Privacy Policy

Nextrip ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect when you use the App, how we use it, who we share it with, and what rights you have.

(a) Account data

When you register, we collect your email address, display name, and authentication identifiers via Firebase Authentication. Anonymous accounts do not require an email address or any personal information.

(b) Travel preferences

We store the preferences you provide during onboarding and subsequent updates — including preferred climates, activities of interest, daily budget range, travel seasons, and trip duration — in Firebase Firestore.

(c) Usage and diagnostic data

Firebase services may collect crash reports, performance metrics, and device metadata (such as device model and operating system version) to help us maintain App reliability.

(d) Purchase data

When you make in-app purchases, RevenueCat records transaction identifiers, purchase history, and entitlement status on our behalf. We do not store or have access to your payment card details — those are handled exclusively by Apple or Google.

(e) Advertising data

If you choose to watch rewarded video ads to earn Boarding Passes, Google AdMob may collect device advertising identifiers (IDFA on iOS, GAID on Android), IP address, and ad interaction data to serve and measure advertisements. You can opt out of personalised advertising at any time through your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads).

(f) Map display

Google Maps is used to render destination maps within the App. Nextrip does not collect or transmit your device's GPS location. Google's use of data through the Maps SDK is governed by Google's Privacy Policy.

(g) Support communications

If you contact us via the in-app bug report feature or by email, we retain those communications to respond to your request.

We use your data to:

• Provide and personalise the App experience.
• Authenticate your account.
• Generate AI-powered destination suggestions based on your preferences.
• Process and validate in-app purchases.
• Serve rewarded advertisements (with your interaction).
• Maintain App security and reliability.
• Prevent fraud and abuse.
• Comply with legal obligations.

We work with the following third-party processors who may handle your data on our behalf:

• Google Firebase (authentication, Firestore database, crash reporting) — policies.google.com/privacy
• RevenueCat (in-app purchase management) — revenuecat.com/privacy
• Google AdMob (rewarded advertising) — policies.google.com/privacy
• Apple App Store / Google Play Store (payment processing) — subject to their respective platform privacy policies.

Each processor is contractually required to handle your data in accordance with applicable law.

Where the General Data Protection Regulation applies, we process your personal data on the following legal bases:

• Performance of our contract with you — account management, purchase fulfilment, core App functionality.
• Our legitimate interests — App security, fraud prevention, service improvement.
• Compliance with legal obligations.
• Your consent, where specifically required (e.g. personalised advertising).

We retain your account data and travel preferences for as long as your account remains active. Anonymous accounts and all associated data are deleted when you sign out without upgrading. If you delete your account through the App, your profile and preferences are deleted from our systems within 30 days, subject to any retention obligations required by law.

Your data may be processed on servers located outside your country of residence, including in the United States, by Google and RevenueCat. Where required by applicable law, appropriate safeguards — such as Standard Contractual Clauses — are applied to protect your data during international transfers.

Depending on your jurisdiction, you may have the right to: access a copy of your personal data; correct inaccurate data; request deletion of your data; receive your data in a portable format; restrict or object to certain types of processing; and withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at www.nicolasfez.com. We will respond within the timeframe required by applicable law (typically 30 days).

California residents (CCPA/CPRA)

You have the right to know what personal information is collected and how it is used, request deletion, correct inaccurate information, and opt out of the sale or sharing of personal information. Nextrip does not sell or share personal information for cross-context behavioural advertising.

The App is not directed at children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at www.nicolasfez.com and we will promptly delete it.

We implement industry-standard technical and organisational measures to protect your data, including encrypted data transmission (TLS) and Firebase security rules. However, no system is completely secure, and we cannot guarantee absolute security. Please use a strong, unique password and keep your credentials confidential.

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email prior to the change taking effect. Your continued use of the App after a revised policy is posted constitutes your acceptance of that policy.

For privacy-related questions, requests, or complaints, contact us at: www.nicolasfez.com.