Privacy Policy

The data controller for your personal information is SpiceFactory, LLC, a Delaware limited liability company headquartered at 100 Cambridge Street, 14th Floor, Boston, MA 02114, United States.

• General privacy inquiries: privacy@wonderkit.app
• Security disclosures: security@wonderkit.app
• EU / UK representative (GDPR & UK GDPR Art. 27): Alek Krtinic, alek@wonderkit.app.
• EU Digital Services Act contact: legal@wonderkit.app serves as our single point of contact for authorities and users.

We collect information in three ways:

a. Information you give us

• Account details — your email address, display name, profile photo, and authentication identifier from the sign-in provider you use.
• Group, family, and trip details — group type (family, friends, couple, work, solo), member roles, school-break dates, destinations, dates, budgets, preferences, itineraries, notes, votes, comments, packing lists, and expenses. You may choose to include information about family members — for example, approximate ages, allergies, dietary preferences, or mobility needs — when you want us to tailor a plan. Provide this only if you have authority to do so.
• Document Hub content (Plus and Pro) — details you store such as passport identity fields and last four characters of passport numbers (we deliberately do not ask for the full number), visa expiry, insurance policy numbers, emergency contacts, and free-text notes. Treat this as sensitive; store only what you choose.
• AI conversations and memory — prompts and messages you send to our planning assistant, any feedback you give on its responses, and the preference snippets saved to your WonderKit “memory” (for example, “prefers slow mornings” or “traveling with a toddler”). You can view, edit, or delete any memory record from your settings.
• Photos, trip covers, and media — images you upload for trip covers or profile photos.
• Payment details — if you subscribe to Plus or Pro, your billing information is collected and stored by our payment processor, Stripe. We receive only subscription status, the last four digits of your card, country, billing ZIP, and related non-sensitive metadata. We never see or store full card numbers.
• Calendar connection — if you connect Google Calendar, we receive an OAuth token with the narrow scope needed to create or read calendar entries related to your trips. Revoke at any time from your Google Account or our settings.
• Communications — messages you send us for support, feedback, bug reports, or other inquiries.

b. Information we collect automatically

• Device and usage data — browser type, operating system, general locale, referring page, pages viewed, actions taken inside the Service, crash reports, and the IP address used to connect to our servers.
• Geolocation — if you grant browser permission, we use your precise location to surface nearby events, restaurants, and activities in the Discover feed, and to help the AI make location-aware recommendations. Precise location is transmitted as part of the relevant request but is not stored persistently on our servers. We also infer an approximate “home city” from your use of the Service to personalize the weekly digest; you can change or clear this from your settings.
• Cookies, local storage, and similar technologies — we use them to keep you signed in, remember preferences, measure usage, prevent abuse (via Firebase App Check and Google reCAPTCHA), and operate push notifications. See Section 11.
• Analytics events — we log product events (sign-up, trip planned, AI message sent, Discover card clicked, push notification opened, subscription started or canceled, and similar) to a private analytics collection we control. We do not use any third-party advertising network or cross-site tracker.
• Push notification tokens — if you enable notifications, we store a device-scoped Web Push endpoint and public key so we can deliver reminders, daily picks, and trip alerts. You can revoke per-device at any time.

c. Information from third parties

• Authentication metadata from identity providers (for example, Google) when you sign in with them.
• Publicly available destination data — events, venues, weather, and points of interest — which we combine with your inputs to generate itineraries and recommendations.
• Billing and fraud-prevention metadata from Stripe.

d. “Inferences” category (CCPA)

For California purposes, we also generate inferences about you — for example, an inferred travel pace, budget tier, home city, or destination preferences — derived from the trips you have completed and the content you have created. These inferences are used only to personalize the Service and are deleted when you delete your account.

We use personal information to:

• Provide, maintain, secure, and improve the Service and its features;
• Generate personalized trip plans, packing lists, and Discover recommendations;
• Enable collaboration between members of your travel group — votes, comments, shared itineraries, group AI conversations where multiple members share a thread;
• Process subscriptions, billing, renewals, refunds, and tax obligations through Stripe;
• Send service communications, reminders, weekly digests, and the push notifications you have enabled;
• Detect, investigate, and prevent fraud, abuse, spam, and security incidents;
• Comply with legal obligations and enforce our Terms of Service and Acceptable Use Policy;
• Analyze aggregated, de-identified usage to improve product quality and to publish high-level statistics.

We do not sell your personal information. We do not share it for cross-context behavioral advertising. We do not use the content of your conversations, itineraries, Document Hub entries, memory, or group data to train our own or any third party’s foundation AI models, and our contracts with AI providers prohibit that use.

WonderKit uses large-language-model providers to generate itineraries and answer questions. When you interact with an AI feature, the relevant portion of your input — along with the portion of trip context, memory, and recent conversation history needed to produce a useful response — is transmitted to one of these providers so it can return an answer.

We use the paid, business-tier APIs of Google (Gemini), Anthropic (Claude), xAI (Grok), and OpenAI. Under those APIs, providers do not use our or your content to train their foundation models and retain inputs only briefly (typically up to 30 days) for abuse monitoring. We do not control provider policies and encourage you to review them directly if you want more detail.

• You are interacting with an artificial-intelligence system. Responses may be inaccurate, incomplete, or fabricated (“hallucinations”). Verify anything that matters — visas, health, allergies, safety, prices — against authoritative sources.
• Do not submit information you would not want processed by a third-party AI provider. Avoid sending full passport numbers, payment card details, government identifiers, or health records through chat.
• We do not make any decision producing legal or similarly significant effects about you solely by automated means within the meaning of Article 22 GDPR.

Where the GDPR, UK GDPR, or Swiss FADP applies, we process personal data on these bases:

• Contract (Art. 6(1)(b)) — to provide the Service you requested and fulfill our agreement with you (account, itineraries, subscriptions, collaboration, AI features you invoke);
• Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, reconcile affiliate commissions, measure performance, and improve features, provided those interests are not overridden by your rights;
• Consent (Art. 6(1)(a), Art. 9(2)(a) where special category) — for optional features such as push notifications, precise geolocation, optional marketing, and for any special category data you voluntarily submit (e.g., an allergy note for a family member);
• Legal obligation (Art. 6(1)(c)) — to comply with applicable laws, tax and accounting obligations, and lawful requests from authorities.

We share personal information only with service providers that help us run WonderKit, and only as needed for them to perform their function. Our current sub-processors are:

We will update this list when it changes. We may also disclose information when required by law, to comply with valid legal process, to protect rights or safety, or in connection with a corporate transaction (such as a merger or asset sale) where your information would continue to be protected under a policy at least as protective as this one.

The Service surfaces information about venues, events, and activities published by third parties. When you follow a link to a third-party site (for example, a hotel, tour operator, or booking platform), you leave WonderKit and are subject to the third party’s own terms and privacy practices. We do not control those sites and are not responsible for their content, availability, pricing, or handling of your information. We do not currently earn commissions or referral fees on outbound links; if that ever changes, we will disclose the relationship here, in our Terms of Service, and next to the relevant link.

WonderKit is a collaborative product. Information you add to a group — including your name, profile photo, messages, votes, expenses, and itinerary entries — is visible to other members of that group. Group AI conversations may be shared across members: if a member enables “shared” mode, other members can read messages attributed to your display name.

Some features create public links:

• Trip share links (“plan shares”) — a tokenized URL that grants read-only access to the trip. Anyone who holds the token can view it until you revoke the link.
• Trip story pages — a public page you can generate to show your trip to anyone with the link.
• Public profile pages — created only if you opt in.
• Public Discover pages — city-level recommendation pages we publish for search engines. These never contain your personal data.

Use share links thoughtfully. Once a public link exists, third parties may cache, screenshot, or redistribute the content in ways we cannot control.

We retain personal information for as long as your account is active and as needed to provide the Service. When you delete your account we delete or irreversibly de-identify your personal information within 30 days, except where we must retain limited records to comply with legal obligations (for example, tax and accounting records for seven years), resolve disputes, or enforce our agreements. Backups that contain your data are purged on a rolling basis, typically within 35 days.

AI conversations, memory records, and Document Hub entries remain available inside your account until you delete them or delete your account.

We use industry-standard measures to protect your information, including TLS encryption in transit, encryption at rest for our databases and file storage, least-privilege access controls, audit logging, rate limiting, Firebase App Check, and reCAPTCHA for abuse prevention. Payment data is handled by Stripe under PCI DSS Level 1.

No system is perfectly secure, and we cannot guarantee absolute security. If a personal-data breach occurs, we will notify authorities and affected users as required by applicable law. Please report any suspected vulnerability or abuse to security@wonderkit.app.

We use a small number of cookies and browser-storage entries, grouped as follows:

• Strictly necessary — authentication session, CSRF protection, App Check tokens, and essential UI preferences. These cannot be disabled without breaking the Service.
• Functional — language preferences, last-viewed trip, and similar.
• Analytics — our private, first-party event logging. We do not use third-party advertising pixels or cross-site trackers.

Where required by law, we ask for consent before setting non-essential cookies.

Push notifications include trip reminders, countdowns, proximity alerts for saved places, daily Discover picks, and alerts about group activity (comments, votes). You can enable or disable push per-device from your browser settings or from WonderKit settings.

Transactional emails include account confirmations, receipts, security notices, and onboarding tips. You cannot opt out of these while your account is active because they are necessary to operate the Service.

Weekly digests and other non-essential email (for example, occasional product announcements) are optional. Every non-essential email includes an unsubscribe link, and you can also update preferences in your settings.

WonderKit is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and in any country where our sub-processors operate. Where required, we rely on the European Commission’s Standard Contractual Clauses (Decision 2021/914), the UK International Data Transfer Addendum, and the Swiss Addendum, combined with supplementary measures informed by a transfer impact assessment. Where a recipient is certified under the EU–U.S. Data Privacy Framework (and its UK Extension and Swiss Extension), we may also rely on that certification.

Depending on where you live, you may have the right to:

• Access a copy of the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Delete your account and associated personal data;
• Export your trip and profile data in a portable, machine-readable format;
• Object to, or restrict, certain processing;
• Withdraw consent where processing is based on consent;
• Opt out of profiling or automated decision-making where applicable;
• Lodge a complaint with your local data-protection authority, including the Irish Data Protection Commission, the UK ICO, the CNIL, the AEPD, or the Commission d’accès à l’information du Québec.

To exercise any of these rights, email privacy@wonderkit.app. We will respond within the timeframe required by applicable law and will not discriminate against you for exercising your rights. You may designate an authorized agent to submit a request on your behalf; we will require reasonable verification.

This section supplements the rest of this policy for California residents under the California Consumer Privacy Act (as amended, “CCPA/CPRA”).

Categories collected in the past 12 months

• Identifiers (email, account ID, IP address);
• Customer records (name, profile photo, billing metadata from Stripe);
• Commercial information (subscription and booking-click history);
• Internet/network activity (interactions with the Service);
• Geolocation data (approximate from IP; precise from browser geolocation with your consent);
• Audio, electronic, or similar information (messages, photos, documents you submit);
• Inferences (travel-pace, budget, home city, preferences);
• Sensitive personal information — limited to: account credentials needed to sign in; precise geolocation when you enable it; and any details you choose to add to your Document Hub. We do not use sensitive PI for any purpose other than providing the specific feature you requested, which is a permitted use that does not require the “Limit Use of My Sensitive Personal Information” option under §1798.121(d).

Sale / sharing

We do not sell personal information and do not share it for cross-context behavioral advertising. Because we do not engage in these practices, no “Do Not Sell or Share My Personal Information” link is needed; this statement satisfies §1798.135.

Retention

We retain each category for the periods described in Section 9. We do not use personal information for research or purposes incompatible with those disclosed here without giving you notice.

Your rights

California residents have the rights to know, delete, correct, opt out of sale / sharing (N/A here), limit use of sensitive PI, access, portability, and non-discrimination. Submit a request at privacy@wonderkit.app.

Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia) have rights similar to those described above. Where the law provides, you also have the right to appeal an adverse decision — email privacy@wonderkit.app with “Privacy Appeal” in the subject.

WonderKit is intended for adults planning trips, often with their families. It is not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or under 16 in the EEA, the UK, and any jurisdiction that has adopted a higher digital-consent age under GDPR Art. 8). Children may not create their own WonderKit accounts.

Parents and guardians may include references to their children in trip plans — ages, dietary needs, mobility considerations — so that we can tailor a family itinerary. In those cases, the parent or guardian acts on the child’s behalf, is responsible for the information they provide, and represents that they have authority to do so. We use that information only to provide the Service, and do not serve targeted advertising, and do not profile minors for commercial purposes. If you believe a child has created an account or provided personal information directly to us, please contact privacy@wonderkit.app and we will delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through an in-app notice before they take effect. The “Last updated” date at the top of this page always reflects the most recent revision.

Questions, requests, or complaints? Write to us at privacy@wonderkit.app, or by mail to: