Privacy Policy

Last updated: May 11, 2026

Your privacy matters. This policy explains exactly what data LikeLocalsDo collects, how it's used, and your rights. Short version: we collect only what's necessary to run the service and never sell your data.

1. Who We Are

LikeLocalsDo ("we," "us," or "our") is a city guide platform that generates AI-powered local travel recommendations. For privacy inquiries, contact us at likelocalsdo@polsia.app.

2. Data We Collect

Account data (when you sign in):

Email address — used for authentication via magic link
First name, last name, phone number — optional profile fields you may provide

Behavioral analytics:

Cities you search for and guides you view
Listings you click, save, or add to trip planners
Itineraries you generate and interact with
Referrer URLs and general navigation patterns

Lead captures (optional): If you submit your email at a prompt (e.g., "Get personalized picks"), we store your email, name, city, and vibe selection.

localStorage data (browser-side): For guest users (not signed in), saved listings and pending itineraries are stored in your browser's localStorage. This data never leaves your device unless you create an account.

3. Cookies & Local Storage

We use a session cookie after you sign in to keep you authenticated across page loads. We do not use third-party advertising cookies. localStorage is used to persist guest trip data and itinerary drafts between sessions.

4. How We Use Your Data

Send magic link authentication emails
Personalize guide recommendations based on your saves and history
Sync your account to our email list (Mailchimp) to send product updates — you can unsubscribe at any time
Improve our AI-generated content through aggregate usage patterns
Generate site analytics to understand which cities and features are most valuable

We do not use your data to make automated decisions that significantly affect you.

5. Third-Party Services

Running LikeLocalsDo requires the following third-party services that may process your data:

Neon (PostgreSQL database) — stores your account, saves, and trip data on secure cloud infrastructure
Mailchimp — email list management; synced when you create an account. Governed by Mailchimp's Privacy Policy
Google Places API — used to fetch images for venue listings; no personal data is shared with Google through this integration
Meta (Facebook/Instagram) Graph API — used internally for our social media publishing tools (admin only); end-user data is not sent to Meta
Render — our hosting provider; application logs may contain request metadata
Polsia — our AI infrastructure provider that powers content generation

6. Email Communications

By creating an account, you'll receive:

Transactional emails — sign-in links, account confirmations (cannot be opted out)
Product updates — occasional emails about new cities, features, and recommendations. You can unsubscribe at any time via the link in any email or by contacting us directly.

7. Data Retention

We retain your account data as long as your account is active. Analytics events are retained for 24 months. Magic links expire after 15 minutes. Session tokens expire after 30 days.

To request deletion of your account and associated data, email likelocalsdo@polsia.app with "Delete my account" in the subject line. We'll process requests within 30 days.

8. Your Rights

Depending on your location, you may have rights to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data
Object to or restrict processing of your data
Data portability (receive your data in a structured format)

To exercise any of these rights, contact us at likelocalsdo@polsia.app. We do not discriminate against users who exercise their privacy rights.

9. GDPR (EU/UK Users)

If you are located in the EU or UK, our lawful basis for processing your personal data is:

Contract — processing your email for authentication is necessary to provide the service you requested
Legitimate interests — aggregate analytics to improve the service
Consent — marketing emails (withdraw consent anytime by unsubscribing)

10. Children's Privacy

LikeLocalsDo is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we'll delete it promptly.

11. Security

All data is transmitted over HTTPS. Sensitive tokens (such as OAuth credentials for our admin tools) are encrypted at rest using AES-256-GCM. We follow standard security practices but no system is 100% secure — please notify us immediately if you discover a vulnerability.

12. Changes to This Policy

We may update this policy as the service evolves. Material changes will be communicated to registered users via email. Continued use after changes constitutes acceptance. The "last updated" date at the top reflects the most recent revision.

13. Contact

Privacy questions? Email likelocalsdo@polsia.app. We aim to respond within 5 business days.