Privacy Policy

1. Introduction

TravelFar is a traveler-built social travel platform for people who want to go somewhere, but not alone. This policy describes what information we process, why we process it, how we share it, how long we keep it, and the privacy rights you may have.

2. Information We Collect

Some information is necessary to create and maintain an account and provide the service. Other information is voluntary, but some features may not work without it.

• Contact information, including email address.
• Account information, including password hash, preferred language, terms acceptance, email verification status, notification choices, login counters, token records, and sign-in logs.
• Traveler profile details, including display name, birthdate or age, homebase, profile intro, gender identity, languages, travel styles, travel vibes, countries visited, destination wishlist, experience, budget, safety preferences, and optional social links.
• Profile photos and related metadata.
• Trip and application content, including title, emoji, destination, dates, type, budget, spots, description, accommodation and transport status, requirements, visibility, host decisions, and application messages.
• Messages, conversation membership, read state, notifications, reports, moderation records, blocks, saved travelers, saved trips, and match interactions.

• Technical request data such as IP address, timestamps, user agent where available, authentication events, rate-limit events, and security logs.
• Usage data generated by the service, such as unread conversations, skipped or messaged travelers, and trip applications.
• Approximate location information provided through profile or preference choices. TravelFar does not currently collect precise GPS location from the web or mobile app.
• Browser or device storage information needed to keep you signed in, remember selected language, cache limited account data, and preserve app preferences.

3. How We Use Your Information

We use personal information mainly to provide, secure, and improve TravelFar, including matching, messages, trips, notifications, safety tools, and account support.

• Create and maintain your account and allow secure login.
• Verify your email address, send password reset links, and account security messages.
• Build and display your traveler profile.
• Show compatible travel buddies and enforce matching preferences.
• Let users create trips, browse trips, apply to trips, and message hosts or applicants.
• Provide direct and trip-based messaging, unread counts, and message notifications where enabled.
• Support blocking, reporting, moderation, spam prevention, suspicious login detection, and account suspension.
• Remember language choices and optional email preferences.
• Maintain, troubleshoot, secure, and improve TravelFar.
• Comply with law, valid legal requests, and safety obligations.

4. Legal Bases

Where GDPR applies, we rely on contractual necessity, legitimate interests, consent, legal obligations, and voluntary publication of profile choices for the requested social travel features.

5. How We Share Information

We may share information with other TravelFar users according to your choices, with service providers, with authorized moderators or administrators, with legal authorities where required, or in connection with a future reorganization.

• With other TravelFar users, according to your profile, trip, matching, and messaging choices.
• With service providers who help operate TravelFar, such as hosting, database, object storage, queues, reverse proxy, email delivery, and moderation/admin tooling providers.
• With authorized moderators or administrators when needed to review reports, blocks, suspicious behavior, unsafe trips, abusive messages, or account security issues.
• With law enforcement, regulators, courts, legal advisors, or other parties where required by law or necessary to protect rights, safety, users, or the service.
• In connection with a future reorganization, merger, transfer, or similar transaction.

6. Third-Party Services

TravelFar may link to or integrate with third-party services in limited ways, such as email delivery or infrastructure. External services process information under their own privacy policies.

7. Data Security

We use technical and organizational measures designed to protect personal information, including password hashing, authenticated API access, security headers where configured, rate limits, moderation tools, and separated services.

8. Your Privacy Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, object, receive portable data, withdraw consent, opt out of optional emails, and complain to a competent authority.

• Access a copy of personal data processed about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated profile data, subject to legal, safety, security, backup, or dispute-related limitations.
• Restrict or object to certain processing where applicable law gives you that right.
• Receive portable data where technically feasible.
• Withdraw consent for optional processing, such as marketing emails.
• Opt out of message notification emails in account settings.
• Complain to a competent data protection authority.

9. Data Retention

We retain personal information for as long as needed to provide TravelFar, maintain accounts, support safety and moderation, comply with legal obligations, resolve disputes, and protect users and the platform.

• Account and profile data are generally kept while the account exists.
• Email verification and password reset tokens are time-limited, single-use, and stored as hashes.
• Refresh tokens expire or are revoked, including after password changes.
• Messages, trips, applications, reports, blocks, and moderation records may remain while accounts or safety needs exist.
• Deleted account data may remain in backups for a limited period if backups are used by the deployment environment.

10. International Data Transfers

TravelFar may process information using infrastructure, service providers, or administrators located in different countries. Where required, appropriate safeguards should be used.

11. Children's Privacy

TravelFar is not intended for users under 18. We do not knowingly collect personal information from children under 18 and will take reasonable steps to delete it if discovered.

12. Changes to This Privacy Policy

We may update this Privacy Policy when TravelFar changes or when legal, technical, or operational requirements change. For material changes, we may provide notice by a reasonable method.

13. Contact Information

For privacy questions, concerns, or rights requests, contact privacy@travelfar.app from the email address connected to your account or include enough information for us to verify your request.