← Back to Wayven

Privacy Policy

Last updated: February 12, 2026

Introduction

This Privacy Policy describes how Wayven collects, uses, stores, and protects your personal information. We take privacy very seriously and are committed to being transparent about our data practices.

By using our platform, you agree to the practices described in this policy. We recommend reading this document carefully to fully understand how your information is handled.

1. Information We Collect

At Wayven, we only collect information necessary to provide our travel planning services. This includes registration data, travel information, and documents you choose to share with us.

1.1 Information You Provide

• Registration Data: Name, email, password (encrypted), optional profile photo. Social authentication via Google Sign-In or Apple Sign-In (we only receive name and email from the provider)
• Travel Information: Destinations, dates, preferences, budget, checklists
• Documents: Tickets, vouchers, hotel confirmations you choose to upload (including via the system's Share Extension)
• Preferences: Notification settings, language, preferred currency
• Subscription Data: If you subscribe to the Pro Plan, we collect: subscription identifier, entitlement status (active/expired), purchase and renewal dates, and transaction tokens processed by Apple App Store or Google Play Store via RevenueCat. We do not have access to your credit card number or banking details — those are processed exclusively by Apple or Google.

1.2 Information Automatically Collected by the App

• Usage Data: Most used features, screens viewed, session duration, interaction patterns within the app
• Device Information: Smartphone/tablet model, iOS/Android version, unique device identifier (IDFA on iOS, Advertising ID on Android), system language, timezone, mobile carrier
• Performance Data: Screen loading times, crashes, errors, memory and battery usage
• Session Identifiers: Authentication tokens, unique app installation identifiers

1.3 Mobile App Permissions

The Wayven app may request the following permissions on your mobile device. You have full control and can deny or revoke these permissions in your smartphone settings, although this may limit some functionality:

• 📷 Camera (Optional): To scan travel documents, capture destination photos, or add profile picture. Granted only when you choose to use these features.
• 🖼️ Gallery/Photos (Optional): To upload travel photos, saved documents, or profile picture. We only access photos you explicitly select.
• 📁 Storage (Required): To save offline data, cache travel information, and enable internet-free access. Essential for offline mode.
• 🔔 Push Notifications (Optional): To send task reminders, travel alerts, and important updates. You can disable anytime in app settings.
• 🌐 Internet/Data (Required): To sync information to the cloud, access third-party APIs, and process with AI.
• 📍 Location (Never Collected): Wayven DOES NOT request access to your GPS location. We do not track where you are in real-time.

Important: Denying optional permissions does not prevent basic app usage. Permissions are requested only when necessary for specific functionality, following Apple and Google privacy guidelines.

2. How We Use Your Information

We use your information exclusively to enhance your travel planning experience, generate personalized suggestions, and analyze travel documents to automate the organization process.

2.1 Primary Purposes

• Provide Service: Process your travel information and generate personalized plans
• AI and Automation: Use artificial intelligence (OpenAI) to analyze documents and generate suggestions. Your personal data is not used to train third-party AI models
• Communication: Send important notifications about your trips and service updates
• Support: Answer questions and resolve technical issues
• Improvements: Analyze usage patterns to develop new features
• Monetization (Free Plan): Display advertisements through Google AdMob (banners and rewarded videos). Pro Plan users do not see ads and their data is not shared with advertising networks

2.2 Use of Anonymized Data

We may use aggregated and anonymized data for internal product analysis, statistical reports, and travel trend research. This data does not allow individual identification and is not sold to third parties.

3. Data Protection

We implement rigorous security measures to protect your personal information. All data is encrypted and stored on secure servers with restricted access.

3.1 Technical Security Measures

• SSL/TLS Encryption: All communications between your device and our servers are encrypted
• Encrypted Passwords: We use bcrypt hash to securely store passwords
• Secure Infrastructure: Hosting on Supabase with international security certifications
• Automatic Backups: Regular backups with data encryption
• Monitoring: Intrusion detection systems and suspicious activity monitoring

3.2 Organizational Measures

• Restricted data access only to authorized team members
• Regular team training on privacy and security
• Periodic security audits
• Strict access control policies

4. Information Sharing

We do not sell, rent, or share your personal information with third parties for commercial purposes. We only share data when necessary to provide our services or when required by law.

4.1 When We Share

• Service Providers: Supabase (hosting), OpenAI (AI document analysis — data sent does not include personally identifiable information in isolation; OpenAI does not use Wayven's data for model training), Google Firebase (analytics, push notifications, crash reporting) — all under confidentiality agreements
• Advertising Partners (Free Plan only): Google AdMob for displaying ads. Pro Plan users do not have data shared with advertising partners
• Payment Processors: RevenueCat (subscription management and entitlement validation), Apple App Store and Google Play Store (payment processing for Pro subscriptions). Wayven does not have access to credit card data
• Travel APIs: Viator, Google Places, Unsplash for enriching destination content
• Legal Obligations: When required by law, court order, or government authorities
• Rights Protection: To protect our rights, property, or safety
• With Your Consent: Any other sharing requires your explicit authorization

5. Mobile Advertising and Monetization

Wayven operates a freemium model with two plans:

• Free Plan: Displays ads via Google AdMob (banners and rewarded videos). Rewarded videos are optional — you choose to watch them to temporarily unlock AI features
• Pro Plan (paid subscription): Ad-free. No advertising data is collected or shared with ad networks. Advertising identifiers (IDFA/GAID) are not used

5.1 How Ads Work on the Free Plan

• Google AdMob: Advertising network that displays ads within the app
• Advertising Identifiers: IDFA (iOS) and Google Advertising ID (Android) to personalize ads
• Data Shared with Advertisers: Approximate age, inferred interests, in-app behavior (aggregated and anonymized)
• Ad Types: Banners and rewarded videos (optional for accessing AI features)

5.2 Personalized Ads Control

Free Plan users can limit or disable personalized ads:

• iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track"
• iOS (ads): Settings → Privacy → Apple Advertising → Disable "Personalized Ads"
• Android: Settings → Google → Ads → Disable "Opt out of Ads Personalization"
• Android (reset): Reset advertising ID to clear history
• Pro Subscription: Remove all ads completely by subscribing to the Pro Plan within the app

Note: For Free Plan users, disabling personalized ads does not remove ads from the app, only makes them less relevant. For a completely ad-free experience, consider the Pro Plan.

For more information:

• Google Advertising Policies
• How AdMob uses your data
• App Store Privacy

5.3 Local Storage and Cache

The app stores data locally on your device to work offline:

• Local Database: Travel information, checklists, preferences (using SQLite/Hive)
• Image Cache: Destination photos, downloaded documents
• Session Tokens: To keep you authenticated without repeatedly logging in

This data is securely stored in the app's sandbox and is not accessible by other apps.

6. Your Rights

You have the right to access, correct, or delete your personal information at any time. Contact us through the platform to exercise these rights.

6.1 Rights Guaranteed by LGPD (Brazilian Data Protection Law)

• Access: Request a copy of all data we have about you
• Correction: Update incomplete or incorrect information
• Deletion: Request deletion of your data (right to be forgotten)
• Portability: Receive your data in a structured, readable format
• Consent Withdrawal: Withdraw consent for data processing
• Opposition: Object to data processing in certain circumstances
• Information: Know who has access to your data

6.2 How to Exercise Your Rights

To exercise any of these rights, contact us at support@wayven.io. We will respond to your request within 15 business days, as required by LGPD.

7. Data Retention

We keep your information only as long as necessary to provide our services or as required by law. You can request deletion of your data at any time.

7.1 Retention Periods

• Active Account: While your account is active and you use our services
• Inactive Account: Up to 2 years after last activity, then automatically deleted
• Transaction Data: 5 years for tax and legal compliance
• Security Logs: Up to 6 months for protection and incident investigation

7.2 Data Deletion

When you request account deletion, we permanently remove your personal data from our active systems within 30 days. Backups may contain your data for up to 90 additional days before complete deletion.

8. International Data Transfer

Your data may be stored and processed on servers located outside Brazil. We ensure all international providers follow adequate data protection standards equivalent to LGPD.

We use standard contractual clauses and other legal safeguards to protect your data in international transfers.

9. Children's Privacy

Our service is not directed to individuals under 18 years old. We do not intentionally collect information from children or adolescents. If you are a parent or guardian and discover that your child has provided information, contact us so we can delete the data.

10. Changes to This Policy

This policy may be updated periodically. We will notify you of significant changes through the platform or by email.

We recommend reviewing this policy regularly to stay informed about how we protect your information. The date of the last update is indicated at the top of this page.

11. Contact and Data Protection Officer

If you have questions about this privacy policy, contact us at support@wayven.io.

For specific questions about privacy and data protection, you can contact our Data Protection Officer (DPO) at the same email address.

12. Advertising and Monetization

On the Free Plan, Wayven uses Google AdMob to display advertisements. Google may use device identifiers and inferred interests to show relevant ads.

Pro Plan users do not see any ads, and no advertising data is collected or shared for them.

You can opt out of personalized advertising by visiting Google Ads Settings. Additionally, you can opt out of third-party vendor use of cookies for personalized advertising by visiting www.aboutads.info.

13. LGPD Compliance

Wayven is designed to align with the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018) and all applicable Brazilian privacy regulations.

We have implemented technical and organizational measures aligned with LGPD, including:

• Adequate legal basis for all data processing
• Explicit consent when necessary
• Transparency about data use
• Information security
• Respect for data subjects' rights
• Record of data processing activities
• Notification of security incidents to ANPD when applicable

13.1 AI and Automated Decisions

Wayven uses AI models (OpenAI) to analyze travel documents, generate personalized suggestions, and automate planning tasks. Under LGPD Article 20:

• You have the right to request review of automated decisions that affect your interests
• AI results are suggestions and do not replace human decisions
• Data sent to OpenAI does not include your personally identifiable information in isolation
• OpenAI does not use data processed via Wayven's API to train its models

14. Dispute Resolution

In case of privacy questions or complaints, contact us first. We will do our best to resolve the issue internally. If we cannot resolve it satisfactorily, you can file a complaint with the Brazilian National Data Protection Authority (ANPD) at www.gov.br/anpd.

Consumers in Brazil have the right to bring actions in their local jurisdiction, as provided by Article 101, I, of the Consumer Protection Code.