APIT.fun

Privacy Policy

Last updated: February 2, 2026

1. Introduction & Scope

APit.fun (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Activity Planner web application (the “Service”).

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies, please do not access or use the Service.

This Privacy Policy applies to information collected through the Service and does not apply to information collected by third parties, including third-party websites or services that may be linked from the Service.

2. Information We Collect

We collect information you provide directly and information collected automatically when you use the Service.

2.1 Account Information

Depending on how you sign up, we collect different information:

  • Google OAuth: We receive your Google account ID, email address, display name, and profile image from Google. We do not receive or store your Google password.
  • Email/Password: We collect your email address and a securely hashed password. We never store your password in plain text.
  • Guest Account: We create an anonymous user ID. No personal information is required. Guest accounts can be upgraded to full accounts later.
  • Subscription: If you subscribe to Premium, we store your Stripe customer ID and subscription expiration date. Payment details are handled by Stripe (see Section 4.7).

2.2 User-Generated Content

We store content you create within the Service, including:

  • Bookmarked activities and places
  • Visited places and ratings
  • Visit log entries and journal notes
  • Trip itineraries and planned activities
  • Items within visits (photos, notes, mementos)

2.3 Social Features Data

If you use social features, we store:

  • Friend connections (mutual consent required)
  • Shared content permissions and access grants
  • Collaborative itinerary participation

2.4 Usage & Device Data

We automatically collect limited technical information:

  • Browser type and version (for compatibility)
  • Device type (desktop/mobile, for responsive design)
  • Theme preference (dark/light mode)
  • Session information (for authentication)

What We Do NOT Collect:

  • We do NOT use tracking cookies or analytics trackers
  • We do NOT sell or share your data with advertisers
  • We do NOT build advertising profiles
  • We do NOT store IP addresses permanently

3. AI & Third-Party Data Processing

⚠️ Important: AI Data Disclosure

When you request activity recommendations, we send information to AI providers to generate suggestions.

3.1 What We Send to AI Providers

When you request AI-powered recommendations, we send the following to our AI providers:

  • Your search queries and location preferences
  • Activity type preferences (e.g., “outdoor activities,” “restaurants”)
  • Trip context if provided (dates, destinations, group size)

3.2 What We Do NOT Send to AI Providers

We do NOT send the following to AI providers:

  • Your email address
  • Your name or display name
  • Your profile picture
  • Your saved bookmarks, visits, or journal entries
  • Your friend list or social connections
  • Any other personal profile data

3.3 AI Provider Privacy Policies

We use the following AI services. Your use of AI features is also subject to their privacy policies:

3.4 AI Response Retention

AI-generated responses are displayed to you in real-time but are NOT permanently stored in our database. If you save a recommendation to your bookmarks or itinerary, only the final saved data is stored—not the original AI response.

4. Third-Party Services

The Service uses third-party providers to deliver core functionality. We carefully select providers with strong privacy and security practices. Each category of service is described below:

4.1 Infrastructure & Data Storage

Your data is stored securely using industry-standard cloud database providers with encryption at rest and in transit. We use managed database services that comply with SOC 2 and other security certifications.

4.2 Authentication

We support multiple authentication methods including email/password and social login (Google). OAuth authentication is handled securely without storing third-party passwords.

4.3 AI Services

Activity recommendations are powered by leading AI providers. Only your search queries and preferences are sent—never personal account information. See Section 3 for details.

4.4 Maps & Location

Location search and mapping features use established mapping APIs. Only location queries you submit are sent to these services.

4.5 Transactional Email

Account-related emails (verification, password reset, notifications) are sent through a dedicated email delivery service. Only your email address is shared for delivery purposes.

4.6 Weather Data

Weather information for trip planning is retrieved from weather data providers using only location coordinates—no personal information is sent.

4.7 Payment Processing

We use Stripe to process subscription payments.

What Stripe receives: Name, email, payment method details (credit card), billing address, and transaction amounts.

What we store: Your Stripe customer ID and subscription expiration date. We do NOT store your full credit card number—that is handled securely by Stripe.

Stripe's Privacy Policy: Your payment information is subject to Stripe's Privacy Policy. Stripe is PCI-DSS compliant and does not sell your personal information.

For specific provider information or to request our full list of sub-processors, contact us at [email protected].

5. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service
  • To authenticate you and manage your account
  • To save and display your bookmarks, visits, and itineraries
  • To generate AI-powered activity recommendations
  • To enable social features like sharing and friend connections
  • To send password reset emails when requested
  • To respond to your inquiries and provide customer support
  • To detect, prevent, and address technical issues or abuse
  • To comply with legal obligations

We Do NOT:

  • Sell your personal information to third parties
  • Use your data for advertising or marketing purposes
  • Share your data with third parties for their marketing
  • Profile you for targeted advertising

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service.

  • Active Accounts: Data is retained for the duration of your account.
  • Account Deletion: When you delete your account, all associated data is permanently deleted immediately (see Section 9).
  • Guest Accounts: Guest account data may be retained indefinitely until you delete the account or upgrade to a full account.
  • Legal Requirements: We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention).

7. Data Security

We implement reasonable security measures to protect your personal information:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Encryption at Rest: Data stored in our database is encrypted.
  • Password Security: Passwords are hashed using bcrypt and are never stored in plain text.
  • Row Level Security (RLS): Our database uses PostgreSQL Row Level Security to ensure users can only access their own data.
  • API Authentication: All API requests require valid authentication tokens.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Your Rights & Choices

You have the following rights regarding your personal information:

  • Access: You can access your personal data through your Profile Settings.
  • Correction: You can update your name, profile image, and other account information through your Profile Settings.
  • Deletion: You can delete your account and all associated data at any time (see Section 9).
  • Export: You can request a copy of your data by contacting us at [email protected].
  • Opt-out of AI: You can choose not to use AI-powered features; the Service provides manual search and save functionality.

To exercise any of these rights, please contact us at [email protected] or use the relevant features in your Profile Settings.

9. Account Deletion

You can delete your account at any time through Profile Settings → Delete Account.

⚠️ What Happens When You Delete Your Account:

Account deletion is immediate and permanent. The following data is deleted:

  • Your profile information (email, name, profile image)
  • All bookmarked activities
  • All visited places and ratings
  • All visit logs and journal entries
  • All trip itineraries and activities
  • All friend connections
  • All shared content (both shared by you and shared with you)

This action cannot be undone. Please ensure you have exported any data you wish to keep before deleting your account.

10. Cookies & Local Storage

We use minimal cookies and local storage for essential functionality only:

  • Session Cookies: Required for authentication. These cookies are essential for logging in and maintaining your session.
  • Theme Preference: Stored in localStorage to remember your dark/light mode preference.

We Do NOT Use:

  • Analytics cookies (Google Analytics, etc.)
  • Advertising or tracking cookies
  • Third-party marketing cookies
  • Cross-site tracking technologies

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information promptly.

12. International Transfers

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

By using the Service, you consent to the transfer of your information to the United States and other countries, which may have different data protection laws than your country of residence.

Our primary database provider (Supabase) may store data in various regions. We endeavor to ensure appropriate safeguards are in place for any international transfers of personal data.

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request deletion of your personal information (see Section 9).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Opt-Out of Sale: We do NOT sell your personal information to third parties.

To exercise your CCPA rights, contact us at [email protected]. We will respond to verifiable consumer requests within 45 days.

Categories of Personal Information Collected:

  • Identifiers (email address, name, user ID)
  • Internet activity (search queries, bookmarks, visits)
  • Geolocation data (location preferences you provide)

We do NOT collect: financial information, biometric data, or protected classifications.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You can request a copy of your personal data.
  • Right to Rectification: You can request correction of inaccurate data.
  • Right to Erasure: You can request deletion of your data (“right to be forgotten”).
  • Right to Restrict Processing: You can request limitation of processing in certain circumstances.
  • Right to Data Portability: You can request your data in a machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service you requested
  • Consent: Where you have given explicit consent (e.g., AI features)
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Obligation: When required by applicable law

To exercise your GDPR rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top.

For significant changes, we may also notify you via email (if you have provided one) or through a prominent notice within the Service.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, your personal data, or would like to exercise any of your privacy rights, please contact us:

Email: [email protected]

We will make every effort to respond to your inquiry within a reasonable timeframe, typically within 30 days.

© 2026 APit.fun. All Rights Reserved.

← Back to Home