Privacy Policy

• Usage & diagnostics. Basic event logs (e.g., feature used, timestamp, request size, success/error) to keep the service reliable.
• Rate-limiting identifiers. For anonymous users we may store a hashed identifier (e.g., IP hash) to enforce daily limits. For signed-in users we store your user ID for the same purpose.
• Content you provide. Trip and guide content you create (for example destination, days, itinerary text, and preferences).
• Images & attribution data. For some images and media (including posters and other shared visuals), we may store provider/source details and any author/license information required for attribution.
• AI inputs & outputs. When you ask teravia to generate or translate trips or guides, we process your prompts, trip parameters, and the resulting content. This material may be sent to third‑party AI providers to generate the output.
• Cookies/Local Storage. We use strictly-necessary cookies/local storage to keep lightweight preferences (e.g., dismissing a Terms modal) and session tokens for anonymous sessions.
• Profile details. If you create an account, we store profile information such as username, full name, bio, avatar, and optional Instagram/TikTok handles.
• Date of birth & age status. If you create an account, we collect your date of birth (DOB) to verify you are at least 16. We also store a derived boolean (age_verified). DOB may be masked in the UI by default.
• Curator/Pioneer status. Some accounts may have an editorial role (Curator) and/or an early badge (Pioneer) assigned by admin. These are used for attribution and discovery.
• Private social signals. Your Connections (mutual only) and your private Collections of trips. These are not publicly displayed beyond a single “Connections · {count}” number on your profile.
• Subscription & billing metadata. Plan (e.g., Free/Plus), Stripe customer/subscription IDs, current_period_end, cancel_at_period_end, and usage quotas. We do not store full card details.

• Operate the app (trips, guides, Inspiration studio, poster generation, storage, and performance).
• Enforce fair-use limits and protect against abuse (spam, scraping, fraud).
• Improve quality and reliability (diagnostics, aggregate analytics).
• Show required image licenses/credits where applicable.
• If you save a trip, we store it and make it viewable by link and may cache derived media such as thumbnails and posters.
• Provide private features: Connections (mutual only) and your personal Collection.
• Personalize silently using your own private signals (connections/collections), without public leaderboards.
• Manage subscriptions (auto‑renew status, end‑of‑period access) via Stripe.
• Use third‑party AI providers to generate and improve itinerary and guide outputs, while aiming to minimise personal data sent to those providers.

We use third-party services to deliver features:

• AI models to generate itinerary text. Prompts you send may be processed by the model provider to return results.
• Image providers for posters and visuals; we may cache derived thumbnails and store associated license/attribution metadata where required.
• Stripe (payments) to process subscriptions. We share minimal identifiers (e.g., customer/subscription IDs) and do not store full card details.

These providers receive only the data needed to perform their function. Their privacy practices apply when they process your data.

• Performance of a contract (providing the service you request).
• Legitimate interests (security, abuse prevention, service analytics, required attribution).
• Consent (where required, e.g., optional cookies or marketing if introduced later).
• Compliance with legal obligations (tax/accounting records for subscriptions and payments).

• Anonymous rate-limit records are kept for the rolling window needed to enforce limits (e.g., daily) and then pruned or aggregated.
• Session outputs (AI ideas/posters) may be stored with your session ID so you can view/download them.
• Cached thumbnails and attribution metadata may be retained to comply with license terms.
• User‑uploaded media and VR assets are retained while your account exists and you do not delete them. Backups may persist for a limited period on their normal cycle.
• Subscription and billing records are retained for the period required by accounting/tax laws.
• On account deletion, we cancel billing immediately and delete or anonymize personal data. Where image licenses require attribution, we may retain attribution records and cached thumbnails.
• Aggregated analytics may be retained without identifying information.

• We do not sell your personal data.
• We share data with processors (hosting/database, analytics, AI, payments) strictly to operate the service, under appropriate agreements.
• We may disclose information if required by law or to protect the rights and safety of users or the service.
• Examples of processors include Supabase (hosting/database), Stripe (payments), AI providers (itinerary and guide generation/translation), and image/storage providers.

• You can use teravia without creating an account. If you later create one, you may request access, correction, or deletion as applicable.
• You can clear local browser storage/cookies related to teravia at any time (may affect session continuity).
• EEA/UK residents: you may have rights to object, restrict processing, data portability, and lodge a complaint with your local authority.
• You can show/hide DOB in the UI; DOB may be masked by default.
• You can turn off auto‑renew; access continues until the listed end date.
• You can delete your account; we cancel billing immediately and remove/anonymize your data.

We use reasonable technical and organizational measures (encryption in transit, access controls). No system is 100% secure; please report issues to hello@teravia.app.

teravia is not directed to individuals under 16. We block account creation for users under 16. If we become aware that an account belongs to someone under 16, we will disable the account and delete associated personal data, except where we must retain limited records for security or legal obligations. If you believe we collected data from someone under 16, contact us to remove it.

We may process data in countries different from yours. Our core infrastructure is hosted by providers such as Supabase and Vercel, which may store data in the EU, the US, or other regions. Where required, we use safeguards such as standard contractual clauses or equivalent mechanisms for international transfers.

We may update this Policy periodically. Material changes will be reflected by updating the “Last updated” date.

Email: hello@teravia.app