoyaBear is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe your child has created an account, please contact us and we will promptly delete the data.

International Data Transfers

VoyaBear is hosted on Vercel and uses Supabase infrastructure which may store data in servers located outside your country. By using the Service, you consent to this transfer. We take appropriate measures to ensure GDPR compliance for users in the European Economic Area.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through an in-app notification. The "Last updated" date at the top of this page will always reflect the most recent revision.

Contact Us

If you have questions about this Privacy Policy or our data practices, please reach out:

Email: admin@voyagerai.io

Website: voyabear.com