Privacy Policy

Last updated: March 24, 2026

1. Data Controller

The data controller for Globetrotter is:
Florian Pascal Abel
Barcelona, Spain
privacy@florianabel.com

2. What Data We Collect and Why

We collect different types of data depending on how you use Globetrotter. For each type, we state the legal basis under GDPR Article 6(1).

Data Category	What We Collect	Legal Basis	Purpose
Account information	Email address, name (from Auth0 login)	Contract performance (Art. 6(1)(b))	Create and manage your account, enable saving places and creating trips
Saved content	Places, events, and experiences you save, track, or mark as visited; trip details	Contract performance (Art. 6(1)(b))	Provide the core service — your personal travel map, bucket list, and trip planning
Preferences	Travel interests, visited countries/cities (from profiling cards)	Consent (Art. 6(1)(a))	Personalize the content feed to show relevant destinations and events
Device identifiers	Auth0 session tokens	Contract performance (Art. 6(1)(b))	Keep you logged in and authenticate API requests

What we do NOT collect: We do not collect precise location data, do not use analytics or tracking SDKs, do not serve advertising, and do not sell or share your data with third parties for their own purposes.

3. Third-Party Services

Globetrotter uses the following third-party services to operate:

Service	Purpose	Data Processed	Privacy Policy
Auth0 (Okta, Inc.)	Authentication — login, signup, session management	Email, name, login metadata	auth0.com/privacy
Amazon Web Services (AWS)	Backend hosting (EU Frankfurt), media storage (S3), content delivery (CloudFront)	All data stored by the service	aws.amazon.com/privacy
Mapbox, Inc.	Interactive maps in the app	Map tile requests (IP address, viewport)	mapbox.com/legal/privacy
Apple / Google	App distribution via App Store / Google Play	Per their respective platform policies	apple.com/privacy / google.com/privacy

4. International Data Transfers

Our backend and database are hosted in the EU (AWS Frankfurt, eu-central-1). The following services may process data outside the EU:

• Auth0 (Okta): Transfers covered by the EU-US Data Privacy Framework.
• Mapbox: Transfers covered by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

5. Data Retention

• Account data (email, name, profile photo): Retained while your account is active.
• User-generated content (photos, videos, trip reports, reviews, tips, ratings, collections): Retained while your account is active. Upon account deletion, this content is anonymized (your name and profile are removed) but may remain on the platform to benefit the community, as described in our Terms of Service.
• Deleted accounts: After you request deletion, your personal data is retained for a 30-day grace period (during which you can cancel the deletion). After 30 days, personal data (email, name, profile) is permanently deleted. Anonymized content may remain.
• Auth0 session data: Cleared on logout or after session expiry.

6. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

1. Right of access — request a copy of all personal data we hold about you.
2. Right to rectification — request correction of inaccurate data.
3. Right to erasure — request deletion of your data (also available via the in-app account deletion feature).
4. Right to restrict processing — request that we limit how we use your data.
5. Right to data portability — request your data in a machine-readable format.
6. Right to object — object to processing based on legitimate interest.
7. Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact privacy@florianabel.com. We will respond within 30 days.

7. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Spain, the relevant authority is:

Agencia Española de Protección de Datos (AEPD)
www.aepd.es

8. Minimum Age

Globetrotter is intended for users aged 16 or older. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@florianabel.com and we will promptly delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated through the app or via email. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For any questions about this privacy policy or your personal data, contact:
privacy@florianabel.com