Privacy

We collect only what we need to make plans work: your email (for sign-in), any display name and avatar you set, your home city, the plans you create, and — during Phase 2 features — the votes your group casts on shared plans, the check-ins you make during the night, and any rating or note you leave on the post-night recap. We don't run third-party ad or analytics trackers.

A small set of essential cookies: your sign-in session, an admin session if you're an editor, a voter session if you've joined a shared plan, and one that remembers you've seen this notice. All first-party, all httpOnly where appropriate. No third-party advertising or tracking cookies.

• Access. Export everything we hold about you as JSON from your profile.
• Deletion. Delete your account from the same page. Your plans remain in the anonymous corpus that trains our recommender, with no link back to you.
• Opt-out. We don't sell data, so no opt-out toggle is necessary for CCPA.
• Response SLA. Automated where possible (export, deletion); 30 days for manual requests.

We use Google Places for venue data, Anthropic Claude for itinerary narratives (we send only plan-shape + venue-shape data, never email or identity), Resend for sign-in and password-reset emails, Cloudflare Turnstile to block automated account creation, OpenWeather for live weather on plan night, and Sentry for error tracking (stack traces only; no request bodies containing identity). None of these receive identifying data beyond what their role strictly requires.

Questions, access requests, and complaints go to david.linacre@gmail.com. We'll acknowledge within a week and resolve within 30 days.