Account information such as your email address, authentication details, and user identifiers.

Profile and trip information such as preferences, destinations, route details, itineraries, saved selections, and trip planning inputs.

Content you share into Fichi for trip planning, such as images, screenshots, and videos (including any audio they contain), which we process to extract travel details.

Support and feedback information such as messages, screenshots you choose to upload, and related account context.

Technical and usage information such as device, browser, log, security, and error data needed to operate and protect the service.

External booking interaction data when you click out to third-party travel providers.

To provide the Fichi beta, including sign-in, trip planning, saved selections, and account management.

To improve performance, troubleshoot issues, prevent abuse, and keep the service secure.

To respond to support requests, feedback submissions, and account-related questions.

To comply with legal obligations and enforce our terms.

Encryption in transit (HTTPS/TLS) for all traffic between your device and our services.

Encryption at rest for stored data through our managed database provider (Supabase).

Row-level security on database tables with a default-deny posture, so records are only accessible to the authenticated account they belong to.

Authentication through Supabase using short-lived bearer tokens, with sign-in via email and password, Google, or Apple.

Rate limiting and abuse-prevention controls to protect the service from misuse.

Access to production systems is limited to authorized personnel.

Supabase for authentication, database, and file storage.

Anthropic for AI-assisted trip planning features.

OpenAI for transcription and text recognition on content you upload, such as shared trip screenshots.

Twelve Labs for analyzing shared video content to extract travel details.

Langfuse for monitoring and tracing of AI features.

Google for sign-in and certain places-related features.

Open-Meteo for weather data.

Carto for map tiles.

Sentry for error monitoring and service reliability.

PostHog for product analytics where enabled and permitted.

Resend for transactional emails when email features are enabled.

Upstash Redis for rate limiting and abuse prevention.

Account, profile, trip, and support data are generally kept for as long as your account remains active or as needed to provide the service.

If you ask us to delete your account, we will remove or anonymize data from our systems where reasonably possible, subject to legal, security, and operational requirements.

Certain abuse-prevention and rate-limit records may be retained for up to 90 days.

Information stored locally in your browser remains there until it is cleared, overwritten, or removed by the app.