1. What we collect
When you create an account, we collect:
- Account info: Name, email, profile photo (from Google or Apple Sign In)
- Profile data: Home city, dietary preferences, music genres, bio, emergency contacts (all optional, you choose what to share)
- Trip data: Trip names, dates, locations, member lists, vehicles, gear, expenses, schedules, playlists
- Safety Cards: Substance plans, medications, emergency contacts (sensitive — see Section 5)
- Messages: In-trip chat messages
- Feedback: Bug reports and suggestions you submit
2. How we use it
- Provide the Bassplanner service (trip planning, coordination, sharing)
- Display your profile to trip members you choose to share with
- Send transactional emails (sign-in links, trip invites)
- Improve the service based on aggregated, anonymized usage patterns
We never sell your data. We never share personal data with third parties for marketing.
3. Third-party services
- Turso (database): Stores your data. Encrypted at rest. US-West-2 region.
- Vercel (hosting): Serves the app. Cookie-free analytics (page views only, no PII).
- Resend (email): Sends sign-in emails. Processes your email address only.
- Google AdSense: May set advertising cookies if you consent. No personal data shared by us.
- Google/Apple (auth): Provides sign-in. We receive name, email, photo only.
4. Cookies
Essential: Authentication session cookie (required for the app to work).
Optional: Google AdSense cookies (only set if you click “Allow all” on the consent banner).
You can change your cookie preference at any time by clearing your browser cookies.
5. Sensitive data (Safety Cards)
Safety Cards may contain sensitive health and substance information. Special protections:
- Auto-expiry: Safety Cards are automatically deleted 7 days after creation
- Visibility: Only visible to members of the same trip
- Encryption: Stored encrypted at rest (Turso database encryption)
- No analytics: Safety Card content is never included in any analytics or aggregation
6. Your rights (GDPR / CCPA)
- Access: Download all your data anytime from Settings → “Download my data”
- Rectification: Edit your profile and trip data directly in the app
- Erasure: Delete your account from Settings → “Delete account” (completes within 24 hours)
- Portability: Export your data as JSON from Settings
- Objection: Email us to opt out of any processing
7. Data retention
- Account data: Retained until you delete your account
- Trip data: Retained until the trip owner deletes the trip
- Safety Cards: Auto-deleted after 7 days
- Feedback: Retained indefinitely (anonymized — no user ID linked)
- After account deletion: All personal data removed within 24 hours. Anonymized aggregates may persist.
8. Security
We use HTTPS everywhere, encrypted database storage, rate limiting, input validation, and access controls. We do not store passwords (authentication is handled by Google/Apple/email magic links).
9. Children
Bassplanner is not intended for users under 17. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us for removal.
10. Changes
We may update this policy. Material changes will be communicated via email or in-app notice. Continued use after changes constitutes acceptance.