Save my spot

Privacy Policy

Last updated: March 18, 2026

Introduction

This Privacy Policy describes how Voyalist (“we”, “us”, or “our”) collects, uses, and shares information about you when you use our services.

Effective Date: 2026-03-18

If you have questions about this policy, please contact us at privacy@voyalist.io.

Information We Collect

We collect the following categories of information:

Account Information:

  • email address
  • display name
  • username
  • password credentials
  • email verification status

Profile Information:

  • profile photo
  • bio
  • home location
  • traveler type
  • linked social accounts

Travel and Social Content:

  • travel lists
  • saved places
  • trip plans
  • bookings
  • events and RSVPs
  • posts, comments, likes, and reviews
  • group chat messages and attachments

Location Information:

  • precise GPS location
  • background location for automatic visit tracking and travel timeline, collected even when the app is closed or not in use
  • live shared location
  • visit history and travel segments
  • location-derived movement and transport mode data

Physical Activity and Movement Data:

  • physical activity recognition (detecting walking, running, cycling, driving, and transit modes)
  • transport mode classification between locations
  • movement speed and distance calculations derived from location data
  • activity duration for travel segments

Media Uploads:

  • profile photos
  • trip photos
  • event cover images
  • review photos and videos
  • chat images and videos
  • post media

Device and Technical Information:

  • device type
  • operating system
  • push notification token
  • browser type
  • IP address
  • crash diagnostics

Usage and Analytics Information:

  • pages and screens viewed
  • search queries
  • feature interactions
  • app usage events
  • API usage summaries

AI Feature Inputs and Outputs:

  • place recommendation prompts
  • event extraction input text and URLs
  • generated event cover images
  • AI-generated place summaries

We process your personal data under the following legal basis:

We process personal data to perform our contract with users, based on consent for optional or sensitive features like location tracking, and based on legitimate interests for service security, analytics, and product improvement.

Data Retention

We retain your information for the following periods:

  • Account data: Until account deletion, plus any legally required retention period.
  • Travel and social content: Until deleted by the user or removed under our platform rules.
  • Location history: Until deleted by the user, with additional retention only as needed for sync, backup, fraud prevention, or legal compliance.
  • Physical activity and movement data: Stored on your device and synced to your account as part of Timeline visit and travel data. Retained until you delete your timeline data, disable the Timeline feature, or delete your account.
  • Crash reports and diagnostics: Typically up to 90 days.
  • Legal acceptance records: Retained to maintain an audit trail of policy acceptance history.

Cookies and Tracking

We do not use cookies or tracking technologies on our service.

Third-Party Services

We share data with the following third-party services:

  • Google Firebase — Authentication, Firestore database, cloud storage, analytics, crash reporting, and push notifications.
  • Google Places API — Place search, place details, geocoding, and related place data.
  • Mapbox — Maps, geocoding, directions, and map search experiences.
  • Google Gemini and Vertex AI — AI-powered recommendations, event extraction, summaries, and generated imagery.
  • Google Sign-In — Optional account creation and authentication.
  • Sign in with Apple — Optional account creation and authentication.
  • Facebook Login — Optional account creation and authentication.
  • FlightAPI.io and AeroDataBox — Flight and airport lookup features.
  • Resend — Operational and internal alert email delivery.

Your Rights

You have the following rights regarding your personal data:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to request deletion of your data
  • Right to receive your data in a portable format
  • Right to restrict how we process your data
  • Right to object to processing
  • Right to opt out of the sale of your personal information
  • Right to non-discriminatory treatment for exercising your rights

GDPR Supplemental Disclosures

This section applies to individuals in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

Data Controller: Voyalist, LLC, 211 E. 7th Street, Suite 620 Austin, TX 78701

Your GDPR Rights: In addition to the rights listed above, you have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.

International Transfers: If we transfer your personal data outside the EEA, we ensure adequate safeguards are in place in accordance with GDPR requirements.

California Privacy Rights (CCPA)

This section applies to California residents under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected: We collect the categories of personal information described in the “Information We Collect” section above.

Your California Rights:

  • Right to Know: You may request information about the personal information we have collected about you, including the categories of sources, the business purpose for collection, and the categories of third parties with whom we share information.
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Opt-Out: You may opt out of the sale or sharing of your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your California privacy rights.

To exercise your rights, contact us at privacy@voyalist.io.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Voyalist, LLC 211 E. 7th Street, Suite 620 Austin, TX 78701

Email: privacy@voyalist.io

How We Use Your Information

We use the information we collect for the purposes described below. We only collect data that is necessary for the features you use, and we do not sell your personal data.

Account and Profile Information: We use your account and profile information to create and maintain your account, authenticate you, personalize your experience, and enable social features such as following other travelers and sharing content.

Travel and Social Content: We use travel lists, saved places, trip plans, events, posts, and messages to power the core travel planning and social features of Voyalist, including collaboration, sharing, and discovery.

Location Information: We use your location to center the map on your position, show nearby places, enable live location sharing with friends, and power the Timeline feature that automatically records the places you visit. Background location is collected for Timeline and live sharing even when the app is closed or not in use, and only when you have explicitly enabled these features.

Physical Activity and Movement Data: We use physical activity recognition solely to classify your transport mode (e.g., walking, driving, cycling, transit, flying) within the travel Timeline feature. This helps us accurately display how you traveled between visited locations. Activity data is derived from your device’s motion sensors and location changes. Transport mode classifications are stored as part of your Timeline visit and travel segment records and synced to your account for Timeline functionality. We do not use this data for health monitoring, fitness tracking, medical purposes, or advertising.

Media Uploads: We use photos and videos you upload to display them in your profile, travel lists, reviews, posts, event pages, and chat conversations.

Device and Technical Information: We use device and technical data for app functionality, push notifications, crash diagnostics, and to improve app stability and performance.

Usage and Analytics Information: We use analytics data to understand how features are used, identify issues, and improve the product. This data is aggregated and not used for advertising.

AI Feature Inputs and Outputs: We use AI inputs (such as prompts and URLs) to generate place recommendations, event details, cover images, and summaries. AI-generated outputs are stored to display them to you and are not used to train third-party models.

Health Data Disclaimer

Voyalist is a travel planning and social app. We do not provide health, fitness, or medical services. Physical activity and movement data is collected exclusively for travel timeline functionality — specifically, to classify how you moved between locations (e.g., walking, driving, flying).

This data is:

  • Not used for health monitoring, fitness tracking, or medical diagnosis
  • Not used for health-related advertising or user profiling
  • Not shared with third parties for health or fitness purposes
  • Stored on your device and synced to your secure account for Timeline functionality. Raw location data is additionally backed up when you enable cloud backup. Retained until you delete your timeline data or disable the Timeline feature

The ACTIVITY_RECOGNITION permission on Android is used solely for transport mode detection within the Timeline feature.

Data Security

We take reasonable measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
  • Access controls: Firebase Security Rules restrict data access to authorized users. Your data is only accessible to you and, where applicable, to users you have explicitly chosen to share with.
  • Secure storage: Data is stored in Google Cloud infrastructure with industry-standard security certifications.
  • Minimal data collection: We only collect data necessary for the features you use. Physical activity and movement data is initially processed on your device. Transport mode classifications are stored as part of your Timeline visit and travel segment records and synced to your account for Timeline functionality.

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.