Roamadi

Privacy Policy

Last updated: 2026-06-03

This Privacy Policy explains how Roamadi ("we", "us", "our") collects, uses, shares, and protects information when you use the Roamadi mobile application and related services (collectively, the "Service"). By using the Service, you agree to this Policy.

Summary in plain language: Roamadi collects only the information needed to give you AI-generated travel itineraries and remember your trips. We share it with a small number of trusted third-party services (listed below). We don't sell your data. You can delete your account and all associated data at any time from inside the app.

1. Information We Collect

Information you provide directly

Account information — when you sign in with Apple or Google, we receive your name, email address, and a unique identifier from your authentication provider (handled by Clerk on our behalf).
Trip preferences — the cities, dates, vibe (solo / couple / family / friends), interests (food, activities, photo, nightlife, etc.), and any free-text prompts you enter when generating an itinerary.
Saved content — itineraries you generate, favorites you mark, trips you create or join collaboratively, and votes you cast within trip groups.

Information we don't collect

Your precise location- we only know which city you've selected in the app, not where you physically are.
Payment data — we don't currently process payments. If we add subscriptions, we'll use a third party (Apple App Store, Stripe, etc.) and update this Policy.
Health, biometric, or financial data.
Your contacts, photos, or messages.

2. How We Use Your Information

Provide and operate the Service — generate itineraries, sync your trips across devices, surface relevant content.
Detect and resolve bugs through automated crash reports and server-side error logs (see Section 3 — Sentry).
Communicate with you about your account (e.g., account deletion confirmations, security alerts). We don't send marketing emails as of the date of this Policy.
Comply with legal obligations, enforce our Terms of Use, and protect against fraud or abuse.

3. Third Parties We Share Information With

Roamadi uses the following service providers to operate the Service. We share only the data each needs to perform its function, and each is contractually required to protect that data.

Provider	Purpose	Data shared
Clerk (Clerk Inc., USA)	Authentication, account management	Email, name, OAuth provider IDs from Apple / Google
Amazon Web Services (AWS, EU Frankfurt region)	Application hosting, database storage	All account and usage data listed above
Anthropic (Anthropic PBC, USA)	AI itinerary generation (Claude model)	City name, travel dates, vibe, interests, free-text prompt — sent at the moment of generation. Anthropic does not retain this data and does not use it to train their foundational models, per their API terms.
Google (Google LLC, USA)	Google Places API for place data; Gemini API for video classification; YouTube Data API for travel videos	City + category queries for Places. No personal data sent to Gemini or YouTube APIs.
Sentry (Functional Software Inc., USA)	Error tracking and crash reporting	Crash logs, stack traces, app version, device model, anonymized URL paths. We actively scrub authentication tokens, request bodies, email addresses, and IP addresses before events leave the device or server.
UptimeRobot (UptimeRobot Service Provider Ltd., UK)	Backend uptime monitoring	No personal data — only HTTP health-check pings.

We do not sell your personal data, share it with advertising networks, or use it for advertising profiling.

4. Data Retention

Active account data — retained as long as your account exists. When you tap Profile → Delete account, your live record (profile, trips you created, votes you cast, trip memberships) is permanently removed from our active database immediately. Itineraries you generated have your user ID stripped at the same time and remain only in fully anonymized form.
Backup snapshots of the database — retained for 14 days for disaster recovery, then automatically purged. After this window, no backup contains traces of your deleted account.
Error logs in Sentry — retained for 30 days per Sentry's default. References to your account in error logs (if any) are purged on the same schedule.
Server access logs (CloudWatch) — retained for 30 days.

In other words: your live data is gone the moment you tap delete; any remaining traces in backups and logs are automatically purged within 30 days at the outside.

5. Your Rights

You have the following rights regarding your personal data:

Access — view the data we hold about you via the Profile screen in the app, or request a complete export by emailing us.
Deletion — delete your account at any time from Profile → "Delete account". This permanently erases your personal profile, account records, and private data. Trip plans or itineraries you generated are entirely stripped of all user ownership metadata and fully anonymized so they can no longer be linked to you or any individual identity.
Correction — update your name or email via your Apple ID / Google account; changes propagate to Roamadi on next sign-in.
Portability — request a machine-readable export of your data by emailing us.
Withdrawal of consent — sign out and delete your account to withdraw consent for processing.

If you reside in the European Economic Area, the United Kingdom, or California, you may have additional rights under GDPR, UK-GDPR, or the CCPA respectively, including the right to lodge a complaint with a supervisory authority. Contact us using the details below to exercise any of these rights.

6. Age Restriction

Roamadi is intended for users aged 18 and older. The Service is not directed to minors, and we do not knowingly collect personal information from anyone under 18.

How age is enforced

Account creation in Roamadi is gated by Sign in with Apple and Sign in with Google. Both providers require account holders to meet a minimum age (or to be supervised under a verified Family / Parental account). When a minor's unmanaged account attempts to authenticate, Apple's or Google's own login screen blocks the handshake before any data is passed to Roamadi — we never see the attempt.

Anonymous browsing of cities and places does not require an account and captures no information that could identify the visitor: no name, no email. A minor who browses anonymously is therefore not providing personal data to us.

By signing in and using the Service, you also confirm that you are 18 or older — we rely on this self-attestation in addition to the OAuth provider signals above. We do not collect government-issued ID for age verification. If we become aware that a user is under 18, we will suspend the account and delete the associated personal information promptly. If you believe a minor has provided us with personal information, please contact us using the details below.

7. International Data Transfers

Roamadi's primary infrastructure is hosted on Amazon Web Services in the EU (Frankfurt region). Some of our third-party providers (Clerk, Anthropic, Sentry, Google) are based in the United States, so your data may be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses approved by the European Commission for such transfers.

8. Security

We take reasonable technical and organizational measures to protect your information, including:

TLS / HTTPS encryption for all traffic between your device and our servers, and between our servers and our third-party providers.
Database connections encrypted via SSL.
Secrets (API keys, database passwords) stored in AWS Secrets Manager / Parameter Store with IAM-gated access.
Aggressive scrubbing of personal data before it reaches our error tracking provider.
Database backups encrypted at rest and stored in a separate region from primary data.

No method of transmission or storage is 100% secure. If we become aware of a breach affecting your personal data, we will notify you in accordance with applicable law.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or by updating the "Last updated" date at the top of this page. Continued use of the Service after a change indicates your acceptance of the updated Policy.

10. Contact Us

If you have questions about this Privacy Policy or our practices, or to exercise any of the rights described above, contact us at:

Email: privacy@roamadi.com
Postal address: Hertogstraat 7 Almere 1312AJ Netherlands

For users in the European Economic Area, the data controller is Doaa Othman (Independent Developer).