Exploria Privacy Policy

Effective as of June 04, 2026

PDF version

This Privacy Policy describes how Exploria collects, uses, stores, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and applicable French data protection law.

1. Data Controller

Clement Bouye – Sole Trader (Auto-entrepreneur), France

Privacy contact: support.exploria@gmail.com

2. Data We Collect

2.1 Data you provide

• Email address (registration and authentication)
• Username or display name
• Travel preferences (destinations, activity types, budget, etc.)
• History of generated itineraries

2.2 Data collected automatically

• Location data (with explicit consent, for map features via Mapbox)
• Technical data: device identifier, operating system, Application version
• Usage data: features used, credits consumed, session timestamps
• Crash and error data (via Sentry, for technical diagnostics)

2.3 Payment data

Credit purchases are handled by RevenueCat and the relevant app store platforms (Apple App Store / Google Play). Exploria never collects or stores your bank or payment card details.

3. Purposes and Legal Bases for Processing

• User account creation and management — Legal basis: Performance of contract (Terms of Use)
• AI-powered itinerary generation (OpenAI) — Legal basis: Performance of contract
• Map display (Mapbox) — Legal basis: Consent (location)
• Payment and credit management (RevenueCat) — Legal basis: Performance of contract
• Technical error monitoring (Sentry) — Legal basis: Legitimate interest (service quality)
• Application improvement (aggregated data) — Legal basis: Legitimate interest
• Push notifications and communications — Legal basis: Consent
• Compliance with legal obligations — Legal basis: Legal obligation

4. Recipients of Data (Sub-processors)

In providing the service, your data may be shared with the following sub-processors, all bound by contractual safeguards compliant with the GDPR:

Supabase – Database hosting and authentication

Location: United States (EU Standard Contractual Clauses)

OpenAI – AI request processing

Location: United States (EU Standard Contractual Clauses)

Mapbox – Mapping features

Location: United States (EU Standard Contractual Clauses)

RevenueCat – Subscription and in-app purchase management

Location: United States (EU Standard Contractual Clauses)

Sentry – Error monitoring and technical diagnostics

Location: United States (EU Standard Contractual Clauses)

GitHub – Source code hosting (no user data)

Location: United States

No personal data is sold to third parties. Partner links (Booking.com, GetYourGuide) are simple redirects — Exploria does not transmit your data to these platforms at the time of the click.

5. International Data Transfers

Some sub-processors (Supabase, OpenAI, Mapbox, RevenueCat, Sentry) are based in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring an adequate level of protection in accordance with Article 46 of the GDPR.

6. Retention Periods

• Account data: Until account deletion + 3 years (statutory limitation period)
• Itinerary history: 3 years after last activity
• Payment logs: 10 years (statutory accounting obligation)
• Crash data (Sentry): 90 days
• Location data: Not retained – real-time processing only

7. Your Rights Under the GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15): obtain a copy of your data
• Right to rectification (Art. 16): correct inaccurate data
• Right to erasure (Art. 17): request deletion of your data
• Right to restriction (Art. 18): restrict certain processing activities
• Right to data portability (Art. 20): receive your data in a structured format
• Right to object (Art. 21): object to processing based on legitimate interest
• Right to withdraw consent: at any time, without retroactive effect

To exercise any of these rights, contact us at: support.exploria@gmail.com

We will respond within a maximum of 30 days.

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr — or with the supervisory authority of your country of residence within the EU.

8. Cookies and Trackers

The mobile Application does not use cookies in the traditional sense. Anonymous technical identifiers may be used for usage analytics and diagnostics (via Sentry). No advertising trackers are used.

9. Data Security

Exploria implements appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or disclosure:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure authentication managed by Supabase Auth
• Access to data restricted on a need-to-know basis (principle of least privilege)
• Incident monitoring via Sentry
• Regular security updates

In the event of a data breach likely to result in a high risk to your rights and freedoms, you will be notified as soon as possible in accordance with Article 34 of the GDPR.

10. Children's Data

The Application is intended for users aged 16 and over. We do not knowingly collect personal data from children under the age of 16. If you are a parent and believe your child has provided us with personal data, please contact us at support.exploria@gmail.com so we can delete it.

11. Changes to This Policy

This policy may be updated to reflect legal, technical, or business changes. In the event of a material change, you will be notified via an in-app notification or by email. The effective date is always shown at the top of this document.

12. Contact

For any questions regarding this policy or your personal data:

Clement Bouye – Exploria

Email: support.exploria@gmail.com

Exploria – Privacy Policy – June 04, 2026 – Clement Bouye, Sole Trader