Untravel ← Back to site

Untravel · Legal

Privacy Policy

LAST UPDATED: 28 JUNE 2026

1. Overview

Untravel helps you save travel inspiration from anywhere, organise it, plan trips and use them on the go. This policy explains what personal information we collect, why, who we share it with, how long we keep it, and the rights and choices you have. We have written it in plain language on purpose.

The “data controller” (the entity responsible for your information) is Jadyn Sabljak, trading as Untravel (sole trader, ABN 24 773 317 355), Coogee NSW 2034, Australia (“Untravel”, “we”, “us”). You can contact us about privacy at untravelofficialapp@gmail.com. Contact details for our EU and UK representatives (if appointed) are in Section 16.

This policy applies to the Untravel app, our website, and our interactions with you (for example, support). It does not apply to third-party platforms you save content from or to providers whose sites you visit through links in the app — they have their own privacy policies. The Service is not intended for anyone under 16.

2. Information we collect

Information you give us

Account and profile: email address, display name, password (handled by our authentication provider — we never see it in plain text), profile photo, and any travel preferences you set. If you sign in with Google or Apple instead, we receive basic profile information such as your email address and name from that provider, and there is no password for us to hold.

Your content: trips and itineraries, items you save to your bucket (including the links you save and notes you add), ratings, photos you upload, messages in trip chats and with the AI assistant.

Communications: messages you send to support and any feedback you give us.

Information collected automatically

Device and app data: device type, operating system, app version, language, app-level identifiers, and crash and diagnostic logs (collected through our error-reporting provider, Sentry, to help us diagnose and fix problems). Crash reports are configured not to include personal identifiers.

Usage events: how you use the app — for example, when you save an item (and which platform it came from), create a trip, import a starter pack, send a chat message, view a day of your trip, or use Explore Nearby. These events are stored in our own database; we use them to understand and improve the product.

Location information

Some features — such as on-trip mode and Explore Nearby — use your device location, only with your permission and only while you are using those features. Depending on your device settings, this may be approximate or precise. We do not collect your location in the background. If we ever introduce a feature that uses location when the app is not open (for example, suggesting you start a trip when it looks like you are travelling), we will ask for a specific, separate consent for that feature first, and for that purpose we would store only your most recent location — never your full movement history. You can withdraw any location permission at any time in your device settings; the related features will simply stop working.

Information from other sources

Saved links: when you save a link (for example from TikTok, Google Maps, YouTube or a blog), we fetch publicly available information from it — such as a title, image, description or place details — to build the card in your bucket.

Maps and places: place names, coordinates and related details from Google Maps.

Information we infer

We may derive travel preferences from your activity (for example, the kinds of places you save) to personalise your experience, such as suggesting starter packs you might like. You can object to this — see Section 9.

Sensitive information: we do not ask for, and please do not submit, sensitive information (such as health, religious or biometric information) in your content or chats. Where your saves or plans could incidentally reveal such things (for example, saving a place of worship), we use that data only to provide the Service you asked for.

3. How we use your information

We use your information to:

Legal bases (EU/EEA, UK and similar regimes). Where these laws apply, our legal bases are:

4. How long we keep it (retention)

Our principle: we keep your personal data only while your account is active and we need it to provide the Service. When you delete your account, the deletion happens immediately and permanently — your trips, saved items, ratings, photos and profile are erased straight away, and there is no recovery window. A few narrow, standard exceptions apply: (a) residual copies may persist for a limited period in our routine backups until those backups are overwritten in the ordinary course; (b) we de-identify (rather than delete) analytics events, so we keep aggregate product statistics that can no longer be linked to you; (c) where you contributed to a shared trip, those contributions may remain visible to the trip’s other members, with your attribution removed or anonymised; and (d) we retain the minimum information we need to meet legal obligations, resolve disputes or enforce our Terms. We do not keep your data “just in case.”

5. AI features and your information

When you use AI features (such as the trip assistant), your prompts and the relevant context (for example, parts of your trip or bucket) are processed by our AI service provider — currently Google, using its Gemini models — acting on our instructions, to generate the response. We use AI providers under terms that do not permit your content to be used to train their general-purpose models; if we change or add providers, we will hold them to the same standard and update this policy. AI outputs may be stored with your trip like any other content. Please do not include sensitive personal information in your chats.

6. Who we share information with

Service providers (processors): companies that help us run Untravel, under contracts limiting their use of your data to providing services to us — hosting, database, authentication, file storage and account-related email such as sign-in and verification messages (Supabase, hosted in Sydney, Australia — AWS region ap-southeast-2); maps and places (Google); AI services (currently Google — Gemini models); and error and crash diagnostics (Sentry). We do not currently use a separate third-party push-notification or customer-support provider; if we add one, we will update this list and our sub-processor records. A current sub-processor list is available on request.

People you share with: members of your shared trips see the trip content and your profile name, photo and trip activity. If you publish a starter pack, it becomes public: your profile name and the pack content are visible to other users, and the pack may be featured, with attribution, in Untravel’s editorial content, marketing and social channels (see the Terms of Service for the licence and how unpublishing works). Private content is never used in marketing.

Legal and safety: where required by law or legal process, or where reasonably necessary to protect the rights, safety or property of users, the public or Untravel.

Business transfers: if we are involved in a merger, acquisition, financing or sale of assets, your information may be transferred as part of that transaction; we will notify you and this policy (or one at least as protective) will continue to apply.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising (as those terms are defined in US state privacy laws). There is no third-party advertising in Untravel.

7. International transfers

We are an Australian business and your data is primarily stored with our hosting provider in Sydney, Australia (AWS region ap-southeast-2). Some of our service providers — such as our AI, maps and error-diagnostics providers — may process data in other locations, including the United States. If you use Untravel from the EU/EEA, the UK or another region with data-transfer rules, your information is transferred to Australia and may be transferred onward to those other countries; we protect these transfers using safeguards recognised by applicable law — adequacy decisions where available and, for transfers from the EU/EEA and UK, the European Commission’s Standard Contractual Clauses (with the UK Addendum or IDTA where relevant), plus additional measures where needed. You can ask us for more information about these safeguards via Section 16. Under Australian law, we remain accountable for overseas recipients’ handling of your information in accordance with the Australian Privacy Principles.

8. Security

We take security seriously and apply safeguards appropriate to the risk, including encryption in transit, row-level access controls on our database so users can only reach their own data, least-privilege service credentials, and security review of changes that touch personal data. No system is completely secure, so we cannot guarantee absolute security — but if a data breach occurs that is likely to result in serious harm or risk to you, we will notify you and the relevant regulator as required by applicable law (including Australia’s Notifiable Data Breaches scheme and the GDPR).

9. Your rights and choices

Wherever you live, we extend you these baseline rights over your personal information:

Access and portability: ask for a copy of your information. Our data export provides the content you created — your trips, bucket and profile — in a structured, commonly used, machine-readable format (JSON). Until the in-app export ships, you can request it via untravelofficialapp@gmail.com.

Correction: fix inaccurate information (most profile and content data you can edit directly in the app).

Deletion: delete your account in-app (Profile → Data & Privacy → Delete account) or by contacting us. Account deletion is immediate and permanent — there is no recovery window — so export anything you want to keep first; the purge process and its narrow exceptions are described in Section 4.

Objection and restriction: object to processing based on legitimate interests (including personalisation derived from your activity) or ask us to restrict it.

Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

No discrimination: we will not penalise you for exercising your rights.

How to exercise these rights: use the in-app controls where available, or email untravelofficialapp@gmail.com. We may need to verify your identity (usually via your account email). We respond within the timeframe required by your local law — within one month under the GDPR (extendable for complex requests) and within 45 days under US state laws (extendable once). If we refuse a request, we will explain why and how to challenge the decision, and you may appeal by replying to our decision; we will have your appeal reviewed and respond within the legally required period. Authorised agents may submit requests where local law allows, subject to verification.

EU/EEA and United Kingdom

You have the rights of access, rectification, erasure, restriction, portability and objection under Articles 15–21 GDPR/UK GDPR, the right to withdraw consent, and the right not to be subject to solely automated decisions with legal or similarly significant effects (we do not make such decisions — see Section 13). You may lodge a complaint with your local supervisory authority (in the UK, the ICO; in Ireland, the DPC; or the authority where you live or work), though we would welcome the chance to address your concern first.

Australia

You may access and seek correction of your personal information in accordance with the Australian Privacy Principles. If you have a complaint, contact us first via Section 16; if you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).

United States

Depending on your state (including California, Colorado, Connecticut, Virginia, Texas, Oregon and others), you may have rights to know/access, correct, delete and obtain a portable copy of your personal information, and to opt out of the sale or sharing of personal information, targeted advertising and certain profiling. We do not sell or share personal information or engage in targeted advertising or profiling with legal or similarly significant effects, so there is nothing to opt out of — but you can exercise your other rights as described above. We do not use or disclose sensitive personal information for purposes requiring a right to limit under the CPRA. California’s categories of personal information we collect are: identifiers (account details); internet/electronic activity (usage events and device data); geolocation (only with permission for location features); audio/visual (photos you upload); and inferences (travel preferences) — collected for the purposes in Section 3, disclosed only to the recipients in Section 6, and retained per Section 4. We do not knowingly collect personal information of consumers under 16.

Canada

You may access and correct your personal information and withdraw consent, subject to legal and contractual limits. You may complain to the Office of the Privacy Commissioner of Canada or, in Quebec, the Commission d’accès à l’information. Quebec residents also have rights to data portability and to be informed about automated processing.

Brazil

Under the LGPD you have rights including confirmation of processing, access, correction, anonymisation or deletion, portability, information about sharing, and review of automated decisions, and you may complain to the ANPD.

Other regions

If the law where you live gives you additional rights, we will honour them. Contact us via Section 16.

10. Location, notifications and device permissions

Location, camera/photo library and notification access are all controlled by permissions you grant in your device settings, and you can change them at any time. Notification preferences can also be managed in the app. Service messages that are necessary to run your account (for example, confirming account deletion) may still be sent while your account is active.

11. Marketing

If we send marketing emails or notifications, we will do so with your consent where the law requires it, and every message will include an easy way to opt out. Opting out of marketing does not affect service messages.

12. Cookies and similar technologies

The app uses local storage and similar technologies necessary for it to function. Our website uses strictly necessary cookies, and analytics cookies only with your consent where required (managed via the site’s cookie banner). We do not use third-party advertising cookies or trackers.

13. Automated decision-making and profiling

We use your activity to personalise the Service (for example, suggesting starter packs), which involves limited profiling. We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects. You can object to personalisation profiling — see Section 9.

14. Children

Untravel is not intended for anyone under 16, and we do not knowingly collect personal information from children. If you believe a child has created an account, contact us at untravelofficialapp@gmail.com and we will delete it.

15. Changes to this policy

We may update this policy from time to time. For material changes we will notify you in the app or by email before they take effect. The effective date appears at the top, and prior versions are available on request.

16. Contact us

Privacy contact: untravelofficialapp@gmail.com

Jadyn Sabljak, trading as Untravel (sole trader, ABN 24 773 317 355), Coogee NSW 2034, Australia.

EU representative (Art 27 GDPR): to be appointed. UK representative (Art 27 UK GDPR): to be appointed.

If you are not satisfied with our handling of a privacy concern, you may contact your local regulator — for example the OAIC (Australia), the ICO (UK), your EU supervisory authority, the OPC (Canada), the ANPD (Brazil), or your US state attorney general.