PRIVACY POLICY
Itinerama
Last updated: April 1, 2026
1. Data controller
The controller of the personal data processed through Itinerama is:
Jonathan Rodriguez Ruiz
Self-employed professional established in Ireland
General email: jrodriguezruiz@itinerama.app
Privacy and support email: support@itinerama.app
Website: https://itinerama.app
2. Scope of this policy
This Privacy Policy explains what personal data we may process when users use Itinerama, for what purposes, on what legal bases, for how long, with which third parties it may be shared, and which rights users may exercise.
3. Data we may collect
Depending on how the App is used, we may process the following categories of data:
a) Account and profile data
- name
- nickname or username
- email address provided by the sign-in provider
- avatar or profile image
- account identifiers
- authentication provider used
b) Data generated within the App
- favorites
- routes or itineraries
- searches
- travel expenses
- assistant queries
- reports or incidents submitted by the user
- settings and preferences within the App
c) Technical and diagnostic data
- technical device or application information
- app version
- usage events
- diagnostic data, crashes, errors, or technical incidents
- IP address and technical logs when processed by infrastructure, security, or integrated third-party services
- device or advertising identifiers when processed by analytics or advertising providers
d) Purchase and subscription data
- subscription status
- purchase or transaction identifiers
- information needed to restore purchases
- consumption linked to virtual currency within the app
e) Data derived from specific features
- location when the user authorizes map or routing features
- images when the user uses avatar, camera, or OCR features
- voice queries when the user uses microphone or voice recognition features
- content sent to the assistant
- information processed temporarily through OCR when that feature is used
4. Optional data and anonymous access
Access to certain features may be possible anonymously. Much of the processed data depends on how the user uses the App and which features they decide to activate.
As a general rule, data is collected only when necessary to provide a specific feature or when the user decides to use it voluntarily.
5. Device permissions
The App may request certain device permissions:
Location
For maps, routes, and navigation features.
Camera
For features such as expense OCR.
Photos or gallery
To change the avatar or upload expenses via OCR.
Microphone or voice
To ask the assistant questions by voice, where that feature is available.
Notifications
At present, the App does not request notification permissions.
Users may manage these permissions through their device settings. If a permission is denied or revoked, certain features may become unavailable or work only in a limited manner.
6. Purposes of processing
We may process personal data for the following purposes:
- creating and managing user accounts
- allowing sign-in through Apple, Google, or anonymous access
- saving profiles, favorites, routes, expenses, and preferences
- offering maps, routes, and navigation features
- answering assistant queries
- personalizing certain recommendations or content
- processing OCR for certain App features
- managing subscriptions, in-app purchases, and virtual currency
- displaying ads and rewarded ads
- measuring App use and improving its operation
- preventing fraud, abuse, unauthorized access, and misuse
- handling requests, support, and incidents
- complying with legal and regulatory obligations
7. Legal bases for processing
We process personal data on the following legal bases, depending on the case:
- performance of a contract, to provide the App and its requested features
- consent, where required by law or where processing depends on user permissions or settings, such as certain device permissions or advertising tracking
- legitimate interest, for security, fraud prevention, service improvement, internal analytics, diagnostics, and reasonable App operation
- legal obligation, where we must retain or disclose certain information under applicable law
8. Artificial intelligence
Itinerama uses artificial intelligence systems to respond to user queries and to enable certain automated functions, such as interpretation of information through OCR.
Under the current service configuration, content sent to these systems may include:
- questions or text entered by the user
- context related to the city or query of interest
- information necessary to process the requested feature
- images or temporary content when OCR is used
According to the information currently provided by the owner, no personal data is intentionally sent beyond the content strictly necessary to provide the feature. However, the content entered by the user may itself contain personal data if the user chooses to include it.
The generated results are automated, do not produce legal or similarly significant effects, and may be inaccurate, incomplete, or outdated.
9. Analytics, profiling, and advertising
The App uses analytics tools to measure the use of certain screens and improve the overall experience.
The App may also perform limited personalization based on use of the assistant and on user interaction with the App, with the aim of offering a more relevant experience.
The App may display third-party advertising, including native ads and rewarded ads.
Where processing is based on consent, users may withdraw that consent at any time. On iOS, certain permissions and ad tracking settings may also be managed through device settings.
10. Purchases, subscriptions, and virtual currency
The App offers in-app purchases, subscriptions, and virtual currency (iticoins).
To manage these services, data related to the following may be processed:
- subscription status
- purchase restoration
- purchase events
- consumption linked to App features
Payment transactions are processed through Apple and technical providers used for subscription and purchase management. Itinerama does not directly store the user’s full bank card number.
11. Providers and third parties
The App may use third-party providers, platforms, or services to deliver features, host infrastructure, display advertising, provide maps, process authentication, manage subscriptions, provide content, or run artificial intelligence functions.
Depending on the active service configuration, these may include:
- Apple
- Apple MapKit
- Firebase Authentication
- Firebase Analytics
- Google Sign-In
- Google Mobile Ads (AdMob)
- RevenueCat
- Cloudflare
- Google Gemini
- n8n
- MinIO
- Wikimedia Foundation, including Wikipedia and Wikimedia Commons
- OpenStreetMap (OSM)
- Viator
- Tiqets
- OpenWeatherMap
- PostgREST
- PostgreSQL
- Hetzner
- Hostinger
Some of these third parties may act as processors and others as independent controllers, depending on the nature of the service provided.
12. Infrastructure and data location
According to the information currently provided by the owner:
- the main data managed directly by Itinerama is hosted on a dedicated server located in Frankfurt, using Hetzner infrastructure
- profile images and assistant messages are stored in that same main infrastructure
- OCR data is not stored persistently in the owner’s systems
- infrastructure backups exist
13. International transfers
Although the main data directly managed by Itinerama is hosted in the European Union, certain providers or services integrated into the App may process data outside the European Economic Area or carry out international transfers.
In such cases, these transfers will be carried out on the basis of mechanisms permitted under applicable law, where relevant, including adequacy decisions or standard contractual clauses.
14. Data retention
We will retain personal data for as long as necessary to provide the App, fulfill the purposes described in this Policy, and comply with legal, regulatory, security, or defense obligations.
As a general rule:
- account, profile, favorites, routes, expenses, and other associated content are retained while the account remains active
- assistant history is retained while the account remains active, unless deleted earlier where such functionality exists
- profile-related images are retained while the account remains active or until replaced or deleted by the user
- OCR data is not stored persistently in the owner’s systems, except for temporary processing necessary to provide the feature
- technical logs, diagnostic data, and security data are retained for the time reasonably necessary to detect, resolve, and prevent incidents
- analytics and advertising data may be retained according to the periods configured by the relevant providers and the user’s settings
- purchase, subscription, and policy acceptance data are retained as long as necessary to manage the contractual relationship, prove acceptance, or comply with legal obligations
- when the user deletes their account, data is deleted or anonymized from the owner’s active systems, although certain residual data may temporarily remain in backups or where necessary for security, fraud prevention, legal compliance, or legal defense
15. Account deletion
Users may delete their account through the features made available within the App itself.
When an account is deleted:
- user data is deleted from the owner’s active systems
- the account ceases to be operational
- certain residual data may temporarily remain in backups or records needed for security, fraud prevention, legal compliance, or defense against claims
16. User rights
Where applicable, users may exercise the rights recognized under data protection law, including:
- access
- rectification
- erasure
- objection
- restriction of processing
- portability
- withdrawal of consent where processing is based on consent
Users may exercise their rights:
- by email
- through the channels available within the App
Requests will be handled without undue delay and, in any event, within the maximum period established by applicable law.
If the user believes that the processing of their data does not comply with the law, they may also lodge a complaint with the competent supervisory authority, including the Data Protection Commission in Ireland.
17. Minors
Itinerama is not intended for children under 13 years of age.
We do not intentionally collect personal data from children under 13. If we detect that a child under 13 has provided personal data through the App, we may take reasonable steps to delete that data and, where appropriate, restrict or terminate the related account.
18. Security
We apply reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, loss, destruction, or improper disclosure.
However, no system can guarantee absolute security.
19. Changes to this policy
We may update this Privacy Policy at any time.
When changes are material, we will try to inform the user through the App or other appropriate means. The “Last updated” date will indicate the current version.
Where necessary, we may request a new express acceptance of the updated policy. We may retain evidence of acceptance, including the accepted version, the date, and the IP address where necessary to demonstrate that acceptance.
20. Contact
For any questions related to privacy or data protection, you may contact:
support@itinerama.appjrodriguezruiz@itinerama.app