AskJourneys← Back to home
PrivacyLast updated 2026-05-28

How we handle your data.

Summary

AskJourneys is an AI travel-planning tool. To plan and recommend trips, we collect what you tell us in chat (destinations, dates, preferences), basic account info if you sign in, and standard technical telemetry. Booking happens on partner sites (e.g., Aviasales, Hotellook); we may earn commission when you click through and book. With your consent, we also use PostHog to understand which features matter and where users get stuck. We do not sell personal data. AI-generated itineraries are suggestions, not professional travel advice — verify opening hours, prices, and visa rules with the source before booking. See “About AI suggestions” below.

What we collect

  • Chat messages and trip data: the text of your conversations, generated itineraries, saved trips, and price watches you create. Stored in our database (Supabase) under row-level security so only your account can read your trips.
  • Account info: email and authentication tokens if you sign in. We support Google OAuth and email magic-link login. Passwords (when used) are handled by Supabase Auth and never visible to us.
  • Anonymous trip state: you can plan trips without an account. The trip data (itinerary, chat thread) is stored in your browser (localStorage) under a temporary id, not on our servers; it stays only on this device until you sign up, at which point it migrates to your account.
  • Technical telemetry: standard request logs (IP address, user agent, request path) for debugging and abuse prevention. IP addresses are not retained beyond 7 days.
  • Behavioral analytics (with consent):if you click “Accept all” in our cookie banner, we use PostHog to capture anonymous events about how you use the site — which pages you visit, when you send your first message, when an itinerary completes, which features you tap, and broad device/country info (PostHog derives country and city from your IP at ingest time, then drops the raw IP). We do NOT capture session video, mouse movements, or text typed into form fields. Events are linked to a per-browser anonymous ID until you sign up; on signup, your prior anonymous activity links to your account so we can measure conversion. Before you choose “Accept all,” we capture only this-tab pageview counts (no persistent cookie, no cross-session linking, no city geo) — this lets us see aggregate traffic without identifying you. If you choose “Necessary only,” we stop all analytics capture.
  • Error reports (Sentry): when something breaks, the page URL, the error message, and the stack trace are sent to Sentry. We have personally-identifying- information (PII) scrubbing enabled (sendDefaultPii=false); cookies, auth headers, request bodies, and IPs are not transmitted to Sentry.

How AI processing works

When you send a chat message, it is forwarded to large language model providers — currently Anthropic (Claude), OpenAI (GPT), Google (Gemini), and optional open-weight providers (Cerebras, Groq). The text of your message and prior conversation context is sent to whichever provider is configured for the relevant agent role. We do not pass account-identifying information (your email, user id, IP) to model providers; only the chat text and any retrieved travel-data context.

Model providers each have their own data-retention policies. Anthropic, OpenAI, and Google’s enterprise APIs (which we use) do not train on user inputs by default. We do not opt in to training on your data.

About AI suggestions

AskJourneys generates itineraries by reasoning over destination data and your preferences. The result is a starting point, not a booked plan or professional travel advice. AI models occasionally invent details — wrong opening hours, outdated prices, misremembered visa rules, transit times that ignore real-world delays. We try to ground recommendations in real data (live flight prices via HasData, weather and holidays from official feeds, travel advisories from US State / UK FCDO / CDC, venue hours via Google Places) but we cannot guarantee any detail is correct at the moment you act on it.

Before booking, verify directly with the source: confirm opening hours on the venue’s own page, check current visa and entry rules on your government’s official travel site, recheck flight and hotel prices on the partner site at click-through time, and read the current travel advisory for your destination. Travel involves real risks (weather, political instability, health requirements) and the responsibility for those decisions stays with you.

To the maximum extent permitted by applicable law, AskJourneys is not liable for losses, missed connections, denied entry, cancellations, or other costs incurred from acting on AI-generated suggestions. Use the tool to plan and inspire — verify before you commit.

Affiliate links and tracking

Plain summary:when you click a “View on Aviasales” or “View on Hotellook” button (or similar partner CTA), the link includes an affiliate marker so the partner site knows you came from AskJourneys. If you complete a booking on the partner site, AskJourneys may earn a commission at no extra cost to you. The partner is the merchant of record; we are not involved in the booking transaction itself.

We currently work with TravelPayouts (an aggregator covering Aviasales for flights and Hotellook for hotels, which itself aggregates Booking.com, Agoda, Trip.com inventory). The marker query parameter on outbound links is not user- identifying — it identifies AskJourneys as the referrer, not you. The partner site applies its own cookies for booking tracking; consult the partner’s privacy policy for that flow.

Commissions do not influence our recommendations. Pricing rank and trip suggestions are driven by our retrieval pipeline and language-model output, not by partner payout amounts.

Cookies

Essential cookies (always set):

  • Supabase auth session cookies (when you sign in)
  • Theme preference (light/dark) and onboarding-toast dismissal state — all kept in localStorage
  • Anonymous trip data (itinerary + chat thread) for continuity across sessions — saved locally to your browser. When you sign up, this data is migrated to your account; otherwise it stays only on this device.

Optional cookies (with your consent):

  • PostHog— sets a persistent cookie (ph_phc_*) and a localStorage entry to recognize you across sessions for the analytics described in “What we collect” above. Set only after you click “Accept all”. You can revoke at any time by clearing site data or contacting us for full deletion.

We do not currently use third-party advertising or cross-site tracking cookies.

Third parties

In addition to model providers (above) and affiliate partners (above), our infrastructure relies on:

  • Supabase— database, authentication, storage
  • Vercel— frontend hosting
  • Railway— backend hosting (FastAPI + Celery workers)
  • Mapbox— interactive map tiles
  • Open-Meteo, Nager.Date, US State Department, UK FCDO, CDC — external data feeds for weather, holidays, and travel advisories
  • Sentry— error tracking (PII scrubbed, see above)
  • PostHog— product analytics (EU region, Frankfurt). With your consent only. Data processor agreement available on request.
  • Resend— transactional email (price-drop alerts, account notifications)
  • Stripe— billing integration is wired but currently not user-facing (paid plans are hidden while we sort out incorporation). Re-listed here when plans return to the UI.

Your rights

You can export your trip data or delete your account at any time from the dashboard. Active trip data is retained for as long as your account is open — we do not auto- delete or auto-archive trips. Account deletion removes your trips, chat history, and watches from our database — and triggers a delete request to PostHog for your behavioral analytics data. Backup retention is 30 days, after which deleted data is permanently gone.

For data-subject requests under GDPR or CCPA — including access, correction, deletion, or portability — email us (see Contact below). We respond within 30 days.

Children

AskJourneys is not directed to children under 16, and we do not knowingly collect personal data from anyone in that age group. If you believe a child has used the service, contact us and we will delete the account.

Changes to this policy

We update this page when our data practices change. The “Last updated” date at the top reflects the most recent change. Substantive changes will also be announced in-app or by email if you have an account.

Contact

Questions or data-subject requests: hello@askjourneys.ai.