Back to Home

Privacy Policy

Effective Date: February 22, 2026  |  Last Updated: February 22, 2026

1. Introduction

GuideBy ("we," "us," or "our") is a mobile travel application developed and operated by Wesley Santos Miyaguti, an individual developer operating under the laws of the Netherlands. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the GuideBy mobile application for Android and iOS (the "App") and the guideby.co website (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

Minimum Age Requirement: The Service is intended for users aged 16 and older. We do not knowingly collect personal information from individuals under 16 years of age. See Section 8 for details.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, display name, and password (if using email/password registration), or your Google account profile information (name, email, profile photo) if you sign in with Google.
  • Trip Parameters: When you create a trip, we collect the destination, duration, travel style, budget level, preferences, trip description, and start date you provide.

2.2 Information Collected Automatically

  • Device Information: Device model, operating system version, unique device identifiers, and app version.
  • Crash Logs: Diagnostic data including stack traces, device state at the time of a crash, and related technical information, collected via Firebase Crashlytics.
  • App Usage Events: Interaction data and usage patterns collected via Firebase Analytics, including session duration and feature usage.
  • IP Address: Collected automatically through network connections to our services and third-party providers.
  • FCM Device Token: A unique token assigned by Firebase Cloud Messaging to deliver push notifications to your device.
  • Location Data: Precise (GPS) and/or coarse location data, collected only when you grant location permission at runtime. See Section 9 for details.

2.3 Information Generated by the Service

  • AI-Generated Itineraries: Travel itineraries, activity descriptions, and related content generated by artificial intelligence based on your trip parameters.
  • Audio Guide Scripts: Text content generated for the audio guide feature, synthesized into speech on your device.
  • Trip Images: Images sourced from Pexels based on your destination and activity searches.
  • Share Tokens: Unique identifiers generated when you share a trip with others.
  • Theme Preference: Your selected app theme (light/dark mode).

3. How We Use Your Information

We process your personal information based on the following legal bases under the General Data Protection Regulation (GDPR):

3.1 Contract Performance (Article 6(1)(b) GDPR)

  • Providing core app features: generating AI itineraries, audio guides, and trip management.
  • Authenticating your account and syncing your data across devices.
  • Processing trip sharing requests.

3.2 Consent (Article 6(1)(a) GDPR)

  • Collecting and using your location data for maps and audio guide proximity features.
  • Sharing your trips with other users via share links.
  • Sending push notifications via Firebase Cloud Messaging.

You may withdraw your consent at any time by adjusting your device settings or contacting us. Withdrawal of consent does not affect the lawfulness of processing performed before the withdrawal.

3.3 Legitimate Interest (Article 6(1)(f) GDPR)

  • Monitoring and resolving crashes and technical issues via Firebase Crashlytics.
  • Analyzing app usage patterns via Firebase Analytics to improve the Service.
  • Maintaining the security and integrity of the Service.

4. How We Share Your Information

We do not sell your personal information. We share information with the following third-party service providers, solely to operate and improve the Service:

4.1 AI Generation Providers

  • OpenRouter (openrouter.ai): We transmit your trip parameters (destination, duration, travel style, budget, preferences, description) as part of AI prompts to generate travel itineraries. See OpenRouter's Privacy Policy.
  • Firebase AI / Google Gemini: We use Google's generative AI services via Firebase AI as an alternative generation provider. Trip parameters are transmitted as prompt content. See Google's Privacy Policy.

4.2 Firebase / Google Services

  • Firebase Authentication: Manages user account creation, sign-in, and session management.
  • Cloud Firestore: Stores and syncs your trip data across devices.
  • Firebase Analytics: Collects anonymized app usage data.
  • Firebase Crashlytics: Collects crash reports and diagnostic data.
  • Firebase Cloud Messaging: Delivers push notifications to your device.
  • Firebase Remote Config: Provides dynamic app configuration.

All Firebase services are operated by Google LLC. See Firebase Privacy and Security.

4.3 Image and Map Services

  • Pexels (pexels.com): We send destination and activity search queries to retrieve trip images. No personal data is transmitted. See Pexels Privacy Policy.
  • Google Maps (maps.googleapis.com): We transmit geographic coordinates to display static map previews of activity locations. See Google's Privacy Policy.

4.4 Affiliate Services

  • Booking.com: The App may display hotel search links that redirect you to Booking.com. These links contain the destination name in the URL and our affiliate identifier. No personal data is transmitted by us to Booking.com. However, once you leave the App and visit Booking.com, their own privacy policy governs any data they collect. We may earn a commission from bookings made through these links at no additional cost to you. See Booking.com Privacy Policy.
  • Viator (viator.com): The App may display ticket/experience search links that redirect you to Viator. These links contain the activity name in the URL and our affiliate identifier. No personal data is transmitted by us to Viator. However, once you leave the App and visit Viator, their own privacy policy governs any data they collect. We may earn a commission from bookings made through these links at no additional cost to you. See Viator Privacy Policy.
  • GetYourGuide (getyourguide.com): The App may display experience search links that redirect you to GetYourGuide. These links contain the activity name in the URL and our partner identifier. No personal data is transmitted by us to GetYourGuide. However, once you leave the App and visit GetYourGuide, their own privacy policy governs any data they collect. We may earn a commission from bookings made through these links at no additional cost to you. See GetYourGuide Privacy Policy.

4.5 Other Disclosures

  • Law Enforcement: We may disclose your information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court or government agency).
  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Storage and Security

5.1 Local Storage

Trip data is stored locally on your device using an encrypted SQLite database (Room). This data remains on your device and is protected by your device's built-in encryption.

5.2 Cloud Storage

Account and trip data are synced to Cloud Firestore, hosted on Google Cloud infrastructure. Google maintains SOC 2 and ISO 27001 certifications for its cloud services.

5.3 Data in Transit

All communications between the App and our service providers are encrypted using HTTPS/TLS protocols.

5.4 International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), primarily the United States (where Google and other providers operate). These transfers are safeguarded by Google's Standard Contractual Clauses (SCCs) and participation in the EU-US Data Privacy Framework. See Section 12 for more details.

6. Data Retention

Data TypeRetention Period
Account data (email, name, profile)Duration of account + 30 days after deletion
Trip data (itineraries, activities)Until you delete the trip or your account
Crash logs (Firebase Crashlytics)90 days
Analytics data (Firebase Analytics)14 months
Share tokensUntil you revoke the share or delete the trip
FCM device tokensUntil you uninstall the App or revoke notification permission

After the applicable retention period, data is deleted or anonymized.

7. Your Rights

7.1 Rights Under the GDPR (EEA Users)

If you are located in the European Economic Area, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Restriction of Processing: Request that we limit the processing of your data in certain circumstances.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent as a legal basis.
  • Right to Lodge a Complaint: You may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

7.2 Rights Under the CCPA/CPRA (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale: We do not sell your personal information, so there is no need to opt out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

7.3 How to Exercise Your Rights

To exercise any of the above rights, contact us at privacy@guideby.co. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@guideby.co.

9. Location Data

The App requests access to your device's location data for the following purposes:

  • Maps: Displaying your current location relative to trip activities on maps.
  • Audio Guide Proximity: Determining when you are near a point of interest to provide contextual audio guides.
  • Current City Detection: Suggesting your current city as a trip destination.

Important details about location data:

  • Location permission is requested at runtime and is entirely optional.
  • The App functions without location access; maps and audio proximity features will be limited.
  • Location data is processed on your device and is not stored on our servers or transmitted to third parties (except to Google Maps for rendering static map previews when you view an activity location).
  • You can revoke location permission at any time through your device settings (Settings > Apps > GuideBy > Permissions on Android, or Settings > Privacy > Location Services on iOS).

10. Text-to-Speech and Audio

The App's audio guide feature uses on-device text-to-speech (TTS) technology:

  • Android: The native Android TextToSpeech engine.
  • iOS: Apple's AVSpeechSynthesizer.

All speech synthesis occurs entirely on your device. No audio is recorded, stored, or transmitted to any server or third party. The text content used for speech synthesis is generated from your trip itinerary data.

11. Cookies and Tracking

  • In-App: The App does not use browser cookies. Firebase assigns device identifiers for analytics and crash reporting purposes.
  • Booking.com Links: When you tap a hotel search link and leave the App to visit Booking.com in your browser, Booking.com may set its own cookies and tracking technologies. This is governed by Booking.com's privacy policy.
  • Firebase Analytics: Uses device identifiers (not cookies) to collect anonymized usage data. You can opt out of Firebase Analytics data collection through your device's advertising settings.

12. International Data Transfers

Your personal data may be transferred to and processed in the following locations:

  • United States: Google LLC (Firebase, Google Maps, Gemini), OpenRouter.
  • Global CDN: Pexels image delivery.

These transfers are protected by:

  • Standard Contractual Clauses (SCCs): Google has adopted SCCs approved by the European Commission for transfers of personal data outside the EEA.
  • EU-US Data Privacy Framework: Google LLC is certified under the EU-US Data Privacy Framework.
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy.
  • Provide notice through an in-app notification.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

14. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority: If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl