Privacy Policy

Last Updated: March 24, 2026 | Effective Date: March 24, 2026

VisitProof LLC ("VisitProof," "we," "us," or "our") operates the Itinerata platform, including our website at itinerata.com, mobile applications, and all related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide directly to us, including:

  • Account Information: When you create an account, we collect your name, email address, password, and optionally your phone number and profile photograph.
  • Event Information: When you create or participate in events, we collect event details, itineraries, schedules, location information, and participant lists.
  • Communications: When you communicate through the Service, we collect the content of your messages, announcements, and any media you share.
  • User Content: Photos, videos, documents, and other files you upload to the Service.
  • Contact Information: When you contact us for support or inquiries, we collect the information you provide in your communications with us.

1.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers, browser type, and mobile network information.
  • Log Information: Access times, pages viewed, IP address, and the page you visited before navigating to our Service.
  • Location Information: With your consent, we may collect precise location data from your mobile device. You can disable location services through your device settings.
  • Usage Information: Information about how you use the Service, including features accessed, actions taken, and time spent on various screens.

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Authentication Providers: If you sign in using a third-party service (such as Google or Apple), we receive your name, email address, and profile information from that service.
  • Event Organizers: Event organizers may provide your information to invite you to events or include you in event participant lists.
  • Other Users: Other users may share your information with us when they tag you in photos or include you in event activities.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Maintain the Service: To operate the Service, process transactions, and provide customer support.
  • Personalization: To personalize your experience and provide content and features relevant to you.
  • Communications: To send you transactional emails, push notifications, event updates, and announcements. With your consent, we may also send promotional communications.
  • Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve the Service.
  • Safety and Security: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
  • Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and the rights of others.
  • Research and Development: To develop new features, products, and services.

3. How We Share Your Information

We may share your information in the following circumstances:

3.1 With Other Users

When you participate in an event, your profile information, communications, and shared content may be visible to other event participants based on the event's privacy settings and your role within the event.

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and storage providers (e.g., Google Cloud Platform, Firebase)
  • Analytics providers
  • Email and push notification services
  • Customer support tools
  • Payment processors (if applicable)

These service providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Privacy Policy.

3.3 For Legal Reasons

We may disclose your information if we believe in good faith that such disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request
  • Enforce our Terms of Service and other agreements
  • Protect the safety, rights, or property of VisitProof, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues

3.4 Business Transfers

If VisitProof is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes. Some information may persist in backup copies for a reasonable period of time.

User Content that you have shared with others (such as photos in shared event albums) may continue to be visible to those users even after you delete your account, unless the event organizer deletes the event.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection and security

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Your Rights and Choices

6.1 Account Information

You may update, correct, or delete your account information at any time by accessing your account settings in the Service or by contacting us at privacy@itinerata.com.

6.2 Communication Preferences

You can opt out of promotional emails by clicking the "unsubscribe" link in any promotional email. You may also manage your push notification preferences through your device settings or within the app. Note that you cannot opt out of transactional communications related to your account or events you are participating in.

6.3 Location Information

You can disable location services through your device settings. Note that disabling location services may limit certain features of the Service.

6.4 Data Access and Portability

You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format. To request your data, contact us at privacy@itinerata.com.

6.5 Data Deletion

You have the right to request deletion of your personal information. You can delete your account through the app settings or by contacting us at privacy@itinerata.com. We will process your request within 30 days, subject to any legal obligations to retain certain information.

7. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@itinerata.com.

8. International Data Transfers

VisitProof is based in the United States, and your information will be collected, processed, and stored in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country.

By using the Service, you consent to the transfer of your information to the United States and other countries. We will take appropriate measures to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: You have the right to opt out of the sale of your personal information. We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, please contact us at privacy@itinerata.com or use the "Do Not Sell My Personal Information" link on our website. We will verify your identity before processing your request.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis for Processing: We process your personal data based on: (a) your consent; (b) the performance of a contract with you; (c) our legitimate interests; or (d) compliance with legal obligations.
  • Right of Access: You have the right to access your personal data and receive a copy.
  • Right to Rectification: You have the right to correct inaccurate personal data.
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict processing of your personal data.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to processing of your personal data based on our legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise your rights, please contact us at privacy@itinerata.com. You also have the right to lodge a complaint with your local data protection authority.

For data transfers from the EEA to the United States, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your personal data.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your use of the Service. Cookies are small data files stored on your device that help us improve the Service and your experience.

Types of Cookies We Use

  • Essential Cookies: Required for the Service to function properly, including authentication and security.
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve it.
  • Preference Cookies: Remember your settings and preferences.

You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service prior to the changes becoming effective. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

VisitProof LLC

Attn: Privacy Officer

Email: privacy@itinerata.com

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@itinerata.com.