← Back

Privacy Policy

Last updated: March 7, 2025

1. Who We Are

GetawayGather is operated by Nankervis Digital LLC ("we", "us", "our"). We are the data controller for the personal information we collect through the Service. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use GetawayGather.

2. Information We Collect

Account and profile information. When you sign up via Google OAuth or email, we collect your email address, name, and profile picture (from your OAuth provider). We store when you accepted our Terms of Service and Privacy Policy. For first-time users, we ask you to confirm your age (you must be 16+); we record when you verified your age but do not store your exact age or date of birth.

Content you create. We store the lists you create, getaway data you add or that we extract on your behalf, notes (on lists and individual getaways), votes you cast on getaways and lists, and images you upload. Notes and votes are associated with your account and may be visible to other users who collaborate on the same list.

Technical and usage data. We automatically collect information necessary to operate the Service, including IP address, browser type, device information, and general usage data (e.g., pages visited, actions taken). We use this to maintain security, debug issues, and improve the Service.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Authenticate you and manage your account
  • Display your name and profile picture to collaborators on shared lists
  • Display your votes and notes to collaborators on the same list (so the group can see preferences and feedback)
  • Enforce access policies and protect the Service
  • Respond to your requests and support inquiries
  • Comply with legal obligations and protect our rights

We do not sell your personal information. We do not use your data for advertising or marketing purposes beyond what is necessary to operate the Service.

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area or UK, we process your personal data based on: (a) your consent (e.g., when you accept our Terms and Privacy Policy); (b) performance of our contract with you (providing the Service); (c) our legitimate interests (security, improving the Service, enforcing our policies); and (d) legal obligations where applicable.

5. Sharing and Disclosure

With other users. Your name and profile picture are visible to users who share a list with you. Content within shared lists (getaways, notes, votes, images) is visible to all collaborators on that list. Your votes and notes are attributed to you so collaborators can see who contributed them.

With service providers. We use third-party services to host and operate the Service. These include Supabase (database and authentication), Vercel (frontend hosting), and Railway (backend hosting). They process data on our behalf under data processing agreements and their respective privacy policies. We do not share your data with advertisers or data brokers.

For legal reasons. We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

6. International Transfers

Your data may be processed in the United States or other countries where our service providers operate. If you are in the EEA or UK, we rely on appropriate safeguards (such as Standard Contractual Clauses) for transfers. By using the Service, you consent to such transfers.

7. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will delete or anonymize your personal data within a reasonable period, except where we must retain it for legal, regulatory, or legitimate business purposes. You may request deletion by contacting us at ethan@nankervisdigital.com.

8. Security

We use industry-standard measures to protect your data, including encryption in transit (HTTPS) and at rest, secure authentication via Supabase Auth, and access controls. No system is completely secure; we cannot guarantee absolute security.

9. Cookies and Similar Technologies

We use essential cookies and local storage to keep you signed in and to store preferences. We do not use advertising or tracking cookies. Our hosting and analytics providers may set cookies necessary for the operation of the Service.

10. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of your personal data
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Object or restrict — object to processing or request restriction (where applicable)
  • Withdraw consent — withdraw consent where we rely on it

To exercise these rights, contact us at ethan@nankervisdigital.com. If you are in the EEA or UK, you may also lodge a complaint with your local data protection authority.

California residents: We do not sell or share personal information as defined under the CCPA. You have the right to know what we collect, to delete your data, and to non-discrimination for exercising your rights.

11. Children

The Service is not intended for users under 16. We do not knowingly collect personal information from users under 16. If you believe we have collected data from someone under 16, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy and change the "Last updated" date. For material changes, we may require you to re-accept the policy. We encourage you to review this policy periodically.

13. Contact

Questions about this Privacy Policy or our data practices may be directed to Nankervis Digital LLC at ethan@nankervisdigital.com.