← geknee

Privacy Policy

Last updated: May 7, 2026

This Privacy Policy explains what information geknee("geknee", "we", "us") collects when you use our website, mobile apps, and services (collectively, the "Service"), how we use it, and the choices you have. It is intended to be read alongside our Terms of Service.

1. Information we collect

Information you give us

  • Account data: your email address, display name, profile photo if you choose to add one, and a hashed password (or your OAuth identifier if you sign in with Google or Apple).
  • Trip and travel data: destinations you plan, dates, travel style preferences, and any notes you save.
  • Payment data: handled by our payment processor (Stripe); we do not store full card numbers on our servers. We retain a token, the last four digits of your card, the country, and transaction history.
  • Communications: support emails or messages you send us.

Information collected automatically

  • Location data: when you check in to a monument, we capture your device's GPS coordinates and the timestamp to verify proof of presence. You can decline this permission, but check-ins won't work without it.
  • Photos: when you take a photo for a monument check-in, the image and its EXIF metadata (timestamp, GPS) are uploaded to our blob storage. Photos are tied to your account and visible only to you unless you explicitly share them.
  • Device + usage data: IP address, browser/OS version, screen size, language, pages visited, and approximate session duration. Used for analytics and abuse prevention.
  • Session recordings: we use PostHog to record anonymized session replays of how the app is used (clicks, scrolls, navigation). All form inputs are masked by default. We use this only to debug UX issues and improve the product.
  • Error reports: when the app crashes, we send the error details (stack trace, browser info, current URL) to Sentry. No personal data is included unless it appears in a URL or error message.
  • Cookies: we use a small number of cookies for authentication, language preference, and analytics. See Section 8.

2. How we use your information

  • To run the Service: authenticate you, save your trips, verify monument check-ins, process payments.
  • To send transactional emails: receipts, password resets, security alerts. We don't send marketing emails without your opt-in.
  • To send push notifications you opted into: trip reminders, deal alerts, monument unlock confirmations. You can disable these anytime in your device settings.
  • To improve the product: aggregate analytics, debug crashes, A/B test new features.
  • To prevent fraud and abuse: rate-limit suspicious traffic, detect fake check-ins, block accounts that violate our Terms.
  • To comply with legal obligations: respond to lawful subpoenas, tax reporting on commission revenue, etc.

3. Who we share your information with

We don't sell your personal information. We share data only with vendors who help us run the Service, and only to the extent needed:

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • Anthropic (Claude) — powers the AI trip-planning chat. Trip prompts are sent to Anthropic's API per their data-use terms; we configure zero-retention where available.
  • Google Maps Platform — map tiles, places autocomplete, geocoding, and directions across the planner UI.
  • Vercel — hosting, analytics (Speed Insights, Web Analytics), and edge infrastructure.
  • PostHog — product analytics and session replay (with input masking).
  • Sentry — error and performance monitoring.
  • Travel partners (Booking.com, Expedia, airline booking aggregators, Travelpayouts) — when you click through to book a hotel, flight, or activity, you're leaving geknee. Their privacy practices apply to your booking. We may receive a commission record (anonymized booking ID, amount) for accounting.
  • Authentication providers (Google, Apple, etc.) — only if you sign in with them.
  • Push notification services — Apple Push Notification service (APNs) on iOS, Firebase Cloud Messaging (FCM) on Android.
  • Law enforcement — if compelled by valid legal process or to protect rights, safety, or property.

4. Where your data lives

geknee is hosted on Vercel infrastructure, primarily in U.S. data centers. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses for transfers from the EEA, UK, and Switzerland.

5. How long we keep your data

  • Account data: as long as your account is active, plus up to 30 days after deletion to satisfy backup rotation and audit logs.
  • Trip and check-in data: same lifecycle as your account, unless you delete individual trips.
  • Payment records: retained 7 years for tax compliance.
  • Anonymized analytics: indefinitely, in aggregate form only.
  • Error logs: 90 days in Sentry, then purged.
  • Session recordings: 30 days in PostHog, then purged.

6. Your rights

Depending on where you live (notably under GDPR, UK GDPR, CCPA, and similar laws), you have the right to:

  • Access the data we have about you.
  • Correct inaccurate data.
  • Delete your data (we'll delete unless we're legally required to retain it).
  • Export a copy of your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent for optional processing (analytics, marketing).
  • Lodge a complaint with your local data-protection authority.

To exercise any right, email privacy@geknee.com. We respond within 30 days.

7. Children

geknee is not directed to children under 13 (or under 16 in the EEA/UK). We don't knowingly collect data from children. If you believe a child has given us their data, contact us and we'll delete it.

8. Cookies and tracking

  • Essential cookies: session token, CSRF protection, language preference. These are required for the Service to work.
  • Analytics cookies: PostHog and Vercel Analytics. These can be disabled by enabling Do Not Track or via our cookie banner where required.
  • We do not run third-party advertising trackers.

9. Security

We use HTTPS for all traffic, hash passwords with bcrypt, store payment info via Stripe's PCI-DSS environment, restrict employee access on a need-to-know basis, and follow standard cloud security practices. No system is perfectly secure; if we discover a breach affecting your data we'll notify you and the relevant authorities promptly.

10. Changes to this Policy

If we make material changes we'll notify you by email and post a notice in the app at least 14 days before the change takes effect. The "Last updated" date at the top reflects the current version.

11. Contact

Questions about privacy? Email privacy@geknee.com.