Privacy Policy
This policy explains what information ConMigo (the travel-planning app and this website) collects, how we use it, and the controls you have. The short version: we collect what's needed to run the app for you, we don't sell your data, and you can delete everything at any time.
1. Information we collect
- Account information — your email address and display name. Optionally your date of birth and country of residence if you choose to provide them during onboarding.
- Travel preferences — your answers to the onboarding questionnaire (e.g. budget style, travel pace, preferred activities). These are used to personalise suggestions inside the app.
- Trip data — destinations, dates, bookings (hotels, flights, activities, food, transport), notes, and itinerary items that you create.
- Documents — any travel documents you choose to upload to the Docs Vault (e.g. ticket PDFs, passport photos). These are stored privately and only visible to you.
- Location — only while the app is open, and only when you give permission, in order to mark visited places on your trip map. We do not track your location in the background.
- Diagnostic events — when the Analytics toggle is enabled in Settings → Privacy, the app sends usage events (screen views, button taps, error reports) to PostHog. No raw chat messages, no document contents, no payment details, no full personal addresses are sent.
2. How we use your information
- To create and manage your account.
- To display your trips, bookings, and documents back to you.
- To personalise suggestions from Migo (our AI travel assistant) using your preferences and current trip context.
- To improve the app based on aggregated usage patterns.
- To investigate crashes and bugs that affect your experience.
3. Third parties we share data with
ConMigo relies on a small number of trusted providers to deliver the service. We do not sell your data to anyone.
- Supabase (cloud database and authentication) — stores your account, profile, trips, and documents.
- OpenAI — receives your trip context (destination, dates, preferences, itinerary items) so Migo can generate relevant responses. We do not send your name, email address, or document contents to OpenAI.
- PostHog (product analytics) — receives diagnostic events when you have Analytics enabled. We never send personally identifying free-text to PostHog.
- Google Places, Foursquare, Pexels, Open-Meteo, ExchangeRate API — used to fetch place suggestions, photos, weather forecasts, and currency rates. We send only the destination or query terms (e.g. "restaurants in Lisbon"), never your account information.
- Apple, Google — used as authentication providers when you choose Sign in with Apple or Google. They receive only the information necessary to verify your identity (your existing account email and basic profile).
4. Affiliate and partner links
ConMigo may earn a small commission when you book through some partner links (e.g. Booking.com, GetYourGuide). The commission comes from the partner, not from you — it does not cost you extra. Tapping a partner link opens the partner's site in a secure in-app browser; the partner network sets a cookie in that browser session to attribute the booking. We do not see what you book or how much you spend. Full details in our affiliate disclosure.
5. How long we keep your data
We keep your account and trip data for as long as your account exists. If you delete your account (Settings → Account → Delete account, or see delete your account), your personal data is removed from our database within 30 days. Aggregate analytics that are not linked to you may be retained.
6. Your rights
- Access and export — email us and we'll provide a copy of your data.
- Correction — edit your profile directly inside the app at Profile → Edit Profile.
- Deletion — Settings → Account → Delete account, or follow the steps on this page. Deletion is permanent and cannot be undone.
- Opt out of analytics — Settings → Privacy → Analytics toggle.
- Opt out of AI personalisation — Settings → Privacy → AI personalisation toggle.
If you're in the UK/EU, you also have the right to lodge a complaint with your data-protection authority (in the UK, the ICO).
7. Children
ConMigo is not intended for and is not directed to anyone under the age of 13. We do not knowingly collect information from children under 13. If you believe a child has registered, please email us so we can remove the account.
8. Security
All communication between the app and our backend uses HTTPS. Your data at rest is stored with our infrastructure provider (Supabase) under their security standards. We use industry-standard practices (Row Level Security policies) so that users can only access their own data.
9. Changes to this policy
We may update this policy as the app evolves. The "Last updated" date at the top of this page will reflect any changes. Material changes (such as new third parties added, or new categories of data collected) will be communicated to active users via an in-app notice.
10. Contact
Privacy questions, access requests, or anything else: support@conmigo.uk