Last updated: 30 May 2026

Welcome to TravelDeal. We are committed to protecting your personal information and your right to privacy. This policy explains what data we collect, why we collect it, and how we keep it safe.

1. Data We Collect

• Account Data: If you create an account (email/password) or sign in via Google OAuth, we store your email address, display name, avatar URL, and a hashed password when applicable. Your email is the primary identifier used to sync history and watchlist across devices.
• Search Data: We store your product queries and results in your history to provide continuity across devices.
• Local-Only Guest Data: If you are not signed in, history and watchlist are stored locally in your browser (localStorage) and are not synced to our servers.
• Location Data: We momentarily use your IP address to auto-detect your country for pricing; we do not collect precise GPS location.
• Usage & Analytics Data: We use cookies and analytics tools to understand how the app is used and improve performance. Sensitive inputs (passwords or payment data) are not recorded.
• Security Data: We log IP addresses and device metadata to enforce rate limits, prevent abuse, and secure the service.
• Support & Feedback: If you contact us or submit feedback, we collect the information you send.

2. Why We Use Your Data (Legal Bases)

• Provide the service: run searches, sync history/watchlist, and manage accounts (contract).
• Security and abuse prevention: rate limiting and fraud prevention (legitimate interests).
• Analytics: improve reliability and user experience (legitimate interests or consent where required).

3. AI Image Processing (Important)

When you use our "Smart Scan" feature to take a photo of a product, the image is sent securely to Google Gemini AI strictly for object recognition.

• Ephemeral Processing: Images are processed in real-time and are deleted immediately after analysis.
• No Storage: TravelDeal does not store your photos or use them to train models.

4. Third-Party Services We Use

We share limited data with trusted providers to operate the service:

• Google (Gemini & OAuth): secure login and image recognition.
• SerpApi: product search queries; no direct personal data is sent.
• Neon: hosts our PostgreSQL database.
• PostHog: product analytics.
• Sentry: error tracking to improve stability.
• Resend: transactional email delivery (verification and login).
• Stripe: payment processing for premium passes.
• Discord Webhooks: operational alerts and user feedback routing.

5. Payments

Payment information is processed exclusively by Stripe. TravelDeal does not receive or store your full card details.

6. Cookies and Session Tokens

We use session cookies and authentication tokens to keep you signed in and to secure access to your account.

7. Data Retention and Deletion

Account data, history, and watchlist are kept while your account is active. Local guest data stays on your device until you clear it. You may request deletion of your account and associated data at any time by contacting us at [email protected].

Security logs and analytics are retained only for as long as necessary for abuse prevention, troubleshooting, and service improvement.

8. International Data Transfers

Our providers may process data in other countries. We rely on their standard safeguards to protect your data.

9. Data Security

We use encryption in transit, access controls, and data minimization. No system is 100% secure.

10. Your Privacy Rights (GDPR / CCPA)

Depending on your location, you have the right to access, correct, or delete your personal data. To exercise these rights, contact us at [email protected]. We do not sell personal data.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the date above.

© 2026 TravelDeal. All rights reserved.