Privacy Policy

Jaunt is an AI travel planner and in-trip companion ("Jaunt", "we", "us"). Jaunt is operated from the United States and is the data controller for the personal information described in this policy. For anything privacy-related, you can reach us at hello@getjaunt.com.

Almost everything we hold is information you choose to put into Jaunt:

• Account information — your email address, name, and profile photo, provided directly or by your sign-in provider (for example Google) through our authentication provider, Supabase.
• Profile details — your home city and the travel preferences you save.
• Trips and itineraries — destinations, dates, places, itinerary items, notes, and booking details you add or import, including confirmation numbers and costs.
• Group members and invitations — when you invite someone to a trip by email, we store that email address (before they have a Jaunt account) so we can deliver the invitation and connect them to the trip when they join.
• Expenses and settlements — shared costs you log and how they're split among the group.
• Photos — pictures you upload to a trip. Photos are stored in a private storage bucket and served through signed links that expire automatically, so they're viewable only by the trip's members. If you make a trip publicly shareable, its photos appear on the share page and are viewable by anyone with the share link.
• Checklists — packing and to-do lists you create for a trip.
• Emails you forward or let us scan — described in the next section.
• Limited usage and device data — described under Cookies, analytics, and your choices.

Jaunt can turn booking confirmation emails into itinerary items in two ways: you can forward an email to your trip's private, per-trip address, or you can connect your Gmail or Outlook account so Jaunt periodically scans your mailbox for travel booking emails and imports them automatically.

When you use these features, we store the raw email — including its full text — in our database while we process it. We use Claude, an AI model from Anthropic, to read the email and extract booking details such as flights, hotels, reservations, confirmation numbers, and costs. Booking emails often contain personal information about other people — fellow travelers' names, loyalty program numbers, phone numbers — so only forward or connect content you have the right to share.

Raw forwarded or scanned email content is kept only as long as needed for parsing and troubleshooting, and is purged within 90 days. The structured booking details we extract stay on your trip until you delete them.

If you connect Gmail or Outlook, your OAuth tokens are encrypted at rest with AES-256-GCM. You can disconnect an integration at any time from within the app, which stops all scanning.

Jaunt's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Gmail data only to identify and import travel bookings into your trips — never for advertising — and we don't allow humans to read your email except with your explicit permission, where necessary for security, or to comply with law. We apply the same standards to Outlook data.

• To provide Jaunt — creating and syncing trips, enabling group planning, splitting expenses, storing photos and checklists.
• To power AI features — generating itineraries, answering concierge questions, building trip recaps, and parsing booking emails (see AI processing below).
• To send transactional email — invitations, receipts, and account messages — through Resend.
• To process subscription payments through Stripe.
• To keep Jaunt secure and reliable — preventing abuse, debugging, and monitoring service health.
• To understand how the product is used, within the limits described under Cookies, analytics, and your choices.

We do not sell your personal information, and we do not use it for third-party advertising.

Jaunt's planning features are powered by Claude, an AI model provided by Anthropic. We send Claude only the content each feature needs: your trip details when generating an itinerary, your messages when you chat with the concierge, your trip content when creating a recap, and forwarded or scanned emails when extracting bookings.

Under Anthropic's API terms, the inputs we send and the outputs we receive are not used to train Anthropic's models.

We use a small set of providers to run Jaunt. Each one processes information only to provide its service to us:

• Supabase — database, authentication, and file storage (hosted in the United States).
• Anthropic — Claude AI for itinerary generation, concierge chat, trip recaps, and email parsing; inputs and outputs are not used to train its models.
• Stripe — subscription payments. Your card details go directly to Stripe and never touch our servers.
• PostHog — product analytics, hosted in the United States (cookieless and anonymous by default; see the cookies section).
• Resend — transactional email delivery.
• Vercel — application hosting.
• Google Maps — map display, where configured.
• OpenStreetMap — map tiles, and its Nominatim service for looking up place coordinates.
• Open-Meteo — weather forecasts and destination geocoding (we send destination names and coordinates, not your identity).

When you tap a booking link for hotels, flights, activities, or restaurants, you leave Jaunt and continue on a partner site such as Booking.com, Kayak, Viator, or OpenTable — in some cases routed through our affiliate partner Travelpayouts. Those sites operate under their own privacy policies and may set their own cookies. We may earn a commission on bookings made through these links, at no extra cost to you.

By default, Jaunt uses only strictly-necessary cookies and storage:

• Supabase authentication cookies that keep you signed in.
• Short-lived security cookies during sign-in, including a 10-minute cookie that protects the Gmail/Outlook connection handshake against forgery.
• A per-session flag that remembers the launch splash has been shown.
• Service-worker caches that let the app work as a PWA and load offline.

Our product analytics (PostHog) runs without cookies or device storage by default: events are processed in memory only, are anonymous, and are not linked across sessions or to your identity.

If you opt in to analytics — via the in-app prompt or setting — we set a first-party PostHog cookie and a localStorage identifier, and your usage is linked to your account (user id and email) so we can understand how Jaunt is used by real journeys. You can opt back out at any time in the app, which withdraws consent and removes the identifier.

We honor Global Privacy Control (GPC) and Do Not Track browser signals: when your browser sends one, we treat analytics consent as denied, and the signal always overrides any opt-in stored on the device.

Jaunt contains no advertising trackers, and we do not sell or share your personal information as those terms are defined by the California Privacy Rights Act (CPRA).

Trips are shared with the people in them: group members can see the trip's itinerary, bookings, expenses, photos, and checklists. If you create a shareable trip link, anyone with that link can view what you've chosen to share.

Beyond the service providers listed above, we disclose information only if required by law or legal process, to protect the rights and safety of our users or the public, or — with notice to you — as part of a merger, acquisition, or sale of the business. We never sell your personal information.

• Account, trip, and photo data — kept until you delete the content or your account.
• Raw forwarded or scanned email content — purged within 90 days.
• Billing records — retained by Stripe as required for tax and accounting purposes.
• Server logs and analytics events — retained per our processors' default retention periods.

All traffic to Jaunt is encrypted in transit (TLS). Mailbox OAuth tokens are encrypted at rest with AES-256-GCM. Trip data is protected by database row-level security so it's only accessible to the members of each trip. Card details are handled entirely by Stripe and never reach our servers.

No system is perfectly secure. If a breach ever affects your personal information, we'll notify you as required by law.

Jaunt is operated from the United States, and your information is processed there. If you use Jaunt from the EU/EEA, UK, or Switzerland, transfers to our processors rely on appropriate safeguards such as Standard Contractual Clauses and, where applicable, our processors' participation in the EU-U.S. Data Privacy Framework.

Depending on where you live, you have some or all of the following rights: to access the personal information we hold about you, to correct it, to delete it, to receive a portable copy, to restrict or object to certain processing, and to withdraw consent at any time (for example, the analytics opt-in). If you're in the EU/EEA or UK, you also have the right to complain to your data protection supervisory authority.

If you're a California resident, you have the rights to know, delete, and correct your personal information, and to opt out of its sale or sharing — though we don't sell or share personal information in the first place. We will never discriminate against you for exercising your rights.

The fastest path for most of this is self-serve: you can delete your account from Settings in the app (at /app/settings), which deletes your account, trips, photos, and mailbox integrations, and cancels any subscription. For anything else, email hello@getjaunt.com — we respond to privacy requests within 30 days.

Jaunt is not directed at children, and you must be at least 16 to use it. We don't knowingly collect personal information from anyone under 16. If you believe a child has given us personal information, contact us and we'll delete it.

We'll update this policy as Jaunt evolves. When we do, we'll update the date at the top, and for significant changes we'll notify you in the app or by email before they take effect.

Questions, requests, or concerns about privacy? Email hello@getjaunt.com and we'll be happy to help.