TravelWithMePrivacy Policy
TravelWithMe UG · Last updated: June 1, 2026
This Privacy Policy ("Policy") describes how TravelWithMe UG ("TravelWithMe," "we," "us," or "our") collects, uses, stores, shares, and protects your personal data when you use the TravelWithMe mobile application, web application, and related services (collectively, the "Services").
If you have questions about this Policy or wish to exercise your data rights, please contact us at hey@travelwithme.app.
Please read this Policy carefully. By using the Services, you acknowledge that you have read and understood this Policy.
1. Who we are
TravelWithMe UG is the data controller responsible for your personal data.
TravelWithMe UG · Am Zinkenschlag 19 · 97450 Arnstein · Germany · Email: hey@travelwithme.app
As a company based in Germany, TravelWithMe is subject to the General Data Protection Regulation (GDPR) and applicable German data protection law.
2. What information we collect
2.1 Information you provide directly
- Account information: Name, email address, date of birth, gender, country of origin, and profile photo, provided during registration or profile setup.
- Authentication data: When you sign in with Apple or Google, we receive a unique identifier and, where permitted, your name and email address from those providers. We do not receive or store your Apple or Google password.
- Profile content: Travel preferences, languages spoken, travel types, budget preferences, and other profile information you choose to provide.
- User-generated content: Trip descriptions, trip images, messages sent via 1:1 chat or group chat, poll responses, shared notes, packlist entries, expense records, location pins, uploaded documents, and gallery photos.
- Trip data: Information about trips you create or join, including destination, dates, member list, and trip settings.
- Reports and feedback: Information you provide when reporting another user, a trip, or a chat.
2.2 Information collected automatically
- Device information: Device type, operating system version, app version, and unique device identifiers.
- Usage data: Features used, screens visited, actions taken within the app, and interaction timestamps.
- Crash reports: Diagnostic data collected via Firebase Crashlytics when the app crashes or encounters an error, including device state, stack traces, and app version.
- Push notification tokens: Device tokens used to deliver push notifications via Firebase Cloud Messaging (FCM) (Android) and Apple Push Notification Service (APNs) (iOS).
2.3 Information from third parties
- Sign in with Apple / Sign in with Google: User identifier and, where authorized, basic profile information.
- RevenueCat: Subscription status, purchase history, and entitlement data related to premium features and in-app purchases. RevenueCat does not share payment card details with us.
3. How we use your information
We process your personal data for the following purposes and on the following legal bases under the GDPR:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Contract performance (Art. 6(1)(b) GDPR) |
| Providing and operating the Services | Contract performance (Art. 6(1)(b) GDPR) |
| Enabling trip discovery, group features, and messaging | Contract performance (Art. 6(1)(b) GDPR) |
| Processing premium subscriptions and purchases | Contract performance (Art. 6(1)(b) GDPR) |
| Sending push notifications | Legitimate interest / Consent (Art. 6(1)(a) and (f) GDPR) |
| Crash reporting and app stability monitoring | Legitimate interest (Art. 6(1)(f) GDPR) |
| Improving and developing the Services | Legitimate interest (Art. 6(1)(f) GDPR) |
| Enforcing our Terms of Service and Community Guidelines | Legitimate interest (Art. 6(1)(f) GDPR) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
We will not process your personal data for purposes incompatible with those listed above without your prior consent.
4. Third-party service providers
To operate the Services, we share data with the following trusted third-party providers. Each provider acts as a data processor on our behalf and is bound by appropriate data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, database storage (DynamoDB), file storage (S3), serverless compute (Lambda), real-time messaging (AppSync), user authentication (Cognito) | EU (Frankfurt, Germany) |
| Google Firebase – Crashlytics | Crash reporting and app diagnostics | USA (SCCs applied) |
| Google Firebase – FCM | Push notification delivery (Android) | USA (SCCs applied) |
| Apple Inc. – APNs | Push notification delivery (iOS) | USA (SCCs applied) |
| Apple Inc. / Google LLC | Authentication (Sign in with Apple / Google) | USA (SCCs applied) |
| RevenueCat Inc. | Subscription management and in-app purchase processing | USA (SCCs applied) |
Where providers are located outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
We do not sell, rent, or lease your personal data to any third party.
5. Data storage and retention
Your data is primarily stored on AWS infrastructure located in the EU (Frankfurt, Germany).
We retain your personal data for as long as necessary to provide the Services and fulfill the purposes described in this Policy, or as required by applicable law. Specifically:
- Account data is retained for the duration of your account and deleted within 30 days of account deletion.
- Messages and chat content are deleted when a conversation is deleted or when a trip is completed or deleted.
- Crash reports are retained for up to 90 days as configured in Firebase Crashlytics.
- Purchase records are retained as required by German commercial and tax law (typically 10 years).
- Anonymized and aggregated data may be retained indefinitely for analytical purposes.
6. Your data rights
As a resident of the European Union or European Economic Area, you have the following rights under the GDPR:
- Right of Access (Art. 15 GDPR): You may request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17 GDPR): You may request deletion of your personal data in certain circumstances. You can delete your account directly within the app at any time. If you experience difficulties, contact us at hey@travelwithme.app and we will manually process your request within 7 days.
- Right to Restriction of Processing (Art. 18 GDPR): You may request that we limit how we process your data in certain circumstances.
- Right to Data Portability (Art. 20 GDPR): You may request a copy of your data in a structured, machine-readable format.
- Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests, including direct marketing.
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The competent authority for TravelWithMe UG is: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany · Website: https://www.lda.bayern.de
To exercise any of your rights, contact us at hey@travelwithme.app.
7. Children's privacy
The Services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately at hey@travelwithme.app and we will delete it promptly.
8. Push notifications
We use push notifications to inform you of new messages, trip updates, requests, and other relevant activity. You may manage your notification preferences within the app or through your device settings. Disabling notifications does not affect your ability to use the core features of the Services.
9. Data security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include:
- Encrypted data transmission (HTTPS/TLS);
- Secure cloud infrastructure hosted by AWS in the EU;
- Access controls and authentication via Amazon Cognito;
- Regular security reviews and monitoring.
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. In-app purchases and subscriptions
Payment processing for premium subscriptions and in-app purchases is handled by RevenueCat in conjunction with the Apple App Store and Google Play Store. TravelWithMe does not receive or store your payment card details.
For refund requests, please refer to the refund policies of Apple Inc. or Google LLC. TravelWithMe does not process independent refunds for in-app purchases.
11. Links to third-party services
The Services may contain links to third-party websites or services. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.
12. Changes to this policy
We may update this Policy from time to time. When we make material changes, we will notify you within the app or by email before the changes take effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.
Your continued use of the Services after any changes constitutes your acceptance of the updated Policy.
13. Contact us
For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us at:
Email: hey@travelwithme.app
© 2026 TravelWithMe UG. All rights reserved.