Privacy Policy

Effective date: April 28, 2026

Draft notice. This document is a baseline draft generated from the app's current feature set. It must be reviewed by qualified legal counsel before it is treated as a binding privacy policy.

XPLR Guide ("we", "us", "our") provides a mobile application and related services (the "Service") that help users discover places, lists, and itineraries. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

Information We Collect

Information you provide

  • Account information. When you create an account we collect your email address and a password (stored as a salted hash by our authentication provider, Supabase).
  • Profile information. Optional display name and any preferences you set.
  • Support requests. When you contact us through our support form we collect your name, email, and the contents of your message.

Information collected automatically

  • Device and usage data. App version, OS, device model, crash logs, and basic interaction events used to improve reliability and performance.
  • Approximate location. When you use location-aware features (such as browsing places near you) we may request access to your device location. You can revoke this permission at any time in your device settings.
  • Push notification tokens. If you opt in to notifications, we store a device token issued by OneSignal so we can deliver alerts you have requested.

Content delivery

  • Video playback. Embedded videos are delivered by Mux. Mux may collect technical playback data (e.g., buffering, resolution) under its own privacy policy.

How We Use Information

  • To operate, secure, and improve the Service.
  • To authenticate you and protect your account.
  • To respond to support inquiries.
  • To send transactional and (with your consent) promotional notifications.
  • To comply with legal obligations.

Sharing

We do not sell personal information. We share information only with:

  • Service providers acting on our behalf (Supabase for database and auth, OneSignal for push, Mux for video, Resend for email delivery, Vercel for hosting).
  • Authorities when required by law.
  • Successors in a merger, acquisition, or sale of assets, subject to equivalent protections.

Data Retention

We retain account data while your account is active. Support correspondence is retained for up to 24 months. You may request deletion at any time (see "Your Rights" below).

Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the use of your personal information, and to object to certain processing. California residents have additional rights under the CCPA/CPRA, and EEA/UK residents have rights under the GDPR/UK GDPR. To exercise any of these rights, email us at support@xplrguide.com.

Children

XPLR Guide is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Security

We use industry-standard safeguards including encryption in transit (TLS), encryption at rest where applicable, and least-privilege access controls. No system is perfectly secure; please use a strong, unique password.

International Transfers

Information may be processed in the United States and other countries where our service providers operate.

Changes

We may update this policy from time to time. Material changes will be announced in the app or by email.

Contact

Questions? Email support@xplrguide.com.