Privacy Policy

1. General Data Protection Regulation (GDPR)

We are a Data Controller of your personal information under the European General Data Protection Regulation ("GDPR"). Our legal bases for collecting and using the personal information described in this Privacy Policy are:

• Performance of a contract with you.
• Your consent where we have requested it.
• Our legitimate interests in operating and improving the Service.
• Compliance with a legal obligation.

We will retain your personal information only for as long as necessary for the purposes set out in this Privacy Policy, and to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have the following data protection rights:

• The right to access, update, or delete the information we hold about you.
• The right of rectification — to have inaccurate data corrected.
• The right to object to our processing of your data.
• The right of restriction — to request we limit how we process your data.
• The right to data portability — to receive a copy of your data in a structured, machine-readable format.
• The right to withdraw consent at any time where we rely on consent to process your information.

To exercise any of these rights, please contact us at [email protected].

2. Log Files

Bucketlist follows a standard practice of using server log files. These files record activity when you visit the Service. The information collected in log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring and exit pages, and the number of clicks. This data is not linked to any personally identifiable information. We use it to analyze trends, administer the Service, track user movement, and gather aggregate demographic information to improve the product experience.

3. Cookies and Web Beacons

Like most websites, Bucketlist uses cookies — small text files placed on your device to store information such as your session state and preferences. Cookies help us keep you signed in, remember your settings, and understand how you interact with the Service so we can improve it. We may also use web beacons (small transparent images embedded in pages or emails) to track engagement.

You can instruct your browser to refuse all cookies or to alert you when a cookie is being sent. If you disable cookies, some parts of the Service may not function correctly. For browser-specific instructions on managing cookies, refer to your browser's help documentation.

4. Information We Collect

We collect the following categories of information:

• Account Information: Your name, email address, and hashed password when you register for an account.
• Trip & Itinerary Data: The travel content you create within the Service, including trip plans, itinerary events, flight and hotel details, ground transport bookings, checklists, notes, wishlists, and shopping lists.
• Collaboration Data: Information related to trips you share with others, including collaborator email addresses and the access permissions you grant them.
• Profile Information: If you claim a public profile, we collect your username, display name, bio, avatar, cover image, location, website, and default visit-privacy preference. By default, this information is publicly visible on your profile page at bucketlisttravel.app/u/<username>.
• Social Graph: The list of users you follow and the list of users who follow you. Follower and following lists are publicly visible on each user's profile.
• Place Visits: Records of places you have visited, including the place, your tier rating (loved, fine, or disliked), a relative ranking score derived from pairwise comparisons, optional notes, tags, visit date, and any photos or video you attach. Each visit carries a privacy setting (public, followers-only, or private) that you control.
• Social Interactions: Likes, emoji reactions, and comments you create on visits — yours or other users'. These inherit the visibility of the underlying visit.
• Activity Events: When you log, rank, react to, or comment on a visit — or follow another user — we create a denormalized feed event so your followers can see the activity in their feed. Feed events inherit the privacy of the source visit; private visits never generate feed activity.
• Usage Data: Information about your interactions with the Service, such as pages visited, features used, actions taken, and session duration.
• Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and language settings.
• Email Import Data: If you choose to connect your Gmail account to the Service, we access booking-related emails from a predefined list of travel providers (airlines, hotels, rail and transport operators, restaurants, and tour providers) so we can extract reservations into your trips. See Section 5 for how this data is used and stored.

5. Email Import (Gmail & Forwarded Email)

If you choose to use the optional email import feature, Bucketlist will read booking confirmation emails to automatically add flights, hotels, trains, and reservations to your trips.

What we access. When you connect Gmail, we request read-only access to your inbox with a scoped search filter that only returns messages from a predefined list of trusted travel providers. We do not read personal correspondence, newsletters, or any message outside that allowlist. A defense-in-depth check on our servers discards any message whose sender domain is not on the allowlist, even if Gmail returns a near-match. You may also forward individual booking confirmations to a personal forwarding address we provide — only the emails you choose to forward are processed.

The complete sender allowlist is:

We may add new providers to the allowlist over time as we expand coverage. The list above reflects the state of the allowlist as of the “Last updated” date at the top of this policy; material additions will bump that date.

How we use it. We extract structured reservation details (airline, flight number, dates, locations, confirmation codes, and similar booking facts) and present them to you for review before they are added to a trip. We do not use the content of your emails for advertising, we do not sell it, and we do not share it with anyone other than the service providers listed below.

AI/LLM processing. We use a third-party large-language-model service provider to parse unstructured email text into structured reservation fields. The provider processes email content on our behalf, does not retain it beyond the request, and does not use it to train their models. We do not share your identity or account information with the LLM provider — only the email body needed for the parse.

Retention. Raw email content we ingest for parsing is stored only as long as needed to produce a reservation for your review, and is deleted when you disconnect your Gmail account, delete your Bucketlist account, or reject the parsed reservation. Structured reservations you confirm into a trip follow the retention described in Section 11.

Revocation.You can disconnect Gmail at any time from your Bucketlist account page. You can also revoke Bucketlist's access directly from your Google account at myaccount.google.com/permissions. Disconnecting stops any further syncs; previously-imported reservations remain part of your trip unless you delete them.

Google API Services Limited Use. Bucketlist's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we only use Gmail data to provide the email-import feature you opted into, we do not transfer Gmail data except to the service provider performing the parse on our behalf, we do not use Gmail data for advertising, and we do not allow humans to read your email except (i) with your explicit consent, (ii) for security purposes such as investigating abuse, (iii) to comply with applicable law, or (iv) in aggregated and anonymized form for internal operations.

6. Scout (AI Chat Assistant)

Scout is an optional AI chat assistant available to Pro users that helps with trip planning, itinerary questions, and managing the data already in your Bucketlist account.

AI/LLM processing. Scout is powered by the same third-party large-language-model service provider we use elsewhere in Bucketlist. The provider processes your chat messages on our behalf, does not retain them beyond the request, and does not use them to train their models.

No chat-history storage. We do not store a persistent record of Scout conversations. Each session exists only for the duration it is active; once the session ends or is cleared, the chat contents are gone. Trip changes Scout makes on your behalf (for example, creating an event) are persisted in your trip data like any other edit — but the underlying chat transcript is not.

Safety preprocessing. Before each message reaches the main assistant, a lightweight classifier screens it for prompt-injection attempts, jailbreak attempts, and clearly off-topic requests. This preprocessing happens on our servers using the same LLM provider. Messages flagged as malicious or off-topic are redirected back to the travel-assistant scope and do not reach the main model.

Accuracy.Scout's responses are AI-generated and may contain errors, omissions, or outdated information. Verify important details (dates, prices, availability, travel requirements) with primary sources before relying on them.

7. Public Content & Visibility Controls

Bucketlist includes social features — public profiles, visits, follows, reactions, comments, and an activity feed. This section explains what is public by default and how to control visibility.

Public profiles. If you claim a username, your profile page at bucketlisttravel.app/u/<username> is publicly accessible to anyone on the internet, including search engines. Your username, display name, avatar, cover image, bio, location, website, and aggregate counts (followers, following, visits) are public. You can change or clear any of these fields from your profile editor at any time.

Follower and following lists. The list of accounts you follow and the list of accounts following you are publicly visible on your profile. There is no approval flow — anyone can follow you.

Per-visit privacy. Each visit you log carries one of three privacy levels:

• Public— visible on your profile, in discover, and in any follower's feed.
• Followers — visible only to accounts that follow you; never surfaced in discover or to logged-out visitors.
• Private — visible only to you; never appears in any feed, discover surface, or public profile grid.

You set a personal default visit privacy from your profile editor; every new visit starts at that default. You can change privacy on an individual visit at any time, which immediately hides or exposes it (and its associated feed events, reactions, and comments) to match the new level.

Reactions and comments. Likes, reactions, and comments you leave on visits inherit the visibility of the underlying visit — reacting to or commenting on a public visit is a public action. The author of a visit may remove reactions or comments on their own visit at any time.

Activity feed events.When your activity is eligible for a follower's feed (because the source visit is public or followers-only), we create a denormalized feed event so it can be served quickly. If you later change the underlying visit to private, delete the visit, or remove a follower's access, the corresponding feed events are hidden on the next refresh.

Deletion. Deleting an individual visit cascades to its attachments, reactions, comments, and feed events. Deleting your account removes your profile, follows (in both directions), visits, visit attachments, reactions, comments, and feed events — see Section 11.

8. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Save and sync your trip data across sessions and devices.
• Personalize your experience based on your trip history and preferences.
• Communicate with you about account changes, new features, and support requests.
• Ensure security, prevent fraud, and detect abuse or violations of our Terms of Service.
• Analyze usage patterns in aggregate to understand how our product is used and where it can be improved.
• Comply with applicable legal obligations.

9. How We Share Your Information

We do not sell your personal data. We share your information only when necessary:

• Service Providers: With cloud hosting, infrastructure, analytics, and AI/LLM vendors who process data on our behalf under contractual confidentiality obligations. AI/LLM providers are used both to parse unstructured booking-email text into structured reservations and to power Scout, our AI chat assistant; in both cases they do not retain the data beyond the request and do not use it to train their models.
• Legal Requirements: When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of our users.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

When you share a trip via a shareable link or invite a collaborator, that person will be able to view (and, if you grant edit access, modify) the trip contents. You control who receives access. Bucketlist is not responsible for how recipients use or share content you have made accessible to them.

10. Third-Party Services

The Service may integrate with or link to third-party services, including mapping providers such as Apple Maps and Google Maps, as well as travel booking platforms. When you interact with these integrations, the third party's own privacy policy governs how they collect and use your data. Bucketlist has no access to or control over the data practices of these third parties and encourages you to review their respective privacy policies.

11. Data Retention

We retain your account and trip data for as long as your account is active or as needed to provide the Service. You may delete your account at any time from your account settings. We will fully delete your account and associated personal data within 14 days of receiving your deletion request. Certain information may be retained for a longer period where required by law or for legitimate business purposes such as fraud prevention.

Account deletion cascades to your profile (username, bio, avatar, cover, location, website), your follow relationships in both directions, your place visits and their attachments, the reactions and comments you made on any visit, and the activity feed events generated from your actions.

12. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access or receive a copy of the data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated personal data (see Section 11).
• Export a copy of your trip data.
• Object to or restrict certain processing activities, including direct marketing.
• Withdraw consent at any time where processing is based on consent.

California Residents (CCPA): If you are a California resident, you have the right to know what personal information we collect, the right to delete it, the right to opt-out of its sale (we do not sell personal information), and the right not to be discriminated against for exercising these rights.

To make a request, contact us at [email protected]. We will respond within the timeframes required by applicable law.

13. Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure credential storage, and access controls limiting which personnel can access personal information. No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

14. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our systems.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by posting the updated policy on our website with a new effective date. In some cases we may provide additional notice, such as an in-app notification or an email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

16. Consent

By using the Service, you consent to this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use the Service.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].