Privacy Policy

Personal Information

• Email address (for account creation and magic link authentication)
• Name (optional, for personalization)
• Profile photo (optional, user-uploaded)

Itinerary Data

• Selected cities and dates for trip planning
• Preferences (budget, party type, food preferences, interests)
• Generated itineraries and saved plans
• Favorite venues and bookmarked locations

Technical Information

• IP address and general location (for relevant recommendations)
• Device information (browser type, operating system)
• Usage patterns (pages visited, time spent, features used)
• Cookies and similar technologies (see Cookie Policy section)

Location Data

• City-level location for itinerary generation
• No precise GPS tracking - we only need general area information
• Venue coordinates from public sources (Google Places API)

Core Service Functions

• Generate personalized itineraries based on your preferences
• Provide relevant venue recommendations for your selected locations
• Save and manage your trip plans and favorites
• Improve our AI recommendations over time

Communication

• Send magic link emails for secure login
• Share important service updates and new features
• Respond to customer support inquiries
• Send optional marketing emails (with clear opt-out)

Analytics and Improvement

• Analyze usage patterns to enhance user experience
• Monitor service performance and fix technical issues
• Conduct A/B testing for feature improvements
• Generate anonymized insights about popular destinations

We Never Sell Your Data

WhereToGoTunisia does not sell, rent, or trade your personal information to third parties.

Service Providers

We share limited data with trusted partners:

• Vercel (hosting and deployment)
• Neon (database hosting)
• Google (Maps and Places API for venue data)
• OpenAI (AI itinerary generation - data anonymized)

Required Disclosures

We may disclose information when:

• Required by Tunisian or applicable law
• Protecting our rights or investigating violations
• Preventing fraud or security threats
• With your explicit consent

Business Transfers

If WhereToGoTunisia is sold or merged, user data may transfer to the new entity under the same privacy commitments.

Where We Store Data

• Primary servers: EU/US cloud infrastructure (GDPR compliant)
• Database: Encrypted PostgreSQL via Neon
• Backup systems: Encrypted and geographically distributed

Security Measures

• Encryption: All data encrypted in transit and at rest
• Authentication: Magic link system (no passwords to compromise)
• Access controls: Strict employee access on need-to-know basis
• Regular security audits and vulnerability assessments

Data Retention

• Active accounts: Data retained while account exists
• Deleted accounts: Personal data deleted within 30 days
• Generated itineraries: May be retained anonymously for service improvement
• Legal requirements: Some data retained as required by law

Google Places API

• We use Google's API to fetch venue information
• Google's Privacy Policy applies to this data
• We cache minimal venue details (Place IDs, hours, ratings) for 30 days maximum

Google Maps

• Maps functionality subject to Google's Terms and Privacy Policy
• Location queries sent to Google for directions and distances
• No personal identification shared with Google

Essential Cookies

• Session management: Keep you logged in
• Security: Prevent CSRF attacks
• Preferences: Remember your settings

Analytics Cookies

• Usage tracking: Understand how features are used
• Performance monitoring: Identify and fix issues
• A/B testing: Improve user experience

Third-Party Cookies

• Google Maps: Required for map functionality
• Vercel Analytics: Performance monitoring

Cookie Control

You can:

• Disable non-essential cookies in your browser
• Clear cookies anytime (may affect functionality)
• Opt out of analytics tracking (contact us)

Access Rights

• View all personal data we have about you
• Download your itineraries and preferences
• Request information about data sharing

Control Rights

• Update your profile and preferences anytime
• Delete your account and associated data
• Opt out of marketing communications
• Withdraw consent for data processing

Portability Rights

• Export your saved itineraries in standard formats
• Transfer data to other services when technically feasible

How to Exercise Rights

• In-app: Use account settings for most changes
• Email: privacy@wheretogointunisia.com for complex requests
• Response time: Within 30 days maximum

Tunisia Users

• Your data may be processed in EU/US for technical reasons
• Adequate protection standards maintained per international agreements
• Right to object to international transfers

GDPR Compliance

For EU visitors:

• Lawful basis for processing clearly identified
• Data Protection Officer available if needed
• Rights exercisable per GDPR requirements

Update Process

• Material changes announced via email and website notice
• 30 days notice before significant changes take effect
• Continued use indicates acceptance of updates
• Previous versions archived for reference

Version Control

• Each update includes effective date and change summary
• Major revisions highlighted in notification emails

Privacy Questions

• Email: privacy@wheretogointunisia.com
• Subject: Include "Privacy Policy" for faster response
• Response time: Within 72 hours

Data Protection Officer

• Email: dpo@wheretogointunisia.com
• Available for: Complex privacy questions and rights requests

Business Address

[Insert Tunisian business address for legal compliance]