PRIVACY POLICY

Last Updated: February 11, 2026

Effective Date: February 11, 2026

At a Glance ✨

  • Data We Collect: Account info, trip details, user content, and real-time location (for navigation).
  • AI Usage: We use Google Gemini to generate itinerary suggestions.
  • Agencies: If you join an Agency trip, they can see your location & profile during that trip.
  • Privacy Controls: Use "Ghost Mode" to pause location sharing anytime.
  • Security: Direct messages are encrypted-at-rest. We auto-purge deleted messages.
  • No Selling: We do not sell your personal data to third parties.

Table of Contents

1. Information We Collect2. AI & Automated Processing3. How We Use Your Info4. Data Sharing5. Messaging & Encryption6. Control Over Your Data7. Data Retention8. Security9. Children’s Privacy10. Jurisdiction11. Contact Us

Polyhistor Inc ("Company," "we," "us," or "our"), a corporation organized under the laws of the State of Delaware, is committed to protecting your privacy. This Privacy Policy describes how we collect, process, and safeguard your information when you use the Polyhistor mobile application and associated services (collectively, the "Service").

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect data to provide accurate navigation, AI-driven recommendations, and social connectivity.

A. Information You Provide

  • Account Registration: When you create an account, we collect your username, email address, and password (hashed for security).
  • Profile Information: You may provide a display name, bio, date of birth, gender, hometown, language, and timezone settings.
  • Trip & Itinerary Data: We collect trip details including destination, budget, start/end dates, and itinerary items (flights, hotels, activities).
  • User Content: This includes messages, photos (profile pictures, trip covers), comments on itineraries, and votes.

B. Information Collected Automatically

  • Real-Time Location & Navigation History: To provide routing and "Live Tracking," we collect your precise latitude, longitude, speed, and heading. We store Navigation Sessions (origin, destination, waypoints) and Location History timestamps.
  • Device & Usage Data: We use analytics tools (PostHog and Sentry) to collect device models, IP addresses, operating systems, crash logs, and interaction metrics to improve App stability.
  • Media Metadata: When you upload images, we may process metadata associated with the file.

2. Artificial Intelligence (AI) & Automated Processing

We use advanced AI to personalize your travel experience.

  • Generative AI (Google Gemini): We utilize Google’s Gemini models to generate itinerary suggestions and travel advice. Anonymized query data is sent to our AI partners to generate responses.
  • Vector Embeddings: We process your travel preferences and historical trip data to create "embeddings" (mathematical vector representations). These are stored in our database to help our AI "understand" your travel style and find semantically similar locations.

3. How We Use Your Information

  • Navigation: To calculate routes, provide lane guidance, and estimate arrival times using Mapbox and Google Places.
  • Social Connectivity: To facilitate Friend requests, Group chats, and location sharing between connected users.
  • Agency Integration: If you accept an invite from a Travel Agency, we link your account to that Agency to facilitate professional trip planning.
  • Communication: To send push notifications (via Firebase) and emails (via Resend) regarding trip updates, friend requests, or security alerts.
  • Safety & Moderation: We employ automated and manual moderation to detect hate speech, harassment, or unsafe content in compliance with our community standards.

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the specific infrastructure providers necessary to run the Service:

  • Cloud Infrastructure: AWS (Amazon Web Services) and Supabase for secure database hosting and file storage.
  • Maps & Location: Mapbox, Google Places, and OpenMeteo (weather data) to provide map interfaces and environmental context.
  • Analytics & Stability: PostHog (analytics) and Sentry (error tracking).
  • Travel Agencies: Important: If you join a trip organized by an Agency or link your account to an Agency, that Agency’s staff will have access to your name, profile, real-time location during the trip, and itinerary details.

5. Messaging and Encryption

  • Encryption: We implement encryption for your direct messages. Your messages are stored with an Initialization Vector (IV) and Auth Tag, adding a layer of security to your private conversations.
  • Retention: We implement an auto-purge policy for deleted messages. While a message is removed from the user interface immediately upon deletion, a backup may be retained for up to 90 days for safety and moderation auditing before being permanently erased.

6. Control Over Your Data

  • Ghost Mode: You can toggle "Ghost Mode" within the application to pause real-time location sharing with friends and groups.
  • Privacy Settings: You can manage notification preferences (Push/Email) and friend request settings in your User Settings.
  • Blocking: You have the right to block other users. Blocked users cannot see your location or send you messages.

7. Data Retention

We retain your personal data only as long as necessary:

  • Account Data: Retained until you request deletion.
  • Navigation History: Retained to provide your personal travel history logs. You may delete specific trips from your history.
  • Inactive Accounts: We reserve the right to delete accounts that have been inactive for an extended period.

8. Security

We use industry-standard security measures, including HTTPS encryption in transit and database encryption at rest. However, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the secrecy of your unique password and account information.

9. Children’s Privacy

The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information from our files.

10. Jurisdiction and International Transfers

Polyhistor Inc is a Delaware corporation. Your information may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Polyhistor Inc
Email: naveengali@thepolyhistor.com