Data Protection

GDPR Compliance

Your data rights under the General Data Protection Regulation

Your Data Rights

Right to Access

Request a copy of all personal data we hold about you. We will provide this within 30 days.

Right to Rectification

Request correction of any inaccurate personal data or completion of incomplete data.

Right to Erasure

Request deletion of your personal data. We will comply unless legally required to retain it.

Right to Data Portability

Request your data in a machine-readable format to transfer to another service.

Our Commitment to GDPR

TourPlan, operated by ZAISTECH LLC, is committed to protecting the privacy and security of your personal data in compliance with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).

Data Controller

ZAISTECH LLC acts as the data controller for personal data collected through TourPlan.

Contact Details:
ZAISTECH LLC
30 N Gould St, Ste R
Sheridan, WY 82801
United States
Email: info@tourplan.io

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Legal Basis	Purpose
Contract	To provide you with our Service as agreed in our Terms
Consent	For marketing communications and optional features
Legitimate Interest	To improve our Service and prevent fraud
Legal Obligation	To comply with applicable laws and regulations

Data Processing Activities

We process the following categories of personal data:

Account Information: Name, email address, profile details
Trip Planning Data: Destinations, dates, preferences, itineraries
Usage Data: How you interact with our Service
Payment Information: Processed securely through Stripe

Data Retention

Data Type	Retention Period
Account data	Until account deletion + 30 days
Trip data	Until account deletion
Payment records	7 years (legal requirement)
Usage logs	90 days

International Transfers

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place:

Standard Contractual Clauses approved by the European Commission
Data Processing Agreements with all sub-processors
Technical measures including encryption in transit and at rest

Sub-processors

We use the following sub-processors to help provide our Service:

Provider	Purpose	Location
Supabase	Database & Authentication	United States
Stripe	Payment Processing	United States
OpenAI	AI Recommendations	United States
Google	Places API	United States
Vercel	Hosting	United States

Cookies

We use essential cookies to operate our Service and analytics cookies to understand usage patterns.

Cookie Types:

Essential: Required for basic functionality (session, authentication)
Functional: Remember your preferences (currency, theme)
Analytics: Help us improve the Service (anonymized usage data)

You can manage cookie preferences through your browser settings.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

We will notify the relevant supervisory authority within 72 hours
We will notify affected users without undue delay
We will document all breaches and our response

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.

EU residents can find their local authority at: edpb.europa.eu