Privacy Policy

1. Responsible Party

Marc Bellmann
E-Mail: mail@planyourtrip.travel
Website: https://www.planyourtrip.travel
Address: Erich-Zeigner-Allee 62a, 04429 Leipzig, Germany

2. Overview of Processing

We process personal data only to the extent necessary for providing our websites and services. The processing is based on the GDPR, particularly Art. 6 para. 1 GDPR.

3. Hosting and Infrastructure

Vercel

Our web applications (www.planyourtrip.travel, planner.planyourtrip.travel, discover.planyourtrip.travel, travelmap.planyourtrip.travel) are provided by Vercel Inc. (USA). When you visit our websites, connection data (IP address, time, browser) is transmitted to Vercel servers. The processing is based on our legitimate interest in secure and efficient provision (Art. 6 para. 1 lit. f GDPR). Vercel is certified under the EU-US Data Privacy Framework. More information: https://vercel.com/legal/privacy-policy

Hetzner

Our backend services (Trips API, Regions API, Cities API, CMS) are hosted on servers of Hetzner Online GmbH in Germany. The processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). More information: https://www.hetzner.com/de/legal/privacy-policy

Amazon Web Services (AWS)

Parts of our infrastructure, particularly the AI travel advisor, are operated through Amazon Web Services in the eu-central-1 region (Frankfurt). The processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). AWS has an EU-US Data Privacy Framework. More information: https://aws.amazon.com/de/privacy/

4. Cookies

We use technically necessary cookies for the basic functions of our websites. Additionally, we use optional cookies which are only activated with your explicit consent (Art. 6 para. 1 lit. a GDPR).

Upon your first visit to our site, a cookie banner appears. You can choose between:

  • "Agree" — All cookies and third-party services are activated
  • "Only necessary" — Only technically required cookies, no analysis or tracking services

Your decision will be stored in the cookie COOKIES_ACCEPTED (Validity: 1 year).

Technically Necessary Cookies

| Cookie | Purpose | Duration | |---------------------|-------------------------------------------------|---------------| | COOKIES_ACCEPTED | Saves your cookie decision | 1 year | | HELP_BOX_* | Saves whether help boxes are expanded/collapsed | 1 year | | Session Cookies | Authentication (when logged in) | Session |

5. Web Analytics

Vercel Analytics

Only with your consent do we use Vercel Analytics to statistically evaluate the use of our websites. Vercel Analytics is a privacy-friendly analytical service that does not set personal cookies. Aggregated usage data (page views, duration of stay, device type) is collected. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR). Provider: Vercel Inc., USA. More information: https://vercel.com/docs/analytics/privacy-policy

6. Map Service

Mapbox

To display interactive maps, we use Mapbox (Mapbox Inc., USA). The maps are only loaded after your cookie consent. Your IP address and map data are transmitted to Mapbox servers. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR). More information: https://www.mapbox.com/legal/privacy

7. AI Travel Advisor

Amazon Bedrock

Our AI travel advisor uses Amazon Bedrock (Claude, Anthropic) in the AWS eu-central-1 region. Your chat messages are transmitted to the AI service to generate personalized travel recommendations. The data is not used for training AI models. The legal basis is contract fulfillment or your legitimate interest (Art. 6 para. 1 lit. b/f GDPR).

Langfuse

To ensure the quality of the AI travel advisor, we use Langfuse (Langfuse GmbH, Germany) as a monitoring tool. This involves processing anonymized conversation data and usage metrics. The legal basis is our legitimate interest in improving our service (Art. 6 para. 1 lit. f GDPR). More information: https://langfuse.com/privacy

8. Authentication

Logto

For user sign-in, we use Logto as an OpenID Connect provider. During registration and sign-in, your login data (E-mail, password hash) is processed through Logto. The legal basis is contract fulfillment (Art. 6 para. 1 lit. b GDPR). More information: https://logto.io/privacy

9. Database

Supabase

To store chat histories and user data, we use Supabase (Supabase Inc., USA). The data is stored in a PostgreSQL database. The legal basis is contract fulfillment (Art. 6 para. 1 lit. b GDPR). Supabase is certified under the EU-US Data Privacy Framework. More information: https://supabase.com/privacy

10. External Content

Brandfetch

To display partner logos (Booking.com, Expedia, Omio, Skyscanner), we embed images via the CDN service Brandfetch. Your IP address is transmitted to Brandfetch servers. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR). More information: https://brandfetch.com/privacy

Strapi CMS

Content and images are loaded through our own content management system (Strapi), which is hosted on Hetzner servers in Germany.

11. Affiliate Links

Our platform contains affiliate links to travel partners (Booking.com, Expedia, Omio, Skyscanner). When you click on such a link, you will be redirected to the partner's website. The partner may recognize that the click came from our site. We do not use tracking pixels. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR).

12. Anonymized Data Usage

We use anonymized usage data (e.g., created itineraries, visited travel destinations, lengths of stay, travel times) to improve our services. Specifically:

  • Travel Recommendations — Popular routes and destinations are suggested to other users as inspiration
  • Statistical Evaluations — Aggregated data on travel trends, popular regions, and seasonal patterns
  • Product Improvement — Optimization of functions, content, and AI recommendations
  • Content and Collections — Creation of editorial content based on anonymized travel data

The data is anonymized before use, so that no conclusions can be drawn about individuals. No personal data (name, email, account details) is used for these purposes. The legal basis is our legitimate interest in improving our service (Art. 6 para. 1 lit. f GDPR).

13. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — What data we store about you
  • Right of rectification (Art. 16 GDPR) — Correction of inaccurate data
  • Right of deletion (Art. 17 GDPR) — Deletion of your data
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR) — Objection to processing
  • Withdrawal of consent (Art. 7 para. 3 GDPR) — Anytime with effect for the future

To exercise your rights, contact: mail@planyourtrip.travel

14. Right to Complain

You have the right to lodge a complaint with a data protection authority if you believe that the processing of your data violates the GDPR.

15. Changes

We reserve the right to adapt this privacy policy to reflect changes in legal situations or changes in our services. The current version can always be found on this page.

As of: April 2026