Privacy Policy

1. Scope

This Privacy Policy applies to information we collect when you:

• create or use a Polaris account;
• use the Polaris mobile app, website, or related features;
• interact with community, profile, trip, map, location, or travel tools within the Services;
• communicate with us; or
• interact with third-party services through links or integrations made available through the Services.

This Privacy Policy does not apply to third-party websites, booking providers, maps providers, analytics providers, authentication providers, or other external services that we do not control. When you leave Polaris or interact with a third-party service, that third party's own terms and privacy policy will apply.

2. Eligibility and Children

Polaris is not directed to children. Users must be at least 16 years old to create or use a Polaris account, regardless of their country of residence.

Polaris does not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a user under 16, we will delete that information and disable the associated account.

If you are a parent or guardian and believe that your child under 16 has provided personal information to Polaris, please contact us at support@polaristravel.io so we can take appropriate action.

3. Information We Collect

We collect information you provide directly, information collected automatically through your use of the Services, information from your device, and information from third parties you choose to use in connection with Polaris.

A. Information You Provide Directly

Depending on how you use Polaris, you may provide the following:

Account and profile information

• first name and last name;
• username or handle;
• email address;
• password or authentication credentials managed through our authentication providers;
• birthdate;
• nationality or nationalities;
• country of residence or nomadic status;
• gender identity, if you choose to provide it;
• profile photo or avatar;
• bio, interests, languages, and profile preferences;
• privacy and visibility settings.

Travel and trip information

• trips you create;
• destinations, itinerary items, and travel dates;
• bucket list items, saved places, visited places, and travel history;
• trip notes, preferences, attachments, receipts, tickets, or related travel documents you upload;
• reviews, ratings, or written travel content you submit.

Community content

• posts, captions, comments, likes, messages, plans, replies, reviews, and other user-generated content;
• photos, media, and other files you upload;
• reports, feedback, support requests, or other communications sent to us.

Settings and preferences

• notification preferences;
• privacy settings;
• display, language, and related account preferences.

B. Information Collected from Your Device or App Use

When you use Polaris, we may collect certain information automatically or from your device, such as:

• approximate or precise location data, depending on your device settings and permissions;
• device push notification token;
• app activity and feature usage;
• session and authentication state;
• device and app identifiers necessary to operate the Services;
• technical information such as device type, operating system, app version, and time zone;
• log, diagnostic, and error information generated through normal operation of the Services.

C. Location Information

Because Polaris includes map, nearby discovery, weather, trail, travel tracking, and community features, location information may play an important role in how the Services work.

Depending on your settings, permissions, and how you use the Services, we may collect:

• foreground location, such as when you use maps, search nearby places, explore local content, use travel widgets, or choose to share your location;
• background location, such as when trip tracking is enabled for an active trip and your device permissions allow background access; and
• location information you enter manually, such as your residence, destinations, or travel plans.

Location-related features may be optional in some cases. You can limit or disable certain location permissions in your device settings, though some features may not function properly without them.

D. Photos, Media, and Metadata

If you grant photo library or media permissions, Polaris may access photos or uploaded media you choose to use with the Services.

Depending on the feature used, Polaris may process:

• images and documents you upload;
• geotag or metadata associated with selected photos, such as GPS coordinates embedded in EXIF metadata;
• text extracted from uploaded documents or images, where applicable to the feature;
• media used in profile, community, trip, or visited-place features.

For example, if you use a feature that helps identify visited places from your photos, we may analyze geotagged metadata associated with those photos.

E. Information from Authentication Providers and Third Parties

If you sign in using Google or Apple, or use another supported provider, we may receive information from that provider such as:

• your email address;
• your name;
• a provider-specific user identifier; and
• any other information you authorize that provider to share with us.

If you interact with travel, map, translation, or booking-related features, relevant request information may be shared with the third-party service powering that feature.

F. Special-Category (Sensitive) Personal Information

Some information you may choose to provide is treated as special-category (sensitive) personal data under the EU/UK General Data Protection Regulation (GDPR Article 9) and similar laws, specifically:

• sexual orientation; and
• gender identity.

Providing this information is entirely optional. We collect it only with your explicit consent, which you give at the point of collection (for example, when you add this information to your profile). We use it solely to:

• enable community features and spaces intended for specific communities (such as women-only or LGBTQ+ safety features and message boards); and
• personalize aspects of your experience as described in this Policy.

You may withdraw your consent at any time by removing this information from your profile or by contacting us at support@polaristravel.io. Withdrawing consent does not affect the lawfulness of processing before withdrawal. Removing the information stops further processing of it; deletion of associated records is handled as described in "Account Deletion" and "Your Choices and Rights."

Pronouns are collected to personalize the app and are not treated as special-category data.

4. How We Use Information

We use personal information and other data for the following purposes:

• to create and manage your account;
• to authenticate users and maintain sessions;
• to provide profile, community, travel, and discovery features;
• to let you create, manage, and display trips, itineraries, bucket lists, visited places, and related travel content;
• to enable map, nearby, route, and location-aware features;
• to support trip tracking and travel path visualization when enabled;
• to process uploaded images, documents, and related metadata for user-requested features;
• to display user-generated content and community interactions;
• to deliver push notifications and service-related communications;
• to personalize aspects of the Services based on your preferences, profile, travel data, and settings;
• to provide travel tools such as weather, time, currency, safety, translation, and location-based discovery;
• to maintain safety, integrity, moderation, fraud prevention, and abuse detection;
• to investigate reports, enforce our policies, and protect users and the Services;
• to troubleshoot, debug, secure, and improve the Services;
• to comply with legal obligations; and
• to establish, exercise, or defend legal claims.

5. How We Share Information

We do not sell your personal information in exchange for money. We may share information in the following circumstances:

CCPA disclosure. We do not sell personal information in exchange for monetary consideration. Under California’s broad definition, we may “share” personal information with analytics, error-monitoring, and (in the future) advertising partners for cross-context behavioral purposes. California residents (and users in other states with similar laws) can opt out of this sharing via the cookie consent banner on polaristravel.io. Users can also signal opt-out via the Global Privacy Control (GPC) browser signal, which we honor automatically.

A. Service Providers and Infrastructure Partners

We may share information with vendors and service providers that help us operate the Services, such as providers for:

• authentication;
• cloud database and storage;
• push notifications;
• maps, geocoding, and location services;
• weather, translation, and travel-data features;
• security, hosting, and application infrastructure.

B. Third-Party Integrations You Use

If you use a feature powered by a third party, information necessary to fulfill your request may be shared with that provider. Depending on the feature, this may include search terms, destination details, dates, location data, or content you choose to submit.

Examples of third-party categories that may receive data in connection with your use of Polaris include:

• authentication providers such as Google or Apple;
• mapping and location providers;
• travel activity or accommodation partners;
• translation or weather providers.

C. Public or Shared Content

If you choose to make content public or visible to other users, other users may be able to see information such as:

• your profile details;
• your posts, comments, reviews, plans, or likes;
• selected trip, visited-place, or location-sharing information;
• content visible based on your privacy settings.

Your privacy settings may affect whether you are discoverable nearby, visible to other users, or sharing certain travel-related information.

D. Legal, Safety, and Business Transfers

We may disclose information:

• if required by law, subpoena, court order, or legal process;
• to enforce our Terms or other policies;
• to detect, investigate, prevent, or address fraud, security, or technical issues;
• to protect the rights, property, and safety of Polaris, our users, or others; or
• in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.

E. Third-Party Providers We Use

We use the following categories of third-party services to operate Polaris. Each provider processes information according to its own privacy policy. We encourage you to review their policies.

• Supabase — Authentication, database, storage, and realtime. Processes account data, profile information, trips, content, and all data you store in Polaris.
• Google — Sign-in (OAuth) and Google Translate. OAuth may receive email and profile; Translate receives text you choose to translate.
• Apple — Sign in with Apple. May receive email and name (if you choose to share).
• Mapbox / MapLibre — Maps, geocoding, and location display. Receives location data and map interactions when you use map features.
• Geoapify — Places search, nearby points of interest, geocoding. Receives location and search queries when you use these features.
• Google Places — Restaurant and place search. Receives search terms and location when you use this feature.
• Expo — Push notifications (Expo Push Service) and over-the-air updates. Receives device push token and app/device identifiers.
• Resend — Transactional email for account deletion notifications. Used server-side; receives email addresses when deletion requests are processed.
• Currency exchange service — Exchange rates for the currency widget. Fetched via our backend; your home currency preference may be used to request rates.
• Weather provider — Weather data for travel widgets. Receives location when you use weather features.
• OpenStreetMap / Overpass — Trails, embassies, and geographic data. Receives bounding box and query parameters when you use these features.

When you tap links to book travel (e.g., Viator, Get Your Guide, Tiqets, Airalo), you leave Polaris and those providers collect information according to their own policies. We may earn a commission from some of these links; see our Affiliate Disclosure.

6. Third-Party Services and Links

Polaris may include links to or integrations with third-party services, including travel booking providers, activity providers, maps providers, translation tools, weather providers, and authentication services.

When you interact with a third-party service, that third party may collect information according to its own privacy practices. Polaris is not responsible for the privacy practices of third parties we do not control.

We encourage you to review the privacy policies of any third-party service you use through or in connection with Polaris.

Cookies and similar technologies. Our website (polaristravel.io) uses cookies and similar technologies to operate the site, remember your preferences, and (with your consent) measure performance. EU, UK, and California users see a consent banner the first time they visit. You can manage your preferences at any time via the “Cookie Preferences” link in the site footer or by reviewing our Cookie Policy (summarized in the next section). The Polaris mobile application does not use cookies, but may use device identifiers and SDK consent prompts as described in this Policy and in the App Store / Play Store privacy labels.

6a. Cookies and Tracking Technologies

Our website (polaristravel.io) uses cookies and similar technologies. Strictly necessary cookies keep the site working; analytics and other non-essential cookies are used only with your consent.

Visitors from the EU, UK, California, and other regions with applicable privacy laws are shown a consent banner that lets you accept, reject, or customize non-essential cookies before any are set. You can change your choices at any time using the Cookie Policy and the “Cookie Preferences” link in our website footer, and we honor Global Privacy Control (GPC) signals automatically.

For the full list of cookies and technologies we use, their purposes, and how to manage them, see our Cookie Policy.

7. Travel, Health, Visa, and Location-Related Information

Polaris may display travel-related information, including border, safety, route, location, weather, and vaccination-related content.

Such information may come from third-party or reference sources and may change over time. Polaris does not guarantee that travel, health, visa, vaccination, border, or safety information is complete, accurate, or current at all times.

You should verify critical travel information with official government, border-control, airline, embassy, medical, or other authoritative sources before acting on it.

This Privacy Policy addresses how data is handled. Separate disclaimers or terms may further explain limitations on travel-related information presented in the Services.

8. Push Notifications and Communications

If you enable notifications, we may send you push notifications related to your account, trips, app activity, community activity, or other service-related events.

You can control push notifications through your device settings and, where available, within Polaris settings.

We may also send you service-related emails or authentication-related messages, including account verification, security, or account-management communications.

9. How We Store and Protect Information

We use administrative, technical, and organizational measures designed to protect personal information. However, no method of transmission over the internet or method of electronic storage is completely secure.

Because of that, we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your account credentials and for using the Services in a reasonably secure manner.

10. Data Retention

We retain information for as long as reasonably necessary to:

• provide and operate the Services;
• maintain your account;
• support travel, profile, and community features you use;
• comply with legal obligations;
• resolve disputes;
• enforce agreements; and
• protect against fraud, abuse, and security risks.

Retention periods may vary depending on the type of information, the feature involved, legal requirements, and operational needs. As a general guide, we apply the following retention periods by data category:

Where legal obligations or active disputes require longer retention, we will retain only the data necessary for that purpose.

If you request deletion of your account or information, we may retain certain information for a limited period where necessary for security, legal compliance, dispute resolution, fraud prevention, backup integrity, or other legitimate business purposes.

11. Your Choices and Rights

Depending on your location and applicable law, you may have the right to:

• access personal information we hold about you;
• update or correct certain information;
• request deletion of your account or certain personal information;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent;
• request a copy of certain information you provided to us; and
• manage privacy settings, discoverability, and location-sharing options in the Services.

You may also be able to:

• update profile details in-app;
• manage notification settings in-app or via device settings;
• disable location permissions through your device;
• limit photo or media access through your device settings.

Some rights are subject to legal exceptions and verification requirements.

Requests may be submitted to us using the contact information listed below.

12. Account Deletion

You may request deletion of your Polaris account and associated personal information, subject to legal and operational limitations.

When you request account deletion through the app, your account will be scheduled for deletion within 30 days. You will be signed out immediately; contact support to cancel a pending deletion.

Deletion requests may not immediately remove all information from backups, logs, or systems required for security, fraud prevention, legal compliance, dispute resolution, or technical integrity. Some information may be retained as permitted or required by law.

If specific in-app deletion tools are available, they may be subject to verification, processing time, and system limitations.

13. International Data Transfers

Polaris and its service providers may process or store information in countries other than your own. As a result, your information may be transferred to, processed in, or stored in jurisdictions with different data protection laws than those in your place of residence.

Where required by applicable law, we take steps designed to provide appropriate safeguards for such transfers.

14. Region-Specific Disclosures

Depending on where you live, you may have additional rights under applicable privacy laws, including laws in the European Economic Area, United Kingdom, Switzerland, California, and other jurisdictions.

Nothing in this Privacy Policy is intended to limit any rights you may have under applicable law.

California

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), gives you the following rights, subject to legal exceptions and verification:

• Right to know what personal information we have collected, the sources of that information, the purposes for collecting it, and the categories of third parties to whom it has been disclosed (the categories of personal information we collect are described in Section 3 of this Policy);
• Right to delete personal information we have collected from you, subject to legal exceptions;
• Right to correct inaccurate personal information we maintain about you;
• Right to opt out of the sale or sharing of personal information. We do not sell personal information for monetary consideration, but under California’s broad definition we may “share” data with advertising and analytics partners for cross-context behavioral purposes. You can opt out via the cookie consent banner on polaristravel.io and the “Do Not Sell or Share My Personal Information” link in our website footer, and we honor the Global Privacy Control (GPC) signal automatically;
• Right to limit the use and disclosure of sensitive personal information to the purposes permitted under the CCPA;
• Right to non-discrimination for exercising any of these rights.

How to exercise these rights. You can request deletion of your account and associated personal information through the in-app account-deletion flow. For all other requests — including requests to know, correct, or limit use of sensitive personal information — email us at support@polaristravel.io. We will respond within 45 days as required by the CCPA; if we need more time, we may extend our response period by an additional 45 days and will notify you of the extension.

Authorized agents. You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent’s authority and may ask you to verify your own identity directly.

Right to appeal. If we decline to act on your request, you may appeal that decision by contacting us at support@polaristravel.io. We will respond to an appeal within 45 days. Residents of states such as Colorado, Connecticut, and Virginia have a statutory right to appeal; if you are unsatisfied with the outcome of your appeal, you may contact your state Attorney General.

EEA / UK / Switzerland

If these laws apply to you, we may process personal information based on one or more legal bases, such as:

• performance of a contract;
• legitimate interests;
• compliance with legal obligations; or
• your consent, where required.

Where we process special-category data (sexual orientation, gender identity), our legal basis is your explicit consent (GDPR Article 9(2)(a)), which you may withdraw at any time.

Subject to applicable law, you have the following rights with respect to your personal data:

• Right of access (Article 15) — to obtain confirmation of whether we process your data and a copy of it;
• Right to rectification (Article 16) — to have inaccurate or incomplete data corrected;
• Right to erasure or the “right to be forgotten” (Article 17);
• Right to restriction of processing (Article 18);
• Right to data portability (Article 20) — to receive your data in a structured, commonly used, machine-readable format;
• Right to object to processing (Article 21), including processing based on legitimate interests;
• Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects (Article 22). Polaris does not make solely-automated decisions producing legal or similarly significant effects;
• Right to lodge a complaint with your supervisory authority. For Ireland-based users this is the Irish Data Protection Commission; a list of EU data protection authorities is available at edpb.europa.eu.

To exercise any of these rights, contact us at support@polaristravel.io. You may also withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

Polaris does not currently have an appointed EU representative under GDPR Article 27. If our processing of EEA residents’ data becomes regular and not occasional, we will appoint one and update this Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Services or by other appropriate means.

The "Last Updated" date at the top of this Privacy Policy indicates when it was most recently revised. Your continued use of the Services after changes become effective means the updated Privacy Policy will apply, subject to applicable law.

16. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, contact us at:

Polaris Travel LLC
Email: support@polaristravel.io
Website: https://polaristravel.io
Mailing Address:
609-A Piner Road #1124
Wilmington, NC 28409

For privacy requests, data subject access requests (DSARs), or GDPR rights requests:
Email: support@polaristravel.io (subject line: “Privacy Request”)
We will respond within 45 days as required by applicable law.