Privacy policy

Last updated: 04.04.2026

This Privacy Policy explains how PlanAnyTrip (the "Service", "we", "our", or "us") collects, uses, stores, and shares personal data when you use plananytrip.com, related applications, checkout flows, and support channels.

1. Who is Responsible for Processing

The legal operator responsible for this Service (the "Operator") is the person or entity identified in the applicable legal notice, checkout flow, invoice, or support contact for the relevant market.
The Operator acts as the controller or equivalent responsible party for the personal data described in this Policy, except where another party clearly acts as an independent controller under applicable law.

2. Categories of Data We May Collect

We may collect and process the following categories of data, depending on how you use the Service:

Account and auth data, such as email address, display name, avatar, locale, currency preference, login identifiers, and sign-in data received from authentication providers such as Google or Telegram.
Trip content and preferences, such as destinations, travel dates, activity choices, visibility settings, budgets, group preferences, trip requests, saved trips, and related content you submit or generate.
Billing and transaction data, such as selected product and price identifiers, subscription status, renewal state, scheduled downgrade state, billing period information, payment status, refund status, transaction amounts, currency, discounts, and provider-side identifiers for customers, checkout sessions, payments, subscriptions, invoices, products, or prices.
Support and communications data, such as messages sent to support or feedback you provide.
Device, browser, and network metadata, such as browser type, operating system, language settings, approximate country, IP address, user-agent string, and technical request metadata.
Cookies and similar technologies, including session cookies, login cookies, remembered preferences, locale cookies, consent choices, analytics cookies, and optional security cookies.
Security and fraud-prevention identifiers, such as a browser fingerprint identifier generated with a third-party library when the relevant consent is enabled, a visitor identifier, and salted hashes derived from the IP address and user-agent.
Analytics and operational monitoring data, such as usage events, aggregated traffic metrics, purchase-conversion events, diagnostic information, and error reports.

3. How We Collect Data

Directly from you when you register, sign in, purchase, contact support, adjust settings, create trips, or submit content.
Automatically from your browser, device, cookies, and interactions with the Service.
From third-party providers that support authentication, hosted checkout and recurring billing, analytics, hosting, monitoring, fraud prevention, or embedded functionality. This currently includes payment processing through Stripe.

4. Why We Use Personal Data

We may use personal data to:

provide, maintain, personalize, and secure the Service;
authenticate users and manage accounts;
create, store, display, and manage trips and related content;
process checkout, payments, subscriptions, renewals, cancellations, resumptions, upgrades, refunds, and one-time pack purchases;
update account entitlements, billing periods, and payment history after provider confirmations or webhooks;
detect abuse, fraud, misuse, and technical failures;
analyze product usage and improve features, performance, and reliability;
send transactional messages, service notices, and support responses;
comply with legal, tax, accounting, consumer-protection, and regulatory obligations;
establish, exercise, or defend legal claims.

We use necessary cookies and similar technologies required for security, session management, login, fraud prevention, locale handling, and core site operation.
We may use preference cookies to remember language and guest preferences.
We may use analytics technologies to measure product usage and improve the Service. Where required by law, analytics cookies are activated only after the relevant consent choice. Our current implementation may enable Google Analytics and related Google conversion measurement only when analytics consent is granted.
Where enabled by your consent choice, we may also use an optional browser-side security identifier, such as a fingerprint cookie generated with FingerprintJS, to help detect suspicious activity and reduce abuse.
We also use operational monitoring and error-reporting tools to diagnose failures, investigate incidents, and keep the Service reliable. Depending on configuration and applicable law, some technical diagnostics, including tools such as Sentry where enabled, may operate on the basis of our legitimate interest in service security and stability rather than marketing consent.
We store and respect cookie consent preferences through the site’s consent interface.

6. Legal Bases

Where applicable law requires a legal basis, we generally rely on one or more of the following:

performance of a contract or steps at your request before entering into a contract;
compliance with legal obligations;
our legitimate interests, such as service security, fraud prevention, reliability, product improvement, and support operations, where those interests are not overridden by your rights;
your consent, where consent is required or where we choose to rely on it.

We may share personal data with:

payment processors and billing providers, including Stripe for checkout, subscriptions, invoices, and refunds;
authentication providers;
hosting, infrastructure, storage, and content delivery providers;
analytics, conversion-measurement, monitoring, logging, and error-reporting providers;
professional advisers, auditors, insurers, or authorities where required;
counterparties involved in a merger, acquisition, financing, or asset transfer, subject to appropriate confidentiality and legal conditions.

We do not describe ourselves in this Policy as selling your personal data.

8. International Processing and Transfers

Personal data may be processed in the EEA and, depending on the providers we use, in other countries.
Where personal data is transferred outside the EEA, we use applicable transfer mechanisms and safeguards where required by law, such as contractual safeguards or another lawful transfer basis.

9. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, including providing the Service, maintaining records, resolving disputes, preventing abuse, and meeting legal obligations.
Billing, payment, and refund records may be retained for longer periods where necessary for accounting, tax, audit, fraud-prevention, or legal compliance purposes.
Retention periods may vary by data type, account status, transaction history, and legal requirements.

10. Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

11. Your Rights

Depending on your location and applicable law, you may have rights to:

access your personal data;
request correction of inaccurate data;
request deletion of data;
object to or restrict certain processing;
withdraw consent where processing is based on consent;
request data portability;
lodge a complaint with a competent supervisory authority.

To exercise your rights, contact us at [email protected]. We may request information reasonably necessary to verify your identity.

12. Changes to This Policy

We may update this Privacy Policy from time to time.
The version published on the website is the current version unless stated otherwise.

13. Contact

For privacy questions or data-rights requests, contact:

Email: [email protected]