Legal

Privacy Policy

Last updated: March 2026

1. Data Controller

Gullivr is operated as a personal project. For any privacy-related inquiries, contact us at info@gullivr.xyz.

2. Data We Collect

We collect and process the following categories of data:

  • Account data: email address, password hash (or Google OAuth token), and avatar URL
  • Trip planning data: trips, places, flights, accommodations, geographic coordinates, descriptions, and notes you create
  • API keys: stored as bcrypt hashes — the plain key is shown once at creation and never stored
  • MCP request logs: timestamps and rate-limit counters for API usage monitoring

3. Cookies

Gullivr uses session-only authentication cookies managed by Supabase (HTTP-only, secure). These are essential for keeping you signed in and cannot be disabled. Gullivr itself does not set any tracking cookies. Non-essential analytics (Umami) are loaded only with your explicit consent via the cookie banner.

4. Third-Party Services

We rely on the following third-party services to operate Gullivr:

Supabase — Database and authentication, hosted in the EU (Ireland region). Stores your account and trip data.

Google Maps & Places API — Map rendering and place search. Your coordinates and search queries are sent to Google when you use the map or search for places.

OpenRouteService — Route calculation (used as a fallback provider for distance and direction data).

Sentry — Error tracking and performance monitoring. Your user ID is hashed with SHA-256 before transmission; no personally identifiable information is sent to Sentry.

Umami — Privacy-friendly analytics. Loaded only if you accept non-essential cookies via the cookie consent banner. No personal data is collected.

5. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Object — object to certain processing of your data

To exercise any of these rights, contact us at info@gullivr.xyz.

6. Age Restriction

Gullivr is not intended for users under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

7. Data Retention

Your account and trip data are retained for as long as your account is active. If you request account deletion, all associated data will be permanently removed from our systems.

8. Contact

For any privacy-related questions or requests, reach out to info@gullivr.xyz.