Privacy Policy
Last updated: 26 February 2026
Outinery ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR).
1. Data Controller
Outinery is the data controller responsible for your personal data. If you have questions about how we process your data, contact us at: legal@outinery.com
2. Personal Data We Collect
2.1 Data you provide directly
- Account information: your name, email address, and profile photo (if using Google sign-in).
- Date of birth: collected during onboarding to verify you meet the minimum age requirement (16 years).
- Location: your city and country, selected during onboarding. If you grant browser geolocation, we also collect approximate coordinates (degraded to the precision level you choose: city, area, or precise).
- Preferences: your preferences (energy, social, discovery, timing, experience style) collected via onboarding choices or manual slider adjustments.
- Prompts and content: text you enter when generating itineraries, notes you add to activities, and any feedback you provide.
2.2 Data collected automatically
- Usage data: pages visited, features used, itineraries generated, and interactions with activities (swaps, reorders, saves).
- Device information: browser type, operating system, screen resolution, and device category (mobile/desktop).
- Cookies: see Section 7 below.
3. Lawful Basis for Processing
Under UK GDPR Article 6, we process your personal data on the following legal bases:
| Purpose | Lawful basis |
|---|---|
| Providing the Service (generating itineraries, saving preferences, managing your account) | Performance of a contract (Art. 6(1)(b)) |
| Age verification via date of birth | Legal obligation (Art. 6(1)(c)) — compliance with UK DPA 2018 and GDPR Art. 8 |
| Analytics cookies and usage tracking | Consent (Art. 6(1)(a)) — via cookie banner |
| Service improvement, bug fixing, security monitoring | Legitimate interest (Art. 6(1)(f)) |
| Responding to support requests and legal obligations | Legal obligation (Art. 6(1)(c)) / Legitimate interest (Art. 6(1)(f)) |
4. How We Use Your Data
- To generate personalised itineraries based on your location and preferences.
- To save your itineraries, preferences, and account settings.
- To verify that you meet the minimum age requirement.
- To improve the Service through anonymised analytics (with your consent).
- To manage subscriptions and entitlements.
- To communicate service updates and respond to support requests.
- To ensure platform security and prevent abuse.
5. Third-Party Data Processors
We share personal data only with trusted third-party processors who are necessary to operate the Service. We do not sell your data to anyone.
| Provider | Purpose | Data shared |
|---|---|---|
| Firebase (Google Cloud) | Authentication, data storage, analytics | Email, name, usage events, itinerary data |
| OpenAI | Itinerary generation via GPT models | Anonymised prompts and city name only — no personal identifiers are sent to OpenAI |
| Pinecone | Vector similarity search for venue matching | Anonymised query embeddings only — no personal data |
| Vercel | Website hosting and edge functions | Standard HTTP request data (IP, headers) |
Google's Data Processing Terms: firebase.google.com/terms/data-processing-terms
6. International Data Transfers
Some of our third-party processors (Firebase, OpenAI, Pinecone, Vercel) are based in the United States. Data transferred outside the UK and EEA is protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) adopted by the European Commission, and the UK International Data Transfer Agreement (IDTA) where applicable.
7. Cookies
We use cookies to enhance your experience on Outinery:
- Essential cookies: Required to log in and maintain secure sessions. These cannot be disabled.
- Analytics cookies: Used (with your consent) to understand how users interact with the Service so we can improve features. You can accept or reject these on your first visit and change your preference at any time.
8. Data Retention
We retain your personal data only as long as necessary to provide the Service and fulfil the purposes described in this Policy:
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Itinerary data: Temporary itineraries are automatically deleted after 30 minutes. Saved itineraries are retained until you delete them or your account.
- Analytics data: Anonymised and aggregated data may be retained indefinitely for service improvement.
- Legal records: ToS acceptance timestamps and age verification records may be retained for up to 6 years for legal compliance.
9. Your Rights
Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:
- Right of access: You can view and export your data from your profile settings.
- Right to rectification: You can update your name, location, and preferences at any time.
- Right to erasure: You can delete your account and all associated data from your profile settings. Deletion is permanent and irreversible.
- Right to restrict processing: You can disable analytics, personalisation, and recent activity tracking in your privacy settings.
- Right to data portability: You may request a machine-readable copy of your data by contacting us.
- Right to object: You may object to processing based on legitimate interest by contacting us.
- Right to withdraw consent: Where processing is based on consent (analytics cookies), you can withdraw at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at legal@outinery.com. We will respond within 30 days.
10. Children and Young People
Our Service is not intended for individuals under the age of 16. We collect date of birth during account setup to verify eligibility in compliance with the UK Data Protection Act 2018 (which sets the age of digital consent at 13, though we apply the higher EU GDPR threshold of 16 for consistency and safety).
We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has created an account, please contact us at support@outinery.com to request immediate deletion.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS), Firebase Security Rules for database access control, and coordinate degradation for geolocation data. However, no method of electronic storage or transmission is 100% secure.
12. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
If you are based in the EU, you may also contact your local Data Protection Authority.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the most recent changes were published.
14. Contact
For any questions, data requests, or concerns about this Privacy Policy, contact us at: legal@outinery.com
Outinery · outinery.com