Privacy Policy — GoNow

Last updated: 2026-05-19

This Privacy Policy describes how GoNow ("we", "us", or "our") collects, uses, and shares information when you use the GoNow mobile application ("the App").

1. Data Controller

GoNow Contact: contact@gonowapp.dk

2. Information We Collect

We collect the following categories of personal data:

Account data

• Email address
• Display name
• Profile picture (if you choose to upload one)
• Country of residence (ISO 3166-1 alpha-2 country code, e.g. "DK", "DE", "US") — selected by you at signup and editable from your profile
• Date your account was created

Usage data

• Trips you save or unsave
• Groups you create or join, and your votes in group swipes
• AI itineraries generated on your request
• Chat messages you send to the AI travel assistant
• Language preference (English or Danish)

Technical data

• Crash reports and error logs (via Sentry) — no personal content is included; only anonymized technical stack traces.
• Device type, OS version, and app version when an error occurs.

We do NOT collect:

• Precise location
• Contacts
• Microphone or audio data
• Browsing history from other apps
• Advertising identifiers
• Payment card details (booking is handled by third parties)

3. How We Use Your Data

• Authenticate you and keep you signed in
• Save and sync your trips, groups, and preferences across devices
• Generate personalized trip recommendations based on trips you've saved
• Show your name and avatar to other members of groups you've joined
• Send you account-related emails (confirmation, password reset)
• Improve the app by analyzing aggregated crash reports
• Moderate profile pictures you upload (using AI) to block illegal or clearly inappropriate content before it's stored
• Determine applicable VAT/sales tax and tailor regional features based on your country of residence (we do not use GPS or IP-based geolocation for this — only the country you select)

4. AI Processing

When you chat with the GoNow travel assistant or generate AI trip plans, your messages are sent to Anthropic's Claude API via our own server. We do not send your email or name — only the text of your message and any trip context needed to answer. Anthropic processes the data according to their privacy terms: https://www.anthropic.com/privacy

Profile-picture moderation sends the image to the same service to classify whether it contains disallowed content. Images rejected by the moderator are not stored.

5. Data Sharing

We share data only with the service providers required to run the app:

• Supabase (database, authentication, file storage) — https://supabase.com/privacy
• Anthropic (AI features and profile-picture moderation) — https://www.anthropic.com/privacy
• Sentry (crash reporting) — https://sentry.io/privacy
• Photon by Komoot (geocoding destination names to coordinates for the AI itinerary map) — https://photon.komoot.io
• OpenStreetMap / OSRM (walking routes between itinerary stops) — https://www.openstreetmap.org/copyright
• Open-Meteo (weather forecasts for destinations you save) — https://open-meteo.com/en/terms
• Wikipedia (photos and short descriptions for points of interest) — https://foundation.wikimedia.org/wiki/Privacy_policy
• Google Places API (additional photos and details for points of interest) — https://policies.google.com/privacy
• Apple / Google sign-in — only if you choose those providers
• Booking partners (we link out to them; they have their own privacy policies)

For all third-party services above, we share only what's necessary — typically a destination name, place name, or coordinates. We never share your email, name, profile picture (except to the AI moderator), or account identifiers with these services.

When you tap "Navigate to" a stop, your device opens Apple Maps or Google Maps externally; those apps may use your device location, governed by their own policies — not ours.

We do not sell your data. We do not share it with advertisers.

6. Your Rights

Under GDPR you can at any time:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Export your data in a portable format
• Withdraw consent and object to processing

Account deletion can be done directly in the app: Profile → Delete account. This permanently removes all your data.

For other requests, contact: contact@gonowapp.dk — we respond within 30 days.

7. Data Retention

• Account and trip data: kept until you delete your account
• Crash reports: kept for 90 days
• AI rate-limit records: kept for 24 hours

8. Children

GoNow is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us and we will delete it.

9. Security

We use industry-standard security: TLS encryption in transit, encrypted storage at rest (Supabase), row-level security on the database, and scoped API tokens. The Anthropic API key is never exposed in the app bundle — all AI calls go through our own authenticated server.

10. Changes to This Policy

We'll post updates here. Material changes will be notified in-app.

11. Contact

Questions? contact@gonowapp.dk