Privacy Policy

AllTravel (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our mobile application AllTravel (the “App”) and any associated services (cloud sync, email parsing, push notifications). By installing or using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly:

• Account Credentials (Cloud): Name and email address supplied during sign‑up; password is stored salted & hashed by Firebase Authentication.
• Trip Details: Name, start and end dates, budget, and list of destinations you enter when creating a new trip.
• Expense Data: Amount, category, date, destination ID, and optional notes for each expense you record.
• Forwarded Booking Emails (Optional): If you email confirmations to [email protected] we parse the message to extract reservation data. The raw email is deleted after processing.
• Profile & Preferences: Any preferences you choose within the App (e.g., currency, dark mode, notification settings).

1.2 Automatically Collected Information:

• Device Information: Operating system version, device model, unique device identifiers, and crash logs.
• Usage Metrics: Screen flows, taps, and performance events collected via Firebase Analytics (aggregated and de‑identified).
• Advertising Identifiers: (Only when Google Mobile Ads is enabled) Used to display ads and respect your ad‑tracking choices.

2. How We Use Your Information

• Provide & Maintain the App: Sync trips/expenses to the cloud, render timelines, budget bars, and push reminders.
• Cross‑Device Sync: Store your data in Firebase Cloud Firestore so you can access it from multiple devices and safely restore after reinstall.
• Improve User Experience: Analyze anonymized analytics to optimize features, fix bugs, and personalise suggestions (e.g., frequent categories).
• Advertising & Monetization: Show Google AdMob ads (see Section 5) unless you purchase the ad‑free upgrade.
• Support & Communications: Respond to inquiries, send onboarding tips or important security notices.
• Compliance & Safety: Detect fraud, enforce our Terms of Service, and comply with legal obligations.

3. Data Storage & Security

3.1 Cloud Storage (Firebase): Trip and expense data, profile photo, and parsed booking details are stored in Firebase Firestore/Storage under your unique user ID. Firebase encrypts data in transit (TLS) and at rest (AES‑256).

3.2 Local Storage: We cache data on‑device for offline access. The cache is encrypted on iOS (Keychain/NSFileProtection) and on Android using the EncryptedFile API.

3.3 Security Measures: We implement role‑based Firestore rules, enforce HTTPS, and review access logs. Despite these measures, no system is 100% secure, and you acknowledge residual risk.

4. Sharing Your Information

• Service Providers: Firebase (Authentication, Firestore, Storage, Cloud Functions), Google Cloud (email parsing worker) — bound by Google Cloud Platform’s Data Processing Terms.
• Advertising Partners: Google Mobile Ads may receive device identifiers or usage data to deliver tailored ads. See Section 5.
• Legal Requirements: We may disclose your information if required by law, to comply with legal processes, or to protect our rights, property, or safety—and the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to confidentiality and security obligations.

5. Google Mobile Ads & Third‑Party Advertising

The App integrates Google Mobile Ads. Google may collect advertising IDs, device info, location (approximate), and in‑app events to serve personalized or contextual ads. You can opt‑out of personalised advertising through your device settings (e.g., “Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android). Opt‑out does not reduce ad volume but ads may be less relevant.

6. Push Notifications

We use Firebase Cloud Messaging to send optional reminders (flight check‑in, budget alerts). Notifications are opt‑in, and you can disable them anytime in your device settings or App settings.

7. Children’s Privacy

The App is not intended for children under 13, and we do not knowingly collect data from them. If you believe a child has provided us personal information, email [email protected] and we will delete it promptly.

8. Your Rights & Choices

• Access & Correction: View, edit, or delete trips and expenses within the App. You may also export a CSV copy from Settings › Data.
• Account Deletion: Use Settings › Account › Delete account to permanently erase your cloud data. Local caches are cleared upon app uninstall.
• Privacy Settings: Disable personalised ads or push notifications through device settings.
• GDPR / CCPA Requests: Email [email protected] to exercise data access, portability, or deletion rights. We respond within 30 days.

9. International Users & GDPR Compliance

If you reside in the EEA or United Kingdom, you have rights under the GDPR. We rely on your consent (when you create an account), contractual necessity (provide core services), and legitimate interest (fraud prevention, analytics) as legal bases for processing.

10. California Privacy Rights (CCPA)

California residents may request disclosure or deletion of personal information and opt‑out of its “sale.” AllTravel does not sell personal data. Submit requests to [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in practices or legal requirements. We will notify you of material changes via in‑app banners or email. Review this page periodically for the latest version.

12. Contact Us

AllTravel Privacy Team
Email: [email protected]