Privacy Policy
Last updated: [DATE] · Version [x.x]
⚠️ DRAFT — pending legal review. This document is a good-faith
working draft, not legal advice. Bracketed [PLACEHOLDERS] must be
completed by counsel before public launch.
- Controller. Roammingo is operated by [LEGAL ENTITY],
[REGISTERED ADDRESS]. Privacy contact: [PRIVACY EMAIL].
EU representative (Art. 27): [EU REP]. UK representative:
[UK REP]. DPO: [DPO or "not appointed; contact above"].
- Scope. Covers our web app / PWA; applies to users in the EEA, UK, and US
(California — see §13).
- Data we collect. You provide: name, email (via Clerk); chat messages
and free text; saved itineraries; travel preferences and home airport;
dietary restrictions / accessibility needs (optional — may reveal health, religious or
belief information); price-watch criteria; alert contact details.
Automatically: IP address (stored anonymized in our logs), device/usage data, analytics
events (see the Cookie Notice); performance/security logs.
Anonymous trial: chat content you enter before signing up.
Launch waitlist: if you join our pre-launch waitlist, your email address (with your
consent, to send launch updates only; unsubscribe or request erasure anytime).
- Why & legal basis. Account = contract; chat / trip planning = contract;
special-category dietary/accessibility = your explicit consent; analytics =
consent; alerts = consent (or contract if you request them); security logging =
legitimate interests. Special-category data is processed only with your explicit consent,
withdrawable anytime in your account settings.
- Automated processing & AI. Inputs are processed by a third-party LLM
(Anthropic Claude) to generate suggestions. We do not make solely-automated
decisions with legal or similarly significant effects. [Confirm Anthropic
no-train / retention terms.]
- Sharing (sub-processors). See our Sub-processor List.
We do not sell your personal data.
- International transfers. Providers are in the US and elsewhere; we rely on
EU/UK SCCs and/or EU-US DPF / UK Extension adequacy where
certified, plus supplementary measures. Copies on request.
- Retention. Account: life of account + [30] days;
chat/itineraries: [12 months] or until deletion; security logs:
[30–90 days]; backups: [30-day] rotation;
analytics: [14 months].
- Your rights. Access, rectify, erase, restrict, object, portability, withdraw
consent. Exercise via [PRIVACY EMAIL] or in-app (Export data / Delete my
account, and the consent toggles in your account panel). We respond within one month.
- Complaints. UK: ICO (ico.org.uk); EU: your local DPA
(edpb.europa.eu).
- Security. Encryption in transit and at rest, access controls, encrypted
backups, and data minimization (including anonymized IPs in logs).
- Children. Not intended for anyone under [16 / 18]; we
do not knowingly collect children's data.
- California (CCPA/CPRA). [If in scope: categories collected /
disclosed; rights to know / delete / correct; opt out of "sharing"; "Do Not Sell or Share My
Personal Information"; sensitive-PI limits; no discrimination.] We honor Global Privacy
Control (GPC) browser signals as an opt-out of analytics.
- Changes. Posted here; we notify you of material changes.