Privacy Policy.

Last updated: April 21, 2026

1. One-sentence summary

Voyage uses your email only for sign-in, stores your trips on your device first and syncs to the cloud only when online, asks for location only during active trip navigation, and does not sell your data. There is no cross-app tracking and no advertising networks.

2. Who we are

The Voyage app is developed and published by HPS SOFTWARE LTDA, a Brazilian limited liability company (CNPJ 47.172.959/0001-78), with registered office at Av. Dr. Álvaro Severo de Miranda, 812, Apto 1702, Passo Fundo / RS, Brazil.

For any privacy matter: contato@hpssoftware.solutions (subject line: "Voyage Privacy Request").

3. Data processed by Voyage

3.1 Email and account identifier

We use your email address for authentication via Supabase Auth. We also generate a unique user ID to manage your subscription through RevenueCat and to link your trips across devices.

3.2 Trip data

Everything you create (trips, steps, flights, hotels, activities, notes) is stored locally on your device in SQLite and synced to Supabase when you are online. Trips shared in group mode are visible only to members you invite via link — no one else has access.

3.3 Precise and approximate location

Location is used only during active trip navigation, with your explicit consent at the OS level. It is never stored on our servers — it is used only on-device to show the current trip step, compute ETAs, and display the marker on the offline map. You can revoke the permission at any time in your OS settings.

3.4 AI prompts

When you use AI features (itinerary generation, booking-email import, or the in-trip AI Guide), the text you send is processed by OpenAI through a Supabase Edge Function we operate. Prompts are not retained beyond the immediate response — we keep no conversational memory server-side. Note: prompt text may contain trip-specific details you type, so avoid including sensitive information you don't want processed by AI.

3.5 Crash reports (opt-in)

Sentry only receives a crash report if you opt in via the consent modal shown on first launch. Reports contain a call stack, device model, OS version, and app version — with email and free-text content stripped before sending. You can withdraw consent at any time in Settings.

3.6 Subscription (RevenueCat)

Your Voyage Pro subscription status is managed by RevenueCat, which receives only your user ID and the purchase history emitted by the App Store or Google Play. HPS does not receive card numbers, tax IDs, names, or billing addresses.

3.7 Calendar (when you connect Outlook)

If you choose to export your trip to Microsoft Outlook / Microsoft Calendar, Voyage uses Microsoft Graph with authentication performed directly with Microsoft. Calendar event data (title, time, address, notes) is sent to your Microsoft account. Integration with Google Calendar and Apple Calendar goes through the device's native calendar store and does not pass through our servers.

3.8 Affiliate links

When you tap an affiliate link (flight, hotel, activity), Voyage builds a URL through Travelpayouts containing only a marker identifier (for commission attribution). No personal data is sent via the link — the marker simply tells the affiliate platform that the purchase originated from Voyage.

4. What Voyage does NOT collect

• Banking or credit-card data (purchases are processed by Apple / Google)
• Government IDs or tax numbers
• Contacts, photos, microphone, or camera (except what you attach yourself)
• Browsing history outside the app
• Biometric data
• Location outside of active trip navigation
• Advertising identifiers (Voyage does not serve ads)

5. Legal basis (GDPR / LGPD / CCPA)

Processing relies on the following legal bases under GDPR:

• Contractual necessity — account and trip data, subscription management.
• Legitimate interest — crash reporting (consent-gated in the UI).
• Consent — location during trips, crash reports, Microsoft Outlook sync.

Under Brazil's LGPD (Lei Geral de Proteção de Dados Pessoais):

• Article 7, II — compliance with legal obligations related to subscription billing and taxation.
• Article 7, V — contractual execution for account and trip services.
• Article 7, IX — legitimate interest for crash reporting.
• Article 7, I — consent for location, crash reports, and Outlook sync.

California residents (CCPA): we do not "sell" your personal information as defined by CCPA.

6. Third-party sharing

We share strictly-necessary technical data with the following processors:

• Supabase — database host and authentication. Receives email, user ID, and trip data. US/EU regions (selectable).
• RevenueCat — subscription management. Receives user ID and purchase history. United States.
• OpenAI — AI processing via our Edge Function. Receives prompt text only (not stored by us after the response). United States.
• Sentry — crash reporting (opt-in). Receives call stack, no email, no free-text. United States.
• Travelpayouts — affiliate commission attribution. Receives only a marker ID. No personal data.
• Microsoft Graph — only used if you connect Outlook. You authenticate directly with Microsoft. Calendar event data is sent to your account.
• Apple App Store / Google Play — subscription and purchase brokering.

We do NOT sell your data. We do NOT share with advertising networks. We do NOT track you across apps or websites.

7. International transfers

Some of the processors above host infrastructure outside Brazil (USA, European Union). Where transfers occur, we rely on the safeguards recognized by LGPD (Art. 33) and GDPR (standard contractual clauses, adequacy mechanisms).

8. Retention

• Account and trip data — retained while the account exists. Cascades to deletion via Settings → Delete Account.
• AI prompts — NOT retained beyond the immediate response (no conversational memory server-side).
• Crash reports — retained for 90 days in Sentry, then deleted automatically.
• Subscription history — retained by Apple / Google for as long as those platforms choose; RevenueCat keeps an aggregate cache tied to your user ID.

9. Children

Voyage is not directed at children under 13 (COPPA) or under 16 (GDPR). We do not knowingly collect personal data from children. If you believe a child has created an account, contact contato@hpssoftware.solutions and we will delete the data.

10. Your rights

As a data subject, you may:

• Access — view all your trip data directly in the app.
• Correction — edit any trip, step, or profile field in-app.
• Deletion — Settings → Delete Account (cascades across Supabase, RevenueCat association, and Sentry retention).
• Withdraw consent — toggle crash reporting or location at any time in Settings.
• Portability — structured trip export is planned for v2. Meanwhile, request an export via the email below.
• Lodge a complaint with ANPD (Brazil), your EU member state's data-protection authority, the ICO (UK), or the competent authority in your jurisdiction.

To exercise any of these rights: contato@hpssoftware.solutions (subject line: "Voyage Privacy Request"). We respond within 15 days.

11. Security

All communication between the app and our servers (Supabase, Edge Functions, RevenueCat, Sentry, Microsoft Graph) happens over TLS (HTTPS). The local SQLite database on your device relies on the OS-level app sandbox for protection. Supabase Auth passwords are stored with secure hashing on the server; they never travel or reside in plaintext.

12. Changes to this policy

We may revise this policy as Voyage evolves (new features, new providers, legal updates). Changes are published on this page with the "Last updated" date at the top. Material changes are communicated in-app.

13. Contact