Privacy Policy

Last Updated: February 15, 2026

1. Introduction

This Privacy Policy describes how WorldFlows ("we", "us", "our") collects, uses, shares, and protects your information when you use our mobile application ("the App"). By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy should be read in conjunction with our Terms of Service.

2. Information We Collect

2.1 Account and Profile Information

When you create an account or use the App, we may collect:

• Account Information: Email address, password (hashed), authentication tokens
• Profile Information: Name, nickname, pronouns, bio, profile picture, selfie
• Contact Information: Phone number, location, country, native place
• Personal Details: Date of birth, age, sex/gender
• Verification Information: Account verification status, verification documents (if applicable)

2.2 Travel Preferences and Itinerary Data

To provide personalized travel planning services, we collect:

• Travel Preferences: Budget range, travel style, interests, accessibility needs, dietary restrictions
• Itinerary Data: Destinations, travel dates, trip plans, saved trips, itinerary outputs
• Trip Preferences: Travel purpose, traveler type, travel pace, co-traveler expectations, daily vibe preferences
• Questionnaire Responses: Information provided during the travel planning questionnaire

2.3 Zelo and Social Features Data

When you use Zelo features (location-based social networking), we collect:

• Zelo Places: Intent descriptions, emojis, scheduled dates and times, locations (latitude/longitude), place names and addresses
• Zelo Chat: Chat messages, replies, timestamps, participant information
• Zelo Participation: Places you create or join, interest status, participant lists
• Zelo Tokens: Token balances, token purchase history, token usage records
• Private Zelo Codes: Unique codes for private Zelo places (if applicable)

2.4 Location Data

With your permission, we collect location information for:

• Destination Search: To provide location-based search and recommendations
• Map Functionality: To display locations, nearby places, and directions
• Zelo Features: To create and discover location-based meetups
• Nearby Recommendations: To suggest attractions, restaurants, and accommodations near you
• Travel Planning: To optimize itinerary routes and provide location-aware suggestions

Note: We only collect location data when you actively use location-based features. We do not track your location continuously or in the background without your explicit permission.

2.5 Analytics and Usage Information

We collect analytics data to improve our services:

• App Usage: Features you use, pages you visit, interactions with the App
• Trip Planning Analytics: Itinerary generation patterns, destination preferences, hidden gems interactions, saved trip status
• Zelo Analytics: Zelo place creation and joining activity, chat engagement
• Device Information: Device type, operating system, app version, device identifiers
• Performance Data: App crashes, errors, performance metrics

2.6 Payment and Subscription Information

For premium subscriptions and token purchases, we collect:

• Subscription Status: Premium subscription status, subscription plan, renewal dates
• Payment Information: Payment is processed through Apple App Store or Google Play Store. We do not store your payment card details.
• Purchase History: Token purchases, subscription purchases, transaction identifiers
• Billing Information: Billing address (if required by the app store)

2.7 User-Generated Content

When you create content through the App, we collect:

• Zelo Place Descriptions: Intent text, descriptions, emoji selections
• Chat Messages: Messages sent in Zelo place chats, replies, timestamps
• Profile Content: Bio, profile pictures, selfies, travel preferences
• Travel Plans: Saved itineraries, trip notes, feedback
• Badges and Achievements: Progress toward badges, unlocked achievements

2.8 Communication Data

We collect information related to communications:

• Push Notifications: Notification preferences, push tokens, notification delivery status
• Email Communications: Email preferences, email delivery logs
• In-App Messages: Feedback, support requests, reports

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

• Travel Planning: To generate personalized itineraries based on your preferences, budget, and interests
• AI-Powered Recommendations: To provide AI-generated travel suggestions using ChatGPT, Gemini, and other AI services
• Location Services: To provide location-based features, including Zelo places, map functionality, and nearby recommendations
• Social Features: To enable Zelo meetups, chat functionality, and social interactions
• Account Management: To create and manage your account, authenticate your identity, and provide account services

3.2 Personalization

• To personalize your travel recommendations and itinerary suggestions
• To customize your app experience based on your preferences and usage patterns
• To show relevant Zelo places and events based on your location and interests
• To provide personalized content, including hidden gems and exclusive picks for premium users

3.3 Communication

• Push Notifications: To send you notifications about Zelo places, chat messages, trip reminders, and app updates
• Email Communications: To send important account updates, security alerts, and (with your consent) marketing communications
• In-App Messaging: To facilitate communication between users in Zelo place chats
• Support: To respond to your inquiries, feedback, and support requests

3.4 Service Improvement

• To analyze usage patterns and improve the App's functionality
• To identify and fix bugs, errors, and performance issues
• To develop new features and services
• To conduct research and analytics to improve user experience

3.5 Payment and Subscription Management

• To process premium subscription payments and token purchases
• To manage subscription renewals and cancellations
• To provide premium features and services
• To prevent fraud and ensure payment security

3.6 Safety and Security

• To detect and prevent fraud, abuse, and illegal activity
• To enforce our Terms of Service and community guidelines
• To moderate content in Zelo chats and places
• To ensure user safety and protect against harmful behavior

3.7 Legal Compliance

• To comply with applicable laws and legal obligations
• To respond to legal requests and court orders
• To protect our rights and the rights of our users
• To resolve disputes and enforce agreements

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We may share your information with third-party service providers who help us operate the App and provide services:

• Supabase: For backend services, database storage, authentication, and cloud infrastructure
• Google Services: Google Places API for location search and place data, Google Maps for mapping services
• AI Services: OpenAI (ChatGPT) and Google (Gemini) for AI-powered itinerary generation
• Payment Processors: Apple App Store and Google Play Store for processing payments
• Analytics Services: For analyzing app usage and performance
• Notification Services: For sending push notifications

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Other Users

When you use social features, certain information may be visible to other users:

• Zelo Places: Your intent, scheduled date/time, location, and profile information (name, avatar) are visible to users who view the Zelo place
• Chat Messages: Messages you send in Zelo place chats are visible to all participants in that chat
• Public Profiles: If your profile is set to public, other users may see your profile information, travel preferences, and badges
• Events: If you join or create admin events, your participation may be visible to other event participants

You can control the visibility of your information through privacy settings in the App.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Legal processes, such as court orders, subpoenas, or warrants
• Government requests for information
• Legal obligations to protect rights, property, or safety
• Compliance with applicable laws and regulations

4.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity as part of the business transfer.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction:

• Encryption: Data in transit is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted.
• Authentication: Secure authentication methods, including password hashing and OAuth providers (Google)
• Access Controls: Role-based access controls and authentication requirements for accessing user data
• Database Security: Secure database configurations, row-level security policies, and regular security audits
• Monitoring: Continuous monitoring for security threats, unauthorized access, and suspicious activity
• Regular Updates: Regular security updates and patches to protect against vulnerabilities

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

• Access: You have the right to access and review the personal information we hold about you
• Data Portability: You can request a copy of your data in a portable format

6.2 Correction and Update

• Update: You can update your profile information, preferences, and settings at any time through the App
• Correction: You can correct inaccurate or incomplete information through your account settings

6.3 Deletion

• Account Deletion: You can delete your account at any time through the App settings. Account deletion is permanent and will remove:
• Your profile and personal information
• All Zelo places and memberships
• Chat messages
• Saved trips and travel history
• Badges and achievements
• Analytics data (may retain anonymized data for service improvement)
• Content Deletion: You can delete individual content (Zelo places, messages) through the App

6.4 Communication Preferences

• Push Notifications: You can control push notification preferences through your device settings and App settings
• Email Communications: You can opt out of marketing emails while still receiving important account and security communications
• Notification Settings: You can customize which types of notifications you receive through the App settings

6.5 Location Data

• Permission Control: You can grant or revoke location permissions through your device settings
• Usage Control: Location data is only collected when you actively use location-based features
• Disabling Location: You can disable location services, but this may limit certain App functionality

6.6 Privacy Settings

• Profile Visibility: You can control who can see your profile (public, private, or friends only)
• Data Sharing: You can control data sharing preferences through privacy settings
• Analytics Opt-Out: You may opt out of certain analytics tracking (where technically possible)

6.7 Right to Object

You have the right to object to certain processing of your information, such as direct marketing communications. You can exercise this right through your account settings or by contacting us.

7. Location Services and Location Data

Our App uses location services to provide location-based features. Here's how we handle location data:

7.1 When We Collect Location Data

• When you search for destinations or places
• When you create or view Zelo places
• When you use map features
• When you request nearby recommendations
• During travel itinerary planning

7.2 How We Use Location Data

• To provide location-based search and recommendations
• To display your location on maps
• To enable Zelo place creation and discovery
• To optimize travel itinerary routes
• To suggest nearby attractions, restaurants, and accommodations

7.3 Location Data Sharing

Location data may be shared with:

• Other Users: When you create a Zelo place, the location coordinates are visible to other users who view that place
• Service Providers: Google Places API and Google Maps to provide location-based services
• Analytics: Location data may be included in aggregated analytics (anonymized where possible)

7.4 Location Data Control

• You can control location permissions through your device settings
• Location data is only collected when you actively use location-based features
• We do not track your location continuously or in the background without permission
• You can disable location services at any time, though this may limit App functionality

8. Third-Party Services and Libraries

Our App integrates with third-party services and uses third-party libraries. Each service has its own privacy policy, which we recommend reviewing. Here's how we use third-party services:

8.1 Backend and Infrastructure Services

• Supabase: We use Supabase for backend services, database storage, authentication, and cloud infrastructure. Supabase processes and stores your account information, profile data, travel preferences, Zelo places, chat messages, and other user data. Supabase Privacy Policy

8.2 Location and Mapping Services

• Google Places API: We use Google Places API for location search, place details, images, reviews, ratings, and mapping data. Google may collect location data and usage information. Google Privacy Policy
• Google Maps: We use Google Maps for map display, location visualization, and navigation services. Google may collect location data and usage information. Google Privacy Policy

8.3 AI Services

• OpenAI ChatGPT: We use OpenAI's ChatGPT API for AI-powered itinerary generation, travel recommendations, and personalized content. OpenAI may process your travel preferences and questionnaire responses to generate itineraries. OpenAI Privacy Policy
• Google Gemini: We use Google's Gemini API for AI-powered itinerary generation and personalized recommendations. Google may process your travel preferences and questionnaire responses. Google Privacy Policy

8.4 Payment Services

• Apple App Store: We use Apple App Store for processing premium subscriptions and token purchases on iOS devices. Apple handles payment processing and may collect payment information. Apple Privacy Policy
• Google Play Store: We use Google Play Store for processing premium subscriptions and token purchases on Android devices. Google handles payment processing and may collect payment information. Google Privacy Policy

8.5 Analytics and Monitoring Services

• Analytics Services: We may use analytics services to analyze app usage, performance, and user behavior. Analytics data is aggregated and anonymized where possible.
• Error Tracking: We may use error tracking services to monitor app crashes and errors to improve stability.

8.6 Push Notification Services

• Push Notification Services: We use push notification services (Apple Push Notification Service, Firebase Cloud Messaging) to send notifications to your device. These services may collect device tokens and notification delivery information.

9. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy:

• Account Information: Retained while your account is active and for a reasonable period after account deletion for legal compliance
• Travel Data: Retained while your account is active and for a reasonable period after account deletion (unless you request earlier deletion)
• Zelo Places: Retained until the scheduled end time plus 6 hours, then automatically deleted (unless you delete them earlier)
• Chat Messages: Retained while your account is active and for a reasonable period after account deletion
• Analytics Data: Retained in aggregated and anonymized form for service improvement purposes
• Payment Records: Retained as required by law and payment processors

Upon account deletion, most of your data will be permanently deleted. We may retain certain information as required by law or for legitimate business purposes (such as preventing fraud or resolving disputes).

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including:

• Contractual obligations with service providers to protect your information
• Compliance with applicable data protection laws and regulations
• Use of secure data transmission and storage methods

11. Children's Privacy

Our App is not intended for children under the age of 13 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected information from a child under 13 without parental consent, we will delete that information promptly.

12. Content Moderation

We use automated content moderation systems to detect and flag inappropriate content in:

• Chat Messages: Automatic filtering of inappropriate, abusive, or harmful content
• Zelo Place Descriptions: Automatic flagging of inappropriate or misleading content
• User Profiles: Monitoring for inappropriate profile content

Flagged content may be automatically hidden, removed, or reviewed by moderators. We reserve the right to remove content that violates our Terms of Service or community guidelines. Users who repeatedly post inappropriate content may have their accounts suspended or terminated.

13. Cookie and Tracking Technologies

Our App may use cookies, local storage, and similar tracking technologies to:

• Remember your preferences and settings
• Analyze app usage and performance
• Provide personalized content and recommendations
• Authenticate your identity and maintain your session

You can control cookies and tracking technologies through your device settings, though this may limit certain App functionality.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users as soon as reasonably possible
• Provide information about the nature of the breach and what information was affected
• Describe the steps we are taking to address the breach
• Recommend actions you can take to protect your information
• Comply with applicable data breach notification laws and regulations

15. Your California Privacy Rights (CCPA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to know what personal information we collect, use, and share about you
• Right to Delete: You have the right to request deletion of your personal information
• Right to Opt-Out: You have the right to opt out of the sale of your personal information (we do not sell your information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us using the contact information provided below.

16. Your European Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

• Right of Access: You have the right to access your personal information
• Right to Rectification: You have the right to correct inaccurate or incomplete information
• Right to Erasure: You have the right to request deletion of your personal information
• Right to Restrict Processing: You have the right to restrict the processing of your personal information
• Right to Data Portability: You have the right to receive your data in a portable format
• Right to Object: You have the right to object to certain processing of your personal information

To exercise these rights, please contact us using the contact information provided below.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or for other reasons. We will notify you of significant changes by:

• Posting the updated Privacy Policy in the App
• Updating the "Last Updated" date at the top of this Privacy Policy
• Sending an email notification (if you have provided an email address)
• Displaying an in-app notification

Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must stop using the App and delete your account.

18. Contact Us