β Back to Wayven
Privacy Policy
Last updated: February 12, 2026
Introduction
This Privacy Policy describes how Wayven collects, uses, stores, and
protects your personal information. We take privacy very seriously and
are committed to being transparent about our data practices.
By using our platform, you agree to the practices described in this
policy. We recommend reading this document carefully to fully understand
how your information is handled.
1. Information We Collect
At Wayven, we only collect information necessary to provide our travel
planning services. This includes registration data, travel information,
and documents you choose to share with us.
1.1 Information You Provide
-
Registration Data: Name, email, password (encrypted),
optional profile photo. Social authentication via Google Sign-In or
Apple Sign-In (we only receive name and email from the provider)
-
Travel Information: Destinations, dates, preferences,
budget, checklists
-
Documents: Tickets, vouchers, hotel confirmations you
choose to upload (including via the system's Share Extension)
-
Preferences: Notification settings, language,
preferred currency
-
Subscription Data: If you subscribe to the Pro Plan,
we collect: subscription identifier, entitlement status
(active/expired), purchase and renewal dates, and transaction tokens
processed by Apple App Store or Google Play Store via RevenueCat.
We do not have access to your credit card number or
banking details β those are processed exclusively by Apple or Google.
1.2 Information Automatically Collected by the App
-
Usage Data: Most used features, screens viewed,
session duration, interaction patterns within the app
-
Device Information: Smartphone/tablet model,
iOS/Android version, unique device identifier (IDFA on iOS,
Advertising ID on Android), system language, timezone, mobile carrier
-
Performance Data: Screen loading times, crashes,
errors, memory and battery usage
-
Session Identifiers: Authentication tokens, unique
app installation identifiers
1.3 Mobile App Permissions
The Wayven app may request the following permissions on your mobile
device.
You have full control and can deny or revoke these
permissions
in your smartphone settings, although this may limit some functionality:
-
π· Camera (Optional): To scan travel documents,
capture destination photos, or add profile picture. Granted only when
you choose to use these features.
-
πΌοΈ Gallery/Photos (Optional): To upload travel
photos, saved documents, or profile picture. We only access photos you
explicitly select.
-
π Storage (Required): To save offline data, cache
travel information, and enable internet-free access. Essential for
offline mode.
-
π Push Notifications (Optional): To send task
reminders, travel alerts, and important updates. You can disable
anytime in app settings.
-
π Internet/Data (Required): To sync information to
the cloud, access third-party APIs, and process with AI.
-
π Location (Never Collected): Wayven
DOES NOT request access to your GPS location. We do
not track where you are in real-time.
Important: Denying optional permissions does not
prevent basic app usage. Permissions are requested only when necessary
for specific functionality, following Apple and Google privacy
guidelines.
2. How We Use Your Information
We use your information exclusively to enhance your travel planning
experience, generate personalized suggestions, and analyze travel
documents to automate the organization process.
2.1 Primary Purposes
-
Provide Service: Process your travel information and
generate personalized plans
-
AI and Automation: Use artificial intelligence
(OpenAI) to analyze documents and generate suggestions.
Your personal data is not used to train third-party AI
models
-
Communication: Send important notifications about
your trips and service updates
-
Support: Answer questions and resolve technical
issues
-
Improvements: Analyze usage patterns to develop new
features
-
Monetization (Free Plan): Display advertisements
through Google AdMob (banners and rewarded videos).
Pro Plan users do not see ads and their data is not
shared with advertising networks
2.2 Use of Anonymized Data
We may use aggregated and anonymized data for internal product analysis,
statistical reports, and travel trend research. This data does not allow
individual identification and is not sold to third parties.
3. Data Protection
We implement rigorous security measures to protect your personal
information. All data is encrypted and stored on secure servers with
restricted access.
3.1 Technical Security Measures
-
SSL/TLS Encryption: All communications between your
device and our servers are encrypted
-
Encrypted Passwords: We use bcrypt hash to securely
store passwords
-
Secure Infrastructure: Hosting on Supabase with
international security certifications
-
Automatic Backups: Regular backups with data
encryption
-
Monitoring: Intrusion detection systems and
suspicious activity monitoring
3.2 Organizational Measures
- Restricted data access only to authorized team members
- Regular team training on privacy and security
- Periodic security audits
- Strict access control policies
4. Information Sharing
We do not sell, rent, or share your personal information with third
parties for commercial purposes. We only share data when necessary to
provide our services or when required by law.
4.1 When We Share
-
Service Providers: Supabase (hosting), OpenAI (AI
document analysis β data sent does not include personally identifiable
information in isolation; OpenAI does not use Wayven's data for model
training), Google Firebase (analytics, push notifications, crash
reporting) β all under confidentiality agreements
-
Advertising Partners (Free Plan only): Google AdMob
for displaying ads.
Pro Plan users do not have data shared with advertising
partners
-
Payment Processors: RevenueCat (subscription
management and entitlement validation), Apple App Store and Google
Play Store (payment processing for Pro subscriptions). Wayven does not
have access to credit card data
-
Travel APIs: Viator, Google Places, Unsplash for
enriching destination content
-
Legal Obligations: When required by law, court order,
or government authorities
-
Rights Protection: To protect our rights, property,
or safety
-
With Your Consent: Any other sharing requires your
explicit authorization
5. Mobile Advertising and Monetization
Wayven operates a freemium model with two plans:
-
Free Plan: Displays ads via Google AdMob (banners and
rewarded videos). Rewarded videos are optional β you choose to watch
them to temporarily unlock AI features
-
Pro Plan (paid subscription):
Ad-free. No advertising data is collected or shared
with ad networks. Advertising identifiers (IDFA/GAID) are not used
5.1 How Ads Work on the Free Plan
-
Google AdMob: Advertising network that displays ads
within the app
-
Advertising Identifiers: IDFA (iOS) and Google
Advertising ID (Android) to personalize ads
-
Data Shared with Advertisers: Approximate age,
inferred interests, in-app behavior (aggregated and anonymized)
-
Ad Types: Banners and rewarded videos (optional for
accessing AI features)
5.2 Personalized Ads Control
Free Plan users can limit or disable personalized ads:
-
iOS: Settings β Privacy β Tracking β Disable "Allow
Apps to Request to Track"
-
iOS (ads): Settings β Privacy β Apple Advertising β
Disable "Personalized Ads"
-
Android: Settings β Google β Ads β Disable "Opt out
of Ads Personalization"
-
Android (reset): Reset advertising ID to clear
history
-
Pro Subscription: Remove all ads completely by
subscribing to the Pro Plan within the app
Note: For Free Plan users, disabling personalized ads
does not remove ads from the app, only makes them less relevant. For a
completely ad-free experience, consider the Pro Plan.
For more information:
5.3 Local Storage and Cache
The app stores data locally on your device to work offline:
-
Local Database: Travel information, checklists,
preferences (using SQLite/Hive)
-
Image Cache: Destination photos, downloaded documents
-
Session Tokens: To keep you authenticated without
repeatedly logging in
This data is securely stored in the app's sandbox and is not accessible
by other apps.
6. Your Rights
You have the right to access, correct, or delete your personal
information at any time. Contact us through the platform to exercise
these rights.
6.1 Rights Guaranteed by LGPD (Brazilian Data Protection Law)
-
Access: Request a copy of all data we have about you
-
Correction: Update incomplete or incorrect
information
-
Deletion: Request deletion of your data (right to be
forgotten)
-
Portability: Receive your data in a structured,
readable format
-
Consent Withdrawal: Withdraw consent for data
processing
-
Opposition: Object to data processing in certain
circumstances
- Information: Know who has access to your data
6.2 How to Exercise Your Rights
To exercise any of these rights, contact us at
support@wayven.io. We will
respond to your request within 15 business days, as required by LGPD.
7. Data Retention
We keep your information only as long as necessary to provide our
services or as required by law. You can request deletion of your data at
any time.
7.1 Retention Periods
-
Active Account: While your account is active and you
use our services
-
Inactive Account: Up to 2 years after last activity,
then automatically deleted
-
Transaction Data: 5 years for tax and legal
compliance
-
Security Logs: Up to 6 months for protection and
incident investigation
7.2 Data Deletion
When you request account deletion, we permanently remove your personal
data from our active systems within 30 days. Backups may contain your
data for up to 90 additional days before complete deletion.
8. International Data Transfer
Your data may be stored and processed on servers located outside Brazil.
We ensure all international providers follow adequate data protection
standards equivalent to LGPD.
We use standard contractual clauses and other legal safeguards to
protect your data in international transfers.
9. Children's Privacy
Our service is not directed to individuals under 18 years old. We do not
intentionally collect information from children or adolescents. If you
are a parent or guardian and discover that your child has provided
information, contact us so we can delete the data.
10. Changes to This Policy
This policy may be updated periodically. We will notify you of
significant changes through the platform or by email.
We recommend reviewing this policy regularly to stay informed about how
we protect your information. The date of the last update is indicated at
the top of this page.
11. Contact and Data Protection Officer
If you have questions about this privacy policy, contact us at
support@wayven.io.
For specific questions about privacy and data protection, you can
contact our Data Protection Officer (DPO) at the same email address.
12. Advertising and Monetization
On the Free Plan, Wayven uses Google AdMob to display advertisements.
Google may use device identifiers and inferred interests to show
relevant ads.
Pro Plan users do not see any ads, and no advertising data is collected
or shared for them.
You can opt out of personalized advertising by visiting
Google Ads Settings. Additionally, you can opt out of third-party vendor use of cookies
for personalized advertising by visiting
www.aboutads.info.
13. LGPD Compliance
Wayven is designed to align with the Brazilian General Data Protection
Law (LGPD - Law No. 13.709/2018) and all applicable Brazilian privacy
regulations.
We have implemented technical and organizational measures aligned with
LGPD, including:
- Adequate legal basis for all data processing
- Explicit consent when necessary
- Transparency about data use
- Information security
- Respect for data subjects' rights
- Record of data processing activities
- Notification of security incidents to ANPD when applicable
13.1 AI and Automated Decisions
Wayven uses AI models (OpenAI) to analyze travel documents, generate
personalized suggestions, and automate planning tasks. Under LGPD
Article 20:
-
You have the right to request review of automated
decisions that affect your interests
-
AI results are suggestions and
do not replace human decisions
-
Data sent to OpenAI does not include your personally identifiable
information in isolation
-
OpenAI does not use data processed via Wayven's API to train its
models
14. Dispute Resolution
In case of privacy questions or complaints, contact us first. We will do
our best to resolve the issue internally. If we cannot resolve it
satisfactorily, you can file a complaint with the Brazilian National
Data Protection Authority (ANPD) at
www.gov.br/anpd.
Consumers in Brazil have the right to bring actions in their local
jurisdiction, as provided by Article 101, I, of the Consumer Protection
Code.