Privacy Policy

Last Updated: February 9, 2026

Article 1 (Purpose)

This Privacy Policy sets forth how the Plavia operator (the "Operator") handles personal information and other information acquired through the AI-powered travel planning web application "Plavia" (the "Service") provided by the Operator. The Operator complies with applicable privacy laws and regulations and takes maximum care to protect user privacy.

Article 2 (Definitions)

The terms used in this Privacy Policy are defined as follows:

1. "Personal Information" means "personal information" as defined in applicable privacy laws, which is information about a living individual that can identify a specific individual by name, date of birth, or other descriptions contained in such information (including information that can be easily collated with other information to identify a specific individual).
2. "User" means an individual or legal entity that uses the Service.
3. "User Input Information" means information provided by Users to the Operator when using the Service that can identify individuals or may be associated with individuals.
4. "Generated and Stored Data" means information generated or stored by the Service based on User Input Information.
5. "Local Storage" means a data storage area installed in the User's web browser.
6. "Backend" means programs that run on the server side of the Service.
7. "Frontend" means programs that run on the web browser directly operated by Users.

Article 3 (Information Collected and Collection Methods)

The Operator collects the following information in providing the Service:

1. User Input Information
   • Required items:
     1. Destination(s) (1-5 cities)
     2. Travel period (start date and end date)
     3. Interests (sightseeing, food, shopping, activities, etc.)
     4. Travel style (relaxed, active, etc.)
   • Optional items:
     1. Departure point
     2. Budget
     3. Number of participants (adults, children)
     4. Accommodation preferences (business hotels, ryokans, luxury hotels, etc.)
2. Generated and Stored Data
   • Travel plans (destinations, dates, budget, interests, etc.)
   • Schedules (time-based activities, locations, coordinates, estimated costs, etc.)
   • Accommodation information
   • Weather information
   • Sharing tokens (21-character random IDs)
3. Information Planned to be Collected in the Future
   • Email address (when authentication features are implemented)

Article 4 (Purpose of Use of Information)

The Operator uses collected information for the following purposes:

1. Providing AI-powered automatic travel plan generation, saving, and sharing features
2. Optimizing travel plans through integration with weather forecasts and map information
3. Analysis for service quality improvement and feature enhancement
4. Responding to inquiries from Users
5. Notification of important notices regarding the Service (in the future when authentication features are implemented)

Article 5 (Information Management and Storage Location)

The Operator manages and stores collected information in the following locations:

1. Server Side:
   • Database: Supabase (PostgreSQL) is used to store travel plan and schedule data.
     • The data center uses AWS (United States or designated region).
     • Database access is restricted to the Go backend only.
2. User Side:
   • Browser Local Storage: A cache of the plan list is stored. This data is stored on the User's device and is not transmitted externally.

Article 6 (Provision of Data to Third-Party Services)

The Operator transmits data to the following external services in providing the Service. All such data transmissions are made through the backend, and data is never transmitted directly from the frontend to third-party services.

By using the Service, Users expressly consent to data transmission to the following third-party services:

1. Google Gemini API (United States, Google LLC)
   • Data Transmitted: User Input Information including destination(s), dates, budget, interests, number of participants, etc.
   • Purpose of Use: AI-powered travel plan generation
   • Privacy Policy: https://policies.google.com/privacy
2. OpenWeatherMap API (United Kingdom, OpenWeather Ltd.)
   • Data Transmitted: Destination coordinates, dates
   • Purpose of Use: Weather forecast retrieval
   • Privacy Policy: https://openweather.co.uk/privacy-policy
3. Google Geocoding API (United States, Google LLC)
   • Data Transmitted: Place names
   • Purpose of Use: Coordinate conversion (geocoding)
   • Privacy Policy: https://policies.google.com/privacy
4. Google Custom Search API (United States, Google LLC)
   • Data Transmitted: Information necessary as search queries, such as tourist attraction names and locations
   • Purpose of Use: Tourist spot information retrieval
   • Privacy Policy: https://policies.google.com/privacy

Article 7 (Security Measures)

The Operator implements the following security measures to protect User information:

1. External API keys are held only in the backend and are not exposed to the frontend.
2. Direct access from the frontend to third-party services (external APIs) is prohibited.
3. Database access is restricted to the backend only.
4. Communications between Users and the backend are encrypted using appropriate measures such as HTTPS.

However, the Operator does not guarantee complete security regarding information security. Users shall ensure the security of their devices at their own responsibility.

Article 8 (Data Retention Period and Deletion)

The Operator retains information for the following periods:

1. Server-Side Database: Data is retained until a deletion request is made by the User.
2. Local Storage: Data is retained until the User clears the browser cache.

The Operator plans to implement a feature in the future that will allow Users to delete their own data directly.

Article 9 (Disclosure, Correction, Deletion, etc. of Personal Information)

1. Users may request the Operator to disclose, correct, add to, delete, suspend use of, etc. (collectively, "Disclosure, etc.") their own personal information.
2. Requests for Disclosure, etc. should be sent by email to the contact address listed at the end of this Policy. After confirming that the request is from the User, the Operator will respond within a reasonable period in accordance with applicable privacy laws.
3. When requesting Disclosure, etc., we may ask for additional information for identity verification.
4. We may not be able to respond to requests for Disclosure, etc. in the following cases:
   1. When there is a risk of harming the life, body, property, or other rights and interests of the User or a third party
   2. When there is a risk of significantly interfering with the proper execution of the Operator's business
   3. When it would violate laws and regulations

Article 10 (Cookies and Tracking Technologies)

The Service uses cookies and similar technologies for the following purposes:

1. Essential Cookies
   • Session management (maintaining login state) *Planned for future implementation
   • Security measures
2. Functional Cookies
   • Saving language settings
   • Saving user preferences
3. Advertising Cookies (Third-Party Cookies)
   • Ad delivery by Google AdSense
   • Display of interest-based targeted advertising
4. Local Storage
   • Storing cached travel plan data
   • Not transmitted externally, stored only on the device

Users can disable cookies through their browser settings, but some features may not function properly. For opting out of advertising cookies, please refer to Article 11 (Advertising).

Article 11 (Advertising)

The Service uses the following advertising services to improve user experience and support service operation.

1. Google AdSense (United States, Google LLC)
   • Purpose: Display advertising delivery
   • Use of Cookies: Yes
   • Data Transmitted: IP address, browser information, browsing history, etc.
   • Privacy Policy: https://policies.google.com/privacy
   • Opt-out: https://adssettings.google.com/
2. Sponsored Video Ads
   • Purpose: Video ad display during itinerary generation
   • Use of Cookies: No
   • Data Transmission: None (self-hosted)

These advertising services may use cookies to display interest-based advertising. If you do not wish to use cookies, you can change your settings on the opt-out page above.

Article 12 (Affiliate Programs)

The Service participates in the following affiliate programs for the purpose of introducing travel-related services.

1. Provision of Affiliate Links

The Service provides links to external services (hotel reservations, activity bookings, transportation reservations, etc.) that are useful for users' travel planning. Some of these links are affiliate links, and the Operator may receive referral compensation if users make reservations or purchases through these links.

2. Affiliate Programs We Participate In

• Jalan Play & Experience Reservations (Recruit Affiliate)
• Rakuten Travel & Rakuten Ichiba (Rakuten Affiliate)
• Booking.com Partner Programme
• Klook Affiliate Program
• Viator Affiliate Program
• RentalCars.com Affiliate Program
• Airalo Affiliate Program

3. Impact on Users

Using affiliate links does not change the amount users pay. The Operator strives to provide information beneficial to users without favoring specific services.

4. Handling of Personal Information

When you click an affiliate link, your personal information is not directly transmitted to the linked service. However, when using linked services, each service's privacy policy applies. Personal information is collected and used in accordance with each service's terms when making reservations or purchases on linked sites.

Article 13 (Personal Information of Minors)

If minors use the Service, they should do so with the consent of a parent or guardian. The Operator does not intend to collect personal information from minors without parental consent.

Article 14 (Access Analysis Tools)

The Service uses Google Analytics to improve service quality.

• Provider: Google LLC
• Purpose: Analysis of access status, service improvement
• Data Collected: Page views, session duration, device information, regional information, etc.
• Use of Cookies: Yes
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

Google Analytics uses cookies to analyze user behavior, but does not collect personally identifiable information.

Article 15 (Contact Information)

For inquiries regarding this Privacy Policy or requests for Disclosure, etc. of personal information, please contact us at the following:

Article 16 (Changes to this Policy)

The Operator may revise the content of this Privacy Policy as necessary. The revised Privacy Policy shall take effect from the time it is posted on the Service. The Operator will endeavor to notify Users of significant changes through display on the Service or by reasonable means.

End