Privacy policy

Privacy policy

Last updated: 01.05.2026

This Privacy Policy explains how PlanAnyTrip (the "Service", "we", "our", or "us") collects, uses, stores, and shares personal data when you use plananytrip.com, the related web, Telegram bot, and admin applications, checkout flows, authentication flows, AI trip-planning features, and support channels.

1. Who is Responsible for Processing

  • The legal operator responsible for this Service (the "Operator") is the person or entity identified in the applicable legal notice, checkout flow, invoice, or support contact for the relevant market.
  • The Operator acts as the controller or equivalent responsible party for the personal data described in this Policy, except where another party clearly acts as an independent controller under applicable law.

2. Categories of Data We May Collect

We may collect and process the following categories of data, depending on how you use the Service:

  • Account and authentication data, such as email address, username, first and last name, display name, avatar or photo URL, locale, currency preference, account identifiers, password-related tokens, and sign-in data received from authentication providers such as Google or Telegram.
  • Telegram interaction data, such as Telegram user IDs, public Telegram profile fields, language code, bot commands, callback selections, and message content needed to operate Telegram bot features.
  • Guest-session and device data, such as visitor identifiers, login/session state, browser type, operating system, language settings, approximate country, IP address, user-agent string, and related request metadata.
  • Travel and AI input/output data, such as free-text planning prompts, destination autocomplete queries, destinations, travel dates, recurring or flexible travel windows, budgets, trip preferences, activity choices, group details, visibility settings, generated routes and itineraries, saved trips, route fingerprints, knowledge entries, and similar content you submit, request, or receive through the Service.
  • Billing and transaction data, such as selected product and price identifiers, subscription status, renewal state, scheduled downgrade state, billing period information, payment status, refund status, transaction amounts, currency, discounts, and provider-side identifiers for customers, checkout sessions, payments, subscriptions, invoices, products, or prices.
  • Communications and feedback data, such as messages sent to support, privacy requests, service emails, feedback, ratings, blog drafts or submissions, and moderation-related records you submit through the website or related channels.
  • Media, place, and map-related data, such as image search queries, provider file identifiers, image attribution metadata, place names, addresses, coordinates, Google Maps identifiers, route directions, and map embed or search requests.
  • Cookies and similar technologies, including session cookies, login cookies, remembered preferences, locale or consent settings, analytics cookies, security cookies, and reCAPTCHA-related cookies where applicable.
  • Security and fraud-prevention data, such as a browser fingerprint identifier generated with a third-party library when the relevant consent is enabled, a visitor identifier, and salted hashes derived from the IP address and user-agent.
  • Analytics and operational monitoring data, such as usage events, aggregated traffic metrics, purchase-conversion events, diagnostic information, error reports, AI provider/model usage records, prompt names, token counts, budget guardrail records, and related operational logs.

3. How We Collect Data

  • Directly from you when you register, sign in, purchase, contact support, adjust settings, create trips, or submit content.
  • Automatically from your browser, device, cookies, request headers, and interactions with the Service.
  • From third-party providers that support authentication, hosted checkout and recurring billing, analytics, monitoring, fraud prevention, email delivery, destination autocomplete, maps, media search, or AI processing. Depending on configuration and your choices, this currently includes providers such as Stripe, Google, Telegram, Mailgun, Sentry, OpenAI, GeoNames, Unsplash, and Pexels.

4. Why We Use Personal Data

We may use personal data to:

  • provide, maintain, personalize, and secure the Service;
  • authenticate users and manage accounts;
  • operate Telegram bot flows and synchronize Telegram-linked account preferences where those features are used;
  • create, store, display, and manage trips and related content;
  • process destination autocomplete, trip requests, route review, translation, preset generation, SEO, and itinerary-related content with AI systems and supporting providers;
  • process checkout, payments, subscriptions, renewals, cancellations, resumptions, upgrades, refunds, and one-time pack purchases;
  • update account entitlements, billing periods, and payment history after provider confirmations or webhooks;
  • send transactional emails, support replies, and operational notices;
  • collect and manage ratings, feedback, blog submissions, moderation decisions, or similar content you submit about app content, blog posts, routes, or trips;
  • detect abuse, fraud, misuse, and technical failures;
  • analyze product usage and improve features, performance, and reliability;
  • comply with legal, tax, accounting, consumer-protection, and regulatory obligations;
  • establish, exercise, or defend legal claims.

5. Cookies, Consent, Analytics, and Monitoring

  • We use necessary cookies and similar technologies required for security, session management, login, fraud prevention, locale handling, and core site operation.
  • Current necessary cookies may include cookies or identifiers used for access tokens, refresh tokens, remembered login state, logged-in state, visitor identification, locale/session handling, abuse prevention, and reCAPTCHA support.
  • We may use preference cookies to remember choices such as guest preferences and similar non-essential settings.
  • We may use analytics technologies to measure product usage and improve the Service. Where required by law, analytics cookies are activated only after the relevant consent choice. Our current implementation initializes Google Analytics and related Google conversion tracking only when analytics consent is granted.
  • Where enabled by your consent choice, we may also use an optional browser-side security identifier, such as a fingerprint cookie generated with FingerprintJS, to help detect suspicious activity and reduce abuse.
  • We also use operational monitoring and error-reporting tools to diagnose failures, investigate incidents, and keep the Service reliable. Where configured, Sentry may receive technical diagnostics and error data even when analytics consent is not granted, if this is permitted under applicable law and based on our legitimate interest in service security and stability.
  • We store and respect cookie consent preferences through the site’s consent interface.

6. Legal Bases

Where applicable law requires a legal basis, we generally rely on one or more of the following:

  • performance of a contract or steps at your request before entering into a contract;
  • compliance with legal obligations;
  • our legitimate interests, such as service security, fraud prevention, reliability, product improvement, and support operations, where those interests are not overridden by your rights;
  • your consent, where consent is required or where we choose to rely on it.

7. Sharing Data with Third Parties

We may share personal data with:

  • payment processors and billing providers, including Stripe for checkout, subscriptions, invoices, payment reconciliation, and refunds;
  • authentication and identity providers, such as Google or Telegram, when you use those login methods;
  • Telegram, when you interact with the Service through Telegram bot features;
  • AI service providers, including OpenAI, to process planning prompts, autocomplete requests, translations, route reviews, SEO/preset content, and itinerary-related content;
  • destination, place, media, and map providers, including GeoNames for destination autocomplete, Unsplash and Pexels for image search and attribution, and Google Maps for map embeds, directions, or map search links;
  • security and anti-abuse providers, including Google reCAPTCHA and optional browser fingerprinting tools;
  • analytics, conversion-measurement, monitoring, logging, and error-reporting providers, such as Google Analytics and Sentry where configured;
  • email delivery and communications providers, such as Mailgun for transactional and support-related email delivery;
  • hosting, infrastructure, storage, and content delivery providers;
  • professional advisers, auditors, insurers, or authorities where required;
  • counterparties involved in a merger, acquisition, financing, or asset transfer, subject to appropriate confidentiality and legal conditions.

We do not describe ourselves in this Policy as selling your personal data.

8. Public Content and Visibility

  • Some trips, feedback, or related content may be visible to other users or to the public if you publish that content or choose a public visibility setting.
  • Private visibility may depend on your product tier, entitlements, or current account state.
  • Please avoid including sensitive personal data in content you intend to publish or share publicly through the Service.

9. International Processing and Transfers

  • Personal data may be processed in the EEA and, depending on the providers we use, in other countries.
  • Where personal data is transferred outside the EEA, we use applicable transfer mechanisms and safeguards where required by law, such as contractual safeguards or another lawful transfer basis.

10. Retention

  • We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, including providing the Service, maintaining records, resolving disputes, preventing abuse, and meeting legal obligations.
  • Billing, payment, webhook, and refund records may be retained for longer periods where necessary for accounting, tax, audit, fraud-prevention, or legal compliance purposes.
  • Retention periods may vary by data type, account status, transaction history, and legal requirements.

11. Security

  • We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
  • No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

12. Your Rights

Depending on your location and applicable law, you may have rights to:

  • access your personal data;
  • request correction of inaccurate data;
  • request deletion of data;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • request data portability;
  • lodge a complaint with a competent supervisory authority.

To exercise your rights, contact us at [email protected]. We may request information reasonably necessary to verify your identity. At the time of this Policy, account and data-deletion requests are handled manually through that contact address rather than through a self-service delete button in the product.

13. Changes to This Policy

  • We may update this Privacy Policy from time to time.
  • The version published on the website is the current version unless stated otherwise.

14. Contact

For privacy questions or data-rights requests, contact: