Privacy policy
The short version
We built Odysa to help you plan and enjoy meaningful travel — not to harvest your data. Here's what you should know up front:
- What we collect: your email and name (from Apple, Google, or email sign-up), the trips you create, photos you upload, and the travel preferences you set. With your permission, we also use your approximate location to plan how you'll get to your destination. To keep the app reliable, we collect anonymous crash diagnostics and anonymous usage analytics.
- What we don't collect: your contacts, your calendar, your advertising identifiers, your browsing history. We don't track you across other apps, and we never tie analytics to your name or email.
- Who sees it: you, our secure servers (Firebase / Google Cloud), the AI service that generates your itineraries (Anthropic Claude), and the diagnostics services that keep the app stable (Sentry, PostHog). Nobody else. We never sell your data.
- You're in control: you can edit or permanently delete your account and all data from inside the app at any time (Profile → Account → Delete account).
1. Who we are
Odysa ("we," "our," "us") is an AI-powered travel app based in Cebu, Philippines, that helps travelers plan, discover, and remember meaningful journeys. You can reach us anytime at hello.odysa@outlook.com.
2. What we collect
Account information
Your email address, name, and profile photo. If you sign in with Apple or Google, we receive these from your provider (Apple lets you hide your email behind a relay address — we honor that). If you create an account with email and password, you provide your email, a name, and a password. Passwords are handled and stored by Firebase Authentication using industry-standard hashing — we never see or store your password in plain text.
Your content
The trips and itineraries you create, the travel preferences you set, the chat messages you exchange with Odysa's AI assistant, and any photos you upload to a trip or set as your profile picture. Trip photos are stored on your device today; a future update will sync them to secure cloud storage so you can access them across devices.
Location — only with your permission
To make the first day of your itinerary realistic, Odysa can plan how you'll get from where you are to your destination (for example, your taxi to the airport or the ferry to an island). To do this we ask for location permission and read an approximate, city-level position once, at the moment you generate a trip. We use it only to determine your starting city, which we send to our itinerary service so Day 1 begins from where you actually are. It is never used for advertising, profiling, or cross-app tracking. If you decline, trip generation still works — Day 1 simply starts at the destination.
Diagnostics and analytics
To keep Odysa stable and understand which features help travelers, we collect:
- Crash diagnostics (Sentry) — when the app crashes or hits an error, we collect the technical details (stack trace, device model, OS version, app version) needed to fix it. Before any report leaves your device, we scrub it of personal data — your email, phone number, and account identifier are removed. Reports are linked only to an anonymous device identifier.
- Product analytics (PostHog) — anonymous, aggregated usage events (for example, "a trip was generated") that show us how the app is used. These are linked only to your randomly-generated account identifier — never your name or email — and are not collected in development builds.
What we do not collect
Odysa does not collect your precise GPS location (city-level only, and only with your permission), your phone contacts, your calendar, your browsing history, your social media profiles, biometric or health data, financial account information, or any cross-app advertising identifiers. We do not use advertising SDKs or fingerprinting.
3. How we use your information
- Create and store your trips, save your preferences, and generate AI-powered suggestions tailored to you.
- Personalize AI responses — we send your travel preferences and conversation context to our AI provider, but never your email, real name, or photos.
- With your permission, use your approximate starting city to plan Day 1 transport.
- Keep the app stable (crash diagnostics) and improve it (anonymous usage analytics).
- Maintain account security, prevent abuse, and comply with legal obligations.
We do not sell your personal information, share it with advertisers, or use it to train AI models.
4. Service providers we rely on
We share information only with the providers needed to operate the app. Each is bound by its own privacy policy and processes data only as needed on our behalf.
- Firebase (Google LLC) — authentication, database, and file storage.
- Anthropic, PBC — AI itinerary generation and conversation. We send the minimum context needed (preferences, prior turns); never your email, name, or photos.
- Apple Inc. — Sign in with Apple.
- Google LLC — Sign in with Google; Google Places for place verification.
- Mapbox, Inc. — map tiles and location previews for activities you save.
- Functional Software, Inc. (Sentry) — crash and error diagnostics, scrubbed of personal data before leaving your device.
- PostHog, Inc. — anonymous product analytics, linked only to an anonymous account identifier.
5. Your rights and choices
From inside the app you can, at any time:
- Edit your travel preferences (Profile → Travel Preferences).
- Change or remove your profile photo.
- Delete an individual trip.
- Permanently delete your account and all associated data (Profile → Account → Delete account).
Depending on where you live, you may also have rights to access, correct, port, or restrict processing of your data under the GDPR (EU/UK), CCPA/CPRA (California), or the Philippine Data Privacy Act. To exercise any of these, email hello.odysa@outlook.com and we'll respond within 30 days.
6. Data retention
We keep your data for as long as your account is active. When you delete your account in the app, your profile, trips, and photos are removed from our active systems immediately, and any encrypted backups are purged within 30 days.
7. Data security
We protect your data with encryption in transit (HTTPS/TLS), encryption at rest, and strict database access rules so that only you can read your own profile and trip data. No system is perfectly secure, but we treat your data the way we'd want ours treated. If we ever discover a breach that affects you, we'll notify you without undue delay.
8. Children's privacy
Odysa is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us and we'll delete it.
9. International users
Odysa is operated from the Philippines, and some of our providers are based in the United States. If you access the service from elsewhere, your information may be transferred to, stored in, and processed in these countries, protected by the safeguards applicable law requires.
10. Changes to this policy
We may update this policy as Odysa evolves. When we make material changes — for example, adding a new category of data collection — we'll update the "last updated" date above and, where appropriate, notify you in the app or by email.
11. Contact
For any privacy question, request, or complaint, email hello.odysa@outlook.com. If you are in the Philippines, you may also contact the National Privacy Commission at privacy.gov.ph.