Privacy & Security

Your family's travel data is private and secure. Here's exactly how we protect it.

Your data is encrypted

•All data is encrypted in transit with TLS 1.3 — the same standard used by banks
•Data at rest is encrypted with AES-256 via our database provider (Supabase)
•Photos and documents are stored in isolated, access-controlled storage buckets

Only you see your data

•Row-level security ensures you can only access your own trips, photos, and documents
•Shared trips are visible only to people you explicitly invite
•We never access, review, or analyze your personal travel data

AI privacy

•Trip data sent to AI providers is used solely to generate your itinerary — never stored or used for training
•We use Anthropic (Claude) and Google (Gemini) APIs, both of which have zero-retention data policies for API usage
•AI conversations are stored in your account only — you can delete them anytime

Where your data lives

•Application hosted on Vercel (HTTPS enforced, SOC 2 compliant)
•Database and file storage on Supabase (SOC 2 Type II, HIPAA eligible)
•No data is sold, rented, or shared with advertisers — ever

You control your data

•Delete individual trips, photos, or documents at any time
•Delete your entire account and all associated data from your Profile page
•Account deletion is permanent and removes everything — trips, photos, documents, and preferences

Last updated: March 2026

Questions? Contact us at privacy@planohana.com