Privacy Policy

Account information: your email address and, if you sign in with a provider such as Google, the basic profile information they share (for example your name).

Content you create: trips, itineraries, saved places, packing and task lists, expenses, notes, and messages you send to our AI assistant.

Usage information: how you interact with the Service, device and browser information, and approximate location derived from your IP address, used to operate, secure, and improve the Service.

Payment information: if you subscribe, our payment provider (Stripe) processes your payment details. We receive limited information such as your subscription status and the last four digits of your card — we do not store full card numbers.

Cookies and similar technologies: see our Cookie Policy. Non-essential cookies (analytics and marketing/affiliate) are only used with your consent.

To provide and operate the Service (including saving your trips and running the features you request); to provide AI-assisted planning; to process subscriptions and payments; to secure the Service and prevent abuse; to communicate with you about your account; to comply with legal obligations; and, where you have consented, to measure and improve the product.

When you use an AI feature (for example asking our assistant a question or generating an itinerary), the relevant inputs — such as your prompt and the trip context needed to answer — are sent to our AI provider, Google (Gemini API), which generates the response. We send only what is needed for the feature you requested.

We use AI providers to process these requests on our behalf as a processor; we do not permit them to use your content to train their general models, and we do not sell your content. We may store your AI conversations and generated content in your account so you can return to them, and we use aggregate, non-identifying signals to improve the feature.

As described in the Terms, AI output can be inaccurate — please verify important details (hours, prices, visas, safety, official requirements) before relying on them.

Where the GDPR applies, we rely on: performance of our contract with you (to provide the Service); your consent (for non-essential cookies and analytics); our legitimate interests (to secure and improve the Service); and compliance with legal obligations. You can withdraw consent at any time.

We share data with service providers that help us run Roamo, under contracts that require them to protect it: Supabase (database, authentication, and storage), Vercel (hosting), Stripe (payments), and Google (AI processing). Our accommodation partner powers the optional hotel map; it loads only with your marketing-cookie consent and is subject to its own privacy practices.

We do not sell your personal data. We may disclose data if required by law, to protect our rights or users' safety, or in connection with a business transfer.

Your data may be processed in countries other than your own, including the United States and the European Union. Where required, we rely on appropriate safeguards (such as the European Commission's standard contractual clauses) for these transfers.

We keep your account and content for as long as your account is active, and for a reasonable period afterwards as needed to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymize your personal data, except where we must retain it by law.

Depending on where you live, you may have rights to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain processing. You can change cookie choices anytime via “Cookie settings” in the footer.

To request access to or deletion of your account and data, email us at support@roamo.ai from the address associated with your account. We will respond within the timeframe required by applicable law. You also have the right to complain to your local data-protection authority.

We use technical and organizational measures to protect your data, including encryption in transit, access controls, and row-level security on user data. No system is perfectly secure, but we work to protect your information and to respond to incidents appropriately.

Roamo is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

If you are in Israel, we process your personal data in accordance with the Israeli Protection of Privacy Law, 5741-1981 and its regulations. You may contact us at support@roamo.ai to access or correct your data.

We may update this Policy from time to time and will update the date above. For privacy questions or requests, contact us at support@roamo.ai.