Privacy Policy
Last updated: February 18, 2026
1. General Provisions
This Privacy Policy (hereinafter — "Policy") defines the procedures for collecting, processing, storing, and protecting the personal data of users of the JourneyBay mobile application and website (hereinafter — "Service").
Data Controller:
Individual Entrepreneur Roman Borisovich Belov
TIN: 770871362722
OGRNIP: 322774600177836
Address: 107140, Russia, Moscow, 2nd Krasnoselsky per., 2, apt. 130
Email: [email protected]
Data Protection Officer: Roman Borisovich Belov
2. Categories of Data Collected
2.1. Account Data (Personal Data)
During registration and use of the Service, we collect:
- First and last name (if provided)
- Email address
- Citizenship (for personalized visa information)
- Avatar (when registering via OAuth — from the provider's profile)
2.2. Preference Data
For recommendation personalization, we collect:
- Interests and travel style (18 categories: historical heritage, nature, cuisine, sports, etc.)
- Budget preferences, pace, accommodation type, and transport
- Liked, saved, and rated places
- Search query history
2.3. Trip Data
- Destinations, dates, number of travelers, budget
- AI-generated itineraries and trip plans
- Trip notes and checklists
- Reviews and place ratings
2.4. AI Chat Data
- Full message history with the AI assistant
- Your message text is transmitted to AI providers to generate responses (see section 5)
- Metadata: send time, response generation duration
2.5. Geolocation
- Approximate location (GPS coordinates) — only with your explicit consent
- Used for the "Nearby Search" feature and map display
- Coordinates are transmitted to third-party services (Foursquare, Mapbox, Google Places) to fulfill requests and are not permanently stored on our servers
2.6. Device Data
- Device model, operating system version
- App installation identifier (not linked to identity)
- System language, timezone
- App version and build number
2.7. Usage Data (Analytics)
- In-app actions (screen views, button clicks, search queries)
- Behavioral metrics (session count, usage depth)
- Error and performance data
2.8. Payment Data
- Last 4 digits of card number, brand (Visa/Mastercard/Mir), expiration date — for displaying saved payment methods
- Payment amounts, currency, transaction status
- Complete card data is processed exclusively by the payment provider (T-Bank) and is not transmitted to JourneyBay
2.9. Cookies and Website Analytics
Detailed information is available in the Cookie Policy.
3. Purposes of Data Processing
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Registration and account management | Account data | Contract performance |
| Providing core Service features | Preferences, trips, AI chat | Contract performance |
| Personalizing recommendations and AI responses | Preferences, history, geolocation | Contract performance, consent |
| Payment processing and subscription management | Payment data, email | Contract performance |
| Sending service notifications | Email, FCM token | Contract performance |
| Sending marketing communications | Email, name, language | Consent |
| Analytics and Service improvement | Usage data, device | Legitimate interest |
| Error monitoring and stability | Device data, errors | Legitimate interest |
| Security | IP address, device data | Legitimate interest |
| Training and improving AI models | Anonymized interaction data | Legitimate interest |
| Legal compliance | Any | Legal obligation |
4. Legal Basis for Processing
4.1. Russian Federation Law (152-FZ)
- Data subject consent (Art. 9, 152-FZ) — upon registration, geolocation use, marketing subscription
- Contract performance (Art. 6(1)(5), 152-FZ) — to provide services
- Legitimate interests of the operator — for analytics, security, and Service improvement (provided they do not infringe on the data subject's rights)
4.2. GDPR (for EU/EEA users)
- Consent — Art. 6(1)(a) GDPR
- Contract performance — Art. 6(1)(b) GDPR
- Legitimate interest — Art. 6(1)(f) GDPR
- Legal obligation — Art. 6(1)(c) GDPR
5. Data Sharing with Third Parties and International Transfers
We do not sell personal data. Data is shared with third parties solely for the purposes described below, based on Data Processing Agreements (DPA) or equivalent legal mechanisms.
5.1. Personal Data Storage and Processing (Russia)
| Service | Purpose | Data Transmitted | Location |
|---|---|---|---|
| Appwrite (self-hosted) | Authentication, credential storage | Email, password hash, name, citizenship | Russia |
Primary storage of personal data of Russian Federation citizens is carried out on servers located within the Russian Federation, in compliance with Part 5, Article 18 of Federal Law No. 152-FZ.
5.2. Processing of Anonymized and Pseudonymized Data
The services listed below receive only anonymized data (internal identifiers, metrics, technical data) that cannot identify a specific user without access to the authentication system.
| Service | Purpose | Data Transmitted | Location |
|---|---|---|---|
| Supabase | Application database | Anonymized profiles, trips, preferences (by internal ID) | Singapore |
| PostHog | Product analytics | Anonymized usage events, device ID | EU |
| Sentry | Error monitoring | Technical error data, user ID, screen captures during crashes | USA |
| Firebase / FCM | Push notifications | FCM token, device type | USA |
| Cloudflare | CDN, DDoS protection | IP address, request data | Global |
| Qdrant (self-hosted) | Vector search for recommendations | Anonymized vector representations of preferences | Outside Russia |
| Neo4j (self-hosted) | Relationship graph for recommendations | Anonymized entity relationships | Outside Russia |
5.3. AI Providers
To power the AI assistant and itinerary generation, your message and query texts are transmitted to large language model (LLM) providers. Transmission occurs through an intermediary layer (LiteLLM, self-hosted outside Russia) that does not permanently store data.
| Provider | Data Transmitted | Location |
|---|---|---|
| OpenAI (USA) | Query text (not linked to personal data) | USA |
| Anthropic (USA) | Query text | USA |
| Google AI | Query text | USA |
| DeepSeek | Query text | China |
| Mistral AI | Query text | EU (France) |
| Alibaba Cloud (Qwen) | Query text | China |
Requests to AI providers do not contain your personal data (email, name, citizenship). Only the message text with an internal session identifier is transmitted.
5.4. Geolocation and Mapping Services
| Service | Purpose | Data Transmitted | Location |
|---|---|---|---|
| Mapbox | Map display | GPS coordinates, map zoom level | USA |
| Foursquare | Place search (POI) | GPS coordinates, search queries | USA |
| Google Places / Geocoding | Geocoding, place search | GPS coordinates, address/query text | USA |
5.5. Payment and Marketing Services
| Service | Purpose | Data Transmitted | Location |
|---|---|---|---|
| T-Bank (Tinkoff Acquiring) | Payment processing | Card data (processed by T-Bank), amount, email | Russia |
| Unisender | Email campaigns | Email, name, language, tags | Russia |
5.6. Monitoring and Analytics (Self-Hosted)
| Service | Purpose | Data Transmitted | Location |
|---|---|---|---|
| Langfuse (self-hosted) | AI response quality monitoring | AI prompt and response texts (anonymized) | Outside Russia |
| Grafana (self-hosted) | Infrastructure monitoring | Technical metrics, logs | Outside Russia |
| Victoria Metrics (self-hosted) | Metrics storage | Technical metrics | Outside Russia |
| Metabase (self-hosted) | Business analytics | Aggregated anonymized data | Outside Russia |
5.7. Website Analytics
| Service | Purpose | Data Transmitted | Site Version | Location |
|---|---|---|---|---|
| Google Analytics | Website analytics | Anonymized visit data, IP anonymized | EN | USA |
| Yandex Metrica | Website analytics | Anonymized visit data | RU | Russia |
5.8. Other Cases of Data Disclosure
We may disclose your data:
- As required by court order or authorized government bodies under applicable law
- To protect the rights, property, or safety of JourneyBay, our users, or third parties
- In connection with reorganization, merger, or sale of the Operator's assets (with prior user notification)
6. Data Storage and Protection
6.1. Retention Periods
| Data Category | Retention Period |
|---|---|
| Account data | Duration of use + 30 days after deletion |
| Trip and preference data | Duration of use + 30 days after deletion |
| AI chat | Duration of use + 30 days after deletion |
| Payment data | 5 years (accounting requirements) |
| Analytics data | Up to 24 months from collection |
| Error data (Sentry) | Up to 90 days |
| Server logs | Up to 12 months |
| Local cache (device) | Up to 30 days (auto-cleanup) |
6.2. Security Measures
- Encryption in transit — TLS 1.3
- Encryption at rest — AES-256 (Appwrite, Supabase)
- Password hashing (Appwrite — bcrypt/argon2)
- JWT tokens stored in device secure storage (iOS Keychain / Android EncryptedSharedPreferences)
- Role-based access control (Row Level Security in Supabase)
- Regular security audits and monitoring
- Two-factor authentication for administrative access
6.3. Breach Notification
In the event of a personal data breach, we commit to:
- Notify affected users within 72 hours of discovery (GDPR Art. 33/34)
- Notify the relevant supervisory authority as required by applicable law
- Take immediate measures to minimize consequences
7. Your Rights
7.1. Rights Under 152-FZ (Russian Citizens)
Under the Federal Law "On Personal Data," you have the right to:
- Obtain information about the processing of your personal data
- Request rectification, blocking, or destruction of data
- Withdraw consent to data processing
- Appeal the Operator's actions to Roskomnadzor or to court
7.2. Rights Under GDPR (EU/EEA Citizens)
- Right of access (Art. 15) — request a copy of your data
- Right to rectification (Art. 16) — update inaccurate data
- Right to erasure (Art. 17) — "right to be forgotten"
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20) — receive data in machine-readable format (JSON)
- Right to object (Art. 21) — including against processing based on legitimate interest
- Right to withdraw consent — at any time, without affecting the lawfulness of processing prior to withdrawal
- Right to lodge a complaint with a data protection supervisory authority
7.3. Rights Under CCPA (California Residents, USA)
If you are a California resident, you additionally have the right to:
- Know what categories of personal data are collected and for what purposes
- Delete your personal data
- Opt-out of sale — we do not sell your personal data
- Non-discrimination — you will not be discriminated against for exercising your rights
7.4. How to Exercise Your Rights
To exercise any rights, contact:
- Email: [email protected]
- Account deletion: through app settings (automatic deletion of all data)
We will process your request within 30 days. In exceptional cases, the period may be extended to 60 days with notification of the reasons. We may request additional information to verify your identity.
8. Automated Decision-Making and Profiling
JourneyBay uses automated data processing for:
- Personalizing place and itinerary recommendations based on your preferences and usage history
- Generating AI content based on your queries
- Forming subscription offers
These decisions do not have legal consequences and do not similarly significantly affect your interests. You have the right to obtain information about the logic of such decisions and to contest them by contacting [email protected].
9. Children
The Service is not intended for persons under 16 years of age. We do not knowingly collect data from minors. If you are a parent or guardian and believe a child has provided us with their data, contact us and we will delete the data.
10. "Do Not Track" Signal
The Service does not currently respond to "Do Not Track" (DNT) browser signals, as no uniform standard for processing such signals has been established. If our practices change, we will update this Policy.
11. Changes to This Policy
We may update this Policy. We will notify you of significant changes through the app or by email at least 14 days before the changes take effect. The current version of the Policy is always available on this page. Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.
12. Contact
For questions about personal data processing:
IE Roman Borisovich Belov
Address: 107140, Russia, Moscow, 2nd Krasnoselsky per., 2, apt. 130
Email: [email protected]
Response time: up to 30 days
Supervisory authority for personal data protection in Russia:
Roskomnadzor — rkn.gov.ru