Privacybeleid

We process only the categories required to run the service. This includes account-level identifiers used for authentication and support, planning preferences such as selected country and year, and technical telemetry needed for operational reliability. We avoid collecting unnecessary personal profile fields and focus on data categories with a clear product function.

Planning data can include saved scenarios, leave-day choices, and route usage context. This allows us to deliver continuity across sessions and improve usability. Where analytics data is used, it is scoped to product performance and quality improvements, not unrelated behavioral profiling.

Processing purposes are limited to service operation, account security, abuse prevention, and practical product improvement. We do not process user data for purposes that conflict with the core planning use case. Every key processing activity should map to a clear user benefit or a necessary platform safeguard.

Examples include protecting sign-in flows, keeping saved planning states consistent, resolving support requests, and monitoring reliability. If data is not needed for these functions, it should not be part of long-term storage.

We retain data only for the period necessary to provide requested functionality, maintain security records, and meet legal obligations when applicable. Retention windows vary by data type. Operational logs may follow shorter cycles, while account-linked planning data persists until deleted by user request or account closure conditions.

Users can request access, correction, or deletion by contacting support. We may require verification to prevent unauthorized actions. Where complete deletion is not immediately possible because of technical or legal constraints, we apply anonymization or restricted retention controls where feasible.

We apply reasonable technical and organizational safeguards to reduce unauthorized access risk. Security is an ongoing process, not a one-time claim, and includes monitoring, controlled access, and incident-response discipline.

Some service providers may process limited data on our behalf for hosting, analytics, or infrastructure operations. These providers are selected for operational necessity and are expected to follow appropriate data-protection standards aligned with their role.