Privacy Policy for GoPackly

1. Introduction

Welcome to GoPackly! This Privacy Policy describes how GoPackly ("we," "us," or "our") collects, uses, and protects your personal information when you use our website and services (collectively, the "Service"). We are committed to protecting your privacy and handling your data with transparency and care.

Data Controller: Mattias Johansson, Stockholm, Sweden
Contact: info@gopackly.com
Data Protection Contact: info@gopackly.com

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and Swedish data protection laws. If you are located in the European Union, you have additional rights under GDPR as described in this policy.

2. Data We Collect and Legal Basis

We collect information to provide and improve our Service to you. Under GDPR, we process your personal data based on the following legal grounds:

• Account Information: Email address and name you provide. Legal basis: Contract - necessary to provide our services and authenticate your account.
• Trip and Packing Data: Information related to your trips, destinations, activities, and packing lists. Legal basis: Contract - essential for providing GoPackly's core functionality including personalized recommendations and collaborative planning.
• Usage Data: Information about how you access and use the Service, including IP address, browser type, operating system, and pages visited. Legal basis: Legitimate Interest - to understand user behavior, improve the Service, and ensure security.
• Cookies: Essential authentication cookies only.Legal basis: Legitimate Interest - necessary for providing secure access to your account.

3. How We Use Your Data

Your data is used exclusively by GoPackly for the following purposes:

• To Provide and Maintain the Service: This includes creating and managing your packing lists, generating AI-powered suggestions, and enabling collaboration with other users.
• To Improve and Personalize the Service: We analyze your packing habits and preferences to enhance our AI recommendations and tailor the Service to your needs. This learning is solely for the purpose of improving your experience within GoPackly.
• For Security and Fraud Prevention: To protect the integrity and security of our Service and users.
• For Communication: To send you important updates, notifications, and information related to your account or the Service. You can manage your communication preferences in your account settings.

4. Data Security

We are committed to ensuring the security of your data. We implement industry-standard technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. This includes, but is not limited to, encryption, access controls, and regular security audits.

5. Third-Party Services and Data Sharing

We do not sell, rent, or otherwise monetize your personal data to third parties. However, we do share certain data with trusted third-party service providers to operate our Service:

• Supabase (Database & Authentication): Processes account information, trip data, and authentication tokens. Data may be processed in the United States under Standard Contractual Clauses (SCCs) for EU-US data transfers.
• OpenAI (AI Processing): Trip data is sent to OpenAI to generate packing recommendations. OpenAI processes data in the United States under their privacy policy and data processing agreement.
• Vercel (Hosting): Website hosting and performance data. May process usage data and IP addresses in various regions including the United States.

International Data Transfers: When we transfer your personal data outside the EU/EEA to countries without adequate data protection laws, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives equivalent protection.

We do not share your personal information with third parties for their marketing or advertising purposes.

6. Data Retention

We retain your personal information only for as long as necessary to provide the Service and for legitimate and essential business purposes, such as maintaining the performance of the Service, making data-driven business decisions about new features, complying with our legal obligations, and resolving disputes. When we no longer need your personal information, we securely delete or anonymize it.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access (Article 15): You can request access to the personal data we hold about you and receive a copy of it.
• Right to Rectification (Article 16): You can request that we correct any inaccurate or incomplete personal data.
• Right to Erasure (Article 17): You can request the deletion of your personal data in certain circumstances.
• Right to Restrict Processing (Article 18): You can request that we limit the processing of your personal data in certain situations.
• Right to Data Portability (Article 20): You can request to receive your personal data in a structured, machine-readable format, or have it transmitted to another controller.
• Right to Object (Article 21): You can object to the processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.

How to Exercise Your Rights: To exercise any of these rights, please contact us at info@gopackly.com. We will respond to your request within one month of receipt. You may also contact our data protection contact at info@gopackly.com.

Right to Complain: If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY) at imy.se or contact them at imy@imy.se.

8. Cookie Policy

GoPackly uses cookies and similar technologies to provide and improve our Service. We only use essential cookies necessary for the functioning of our website:

• Authentication Cookies: These cookies are essential for logging you into your account and maintaining your session. They are necessary for the Service to function and cannot be disabled.
• Security Cookies: Used to protect against fraudulent activity and ensure the security of your account.

We do not use tracking cookies, analytics cookies, or advertising cookies. You can manage cookie preferences in your browser settings, though disabling essential cookies may prevent you from using certain features of our Service.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and in any case within 72 hours of becoming aware of the breach, as required by GDPR Article 34.

The notification will include:

• A description of the nature of the personal data breach
• The categories and approximate number of data subjects and personal data records concerned
• The likely consequences of the personal data breach and measures taken or proposed to address the breach
• Contact information for our data protection contact where more information can be obtained

We will also notify the Swedish Authority for Privacy Protection (IMY) of any personal data breaches within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms.

10. Children's Privacy

GoPackly is not intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 without appropriate parental or guardian consent as required by GDPR Article 8.

If we become aware that we have collected personal information from a child under 16 without proper consent, we will take steps to delete such information promptly. If you believe that we have collected information from a child under 16, please contact us immediately at info@gopackly.com.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. You are advised to review this Privacy Policy periodically for any changes.