Privacy Policy
Last updated: July 14, 2026
The short version: we store what you need to plan trips, we don't sell your data, and Gmail access is read-only, optional, and used only to find trip-related confirmations.
What we collect
- Account info — your name and email, provided through our sign-in provider, Clerk.
- Trip content — itineraries, bookings, tasks, notes, packing lists, and chat messages you create while planning.
- Diagnostics — sanitized technical events (errors, load failures) used to keep the app working. These never include passwords, tokens, or message contents.
- Billing and usage — Stripe or Apple transaction references, subscription state, purchases, and per-account AI usage metering. We do not store full card numbers or Apple payment credentials.
Gmail access (optional)
If you choose to connect Gmail, Tabiya requests read-only access and uses it for one purpose: finding travel confirmations (flights, hotels, activity bookings) relevant to your trip and adding them to your plan. Specifically:
- We never send, delete, or modify your email.
- We store the extracted booking details (for example a flight number and time) in your trip — not your inbox or full message bodies.
- OAuth tokens are encrypted at rest, and you can disconnect Gmail at any time from settings, which revokes our access.
Tabiya's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
How your data is processed
We use a small set of service providers to operate Tabiya: Clerk (authentication), Railway (hosting and database), Stripe and Apple (payments), and Google (Gemini models that power the assistant). Your chat messages and relevant trip context are sent to the AI model to generate replies; they are not used to train models under our agreements. We don't sell personal data and we don't run third-party advertising or tracking.
Sharing
Trip data is private to you and people you explicitly invite. If you create a public share link, only a deliberately filtered, read-only view is exposed — confirmation numbers, contact details, and private notes are never included.
Retention and deletion
Your data is kept while your account is active. Diagnostic events expire after roughly 30 days. You can permanently delete your account and its data immediately from Settings; shared-trip ownership must first be transferred to an eligible collaborator. Disconnecting Gmail deletes the stored tokens immediately. You may also contact steven.junio91@gmail.com for help.
Cookies
We use only functional cookies: keeping you signed in, remembering a guest planning session, and unlocking share links you've entered a password for. No advertising cookies.
Contact
Tabiya is operated by Steven Junio in California, United States. Privacy questions or deletion requests: steven.junio91@gmail.com.