Privacy Policy

Last updated: 28 April 2026

Who we are

Itinerary Planner is operated by Filip Delperdange. Contact: itinerary@delperdange.eu. We are the data controller for the personal data described below.

What we collect

• Account data: email address, password (stored as a one-way bcrypt hash), and the timestamp of your email confirmation.
• Session data: a signed cookie identifying your browser session, plus your IP address and user agent at the time of sign-in.
• Trip data: trip names, dates, stops, accommodations, activities, transports, budget items, and any notes or attachments you upload.
• MCP token: a 32-character hex token you generate to connect external clients (e.g. Claude Desktop, the Chrome extension).
• Operational logs: request logs (path, status, duration) and error reports for diagnostics.

Why we use it

• To provide the service — store and display the trip-planning data you create.
• To authenticate you — sign-in, email confirmation, password reset.
• To debug and improve — operational logs and error tracking.
• To prevent abuse — rate limits and audit logs.

Lawful basis (GDPR Art. 6): performance of the contract for trip data and authentication; legitimate interests for security logging and debugging.

Where it lives

The Service runs on infrastructure provided by these processors:

• Hetzner Online GmbH (Germany) — application hosting and primary database.
• Resend — transactional email delivery (account confirmations, password resets).
• Google LLC — Google Maps Platform for maps, places autocomplete, and travel-time calculations. Your IP address and approximate location may be sent to Google when you load a map page.
• Functional Software, Inc. (Sentry) — error reporting. Stack traces and request paths are sent to Sentry; we configure the integration to redact Authorization, Cookie, and X-CSRF-Token headers and to skip request bodies.
• Encrypted backups — daily Postgres dumps, encrypted client-side with the age tool before upload, are stored on a private Nextcloud share. The encryption key is held off-server.

How long we keep it

• Account + trip data — until you delete your account.
• Sessions — until you sign out or the cookie expires.
• Operational logs — typically 30 days.
• Encrypted backups — 30 days.
• Sentry error events — per Sentry's retention (currently 30 days on the free tier).

Your rights

Under GDPR you can:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data ("right to erasure").
• Export your data in a portable format.
• Withdraw consent or object to processing.
• Lodge a complaint with the Belgian Data Protection Authority (www.dataprotectionauthority.be).

Email itinerary@delperdange.eu with your request. We respond within 30 days.

Cookies

We set a single strictly-necessary session cookie (session_id) to keep you signed in. We do not use analytics, advertising, or tracking cookies. Strictly-necessary cookies do not require prior consent under ePrivacy.

Children

The Service is not directed at children under 16. If you believe a minor has created an account, contact us and we will delete it.

Changes

Material changes to this policy will be communicated by email to your registered address. The "Last updated" date above reflects the most recent revision.

Questions: itinerary@delperdange.eu.